Tag 3.7.20

Built from https://develop.svn.wordpress.org/tags/3.7.20@40508 git-svn-id: http://core.svn.wordpress.org/tags/3.7.20@40384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Bump 3.7 branch to version 3.7.20.
2017-04-20 18:52:27 +00:00 · 2017-04-20 16:30:10 +00:00 · 2017-04-17 13:48:09 +00:00 · 2017-03-06 16:50:09 +00:00 · 2017-03-06 13:47:09 +00:00 · 2017-03-06 13:06:09 +00:00
548 changed files with 27279 additions and 10633 deletions
--- a/index.php
+++ b/index.php
@@ -14,4 +14,4 @@
 define('WP_USE_THEMES', true);

 /** Loads the WordPress Environment and Template */
-require('./wp-blog-header.php');
+require( dirname( __FILE__ ) . '/wp-blog-header.php' );
--- a/license.txt
+++ b/license.txt
@@ -1,6 +1,6 @@
 WordPress - Web publishing software

-Copyright 2013 by the contributors
+Copyright 2017 by the contributors

 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
--- a/readme.html
+++ b/readme.html
@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo">
 	<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
-	<br /> Version 3.6
+	<br /> Version 3.7.20
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>

--- a/wp-activate.php
+++ b/wp-activate.php
@@ -11,7 +11,7 @@ define( 'WP_INSTALLING', true );
 /** Sets up the WordPress Environment. */
 require( dirname(__FILE__) . '/wp-load.php' );

-require( './wp-blog-header.php' );
+require( dirname( __FILE__ ) . '/wp-blog-header.php' );

 if ( !is_multisite() ) {
 	wp_redirect( site_url( '/wp-login.php?action=register' ) );
@@ -21,6 +21,14 @@ if ( !is_multisite() ) {
 if ( is_object( $wp_object_cache ) )
 	$wp_object_cache->cache_enabled = false;

+// Fix for page title
+$wp_query->is_404 = false;
+
+/**
+ * Fires before the Site Activation page is loaded.
+ *
+ * @since 3.0
+ */
 do_action( 'activate_header' );

 /**
@@ -29,7 +37,12 @@ do_action( 'activate_header' );
 * @since MU
 */
 function do_activate_header() {
-	do_action( 'activate_wp_head' );
+    /**
+     * Fires before the Site Activation page is loaded, but on the wp_head action.
+     *
+     * @since 3.0
+     */
+    do_action( 'activate_wp_head' );
 }
 add_action( 'wp_head', 'do_activate_header' );

@@ -116,4 +129,4 @@ get_header();
 	var key_input = document.getElementById('key');
 	key_input && key_input.focus();
 </script>
-<?php get_footer(); ?>
+<?php get_footer(); ?>
--- a/wp-admin/about.php
+++ b/wp-admin/about.php
@@ -7,19 +7,21 @@
 */

 /** WordPress Administration Bootstrap */
-require_once( './admin.php' );
+require_once( dirname( __FILE__ ) . '/admin.php' );

 $title = __( 'About' );

 list( $display_version ) = explode( '-', $wp_version );

+wp_enqueue_script( 'about' );
+
 include( ABSPATH . 'wp-admin/admin-header.php' );
 ?>
 <div class="wrap about-wrap">

 <h1><?php printf( __( 'Welcome to WordPress %s' ), $display_version ); ?></h1>

-<div class="about-text"><?php printf( __( 'Thank you for updating to the latest version. WordPress %s makes your writing experience even better.' ), $display_version ); ?></div>
+<div class="about-text"><?php echo str_replace( '3.7', $display_version, __( 'Thank you for updating to WordPress 3.7! You might not notice a thing, and we&#8217;re okay with that.' ) ); ?></div>

 <div class="wp-badge"><?php printf( __( 'Version %s' ), $display_version ); ?></div>

@@ -33,56 +35,166 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
 	</a>
 </h2>

-<div class="changelog">
-	<h3><?php _e( 'Colorful New Theme' ); ?></h3>
-
-	<div class="feature-section images-stagger-right">
-		<img alt="" src="<?php echo esc_url( admin_url( 'images/screenshots/about-twenty-twelve.png' ) ); ?>" class="image-66" />
-		<h4><?php _e( 'Introducing Twenty Thirteen' ); ?></h4>
-		<p><?php printf( __( "The new default theme puts focus on your content with a colorful, single-column design made for media-rich blogging." ) ); ?></p>
-		<p><?php _e( 'Inspired by modern art, Twenty Thirteen features quirky details, beautiful typography, and bold, high-contrast colors &mdash; all with a flexible layout that looks great on any device, big or small.' ); ?></p>
-	</div>
+<div class="changelog point-releases">
+	<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 20 ); ?></h3>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
+			'<strong>Version %1$s</strong> addressed %2$s bugs.', 1 ), '3.7.20', number_format_i18n( 1 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.20' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 5 ), '3.7.19' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.19' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 3 ), '3.7.18' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.18' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 8 ), '3.7.17' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.17' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 2 ), '3.7.16' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.16' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 9 ), '3.7.15' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.15' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 6 ), '3.7.14' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.14' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 2 ), '3.7.13' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.13' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 1 ), '3.7.12' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.12' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 2 ), '3.7.11', number_format_i18n( 2 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.11' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 2 ), '3.7.10', number_format_i18n( 2 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.10' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 2 ), '3.7.9' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.9' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 3 ), '3.7.8', number_format_i18n( 3 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.8' ); ?>
+	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed %2$s bugs.', 1 ), '3.7.7', number_format_i18n( 1 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.7' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 8 ), '3.7.6' ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.6' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 8 ), '3.7.5', number_format_i18n( 8 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.5' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
+         '<strong>Version %1$s</strong> addressed some security issues.', 5 ), '3.7.4', number_format_i18n( 5 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.4' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
+		'<strong>Version %1$s</strong> addressed %2$s bugs.', 2 ), '3.7.3', number_format_i18n( 2 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.7.3' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
+         '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 9 ), '3.7.2', number_format_i18n( 9 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.2' ); ?>
+ 	</p>
+	<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
+		'<strong>Version %1$s</strong> addressed %2$s bugs.', 11 ), '3.7.1', number_format_i18n( 11 ) ); ?>
+		<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'https://codex.wordpress.org/Version_3.7.1' ); ?>
+ 	</p>
 </div>

 <div class="changelog">
-	<h3><?php _e( 'Write with Confidence' ); ?></h3>
+	<h3><?php _e( 'Background Updates' ); ?></h3>

-	<div class="feature-section images-stagger-right">
-		<img alt="" src="<?php echo esc_url( admin_url( 'images/screenshots/about-retina.png' ) ); ?>" class="image-66" />
-		<h4><?php _e( 'Explore Revisions' ); ?></h4>
-		<p></p>
-		<p><?php _e( 'From the first word you write, WordPress saves every change. Each revision is always at your fingertips. Text is highlighted as you scroll through revisions at lightning speed, so you can see what changes have been made along the way.' ); ?></p>
-		<p><?php _e( 'It&#8217;s easy to compare two revisions from any point in time, and to restore a revision and go back to writing. Now you can be confident that no mistake is permanent.' ); ?></p>
+	<div class="feature-section col three-col about-updates">
+		<div class="col-1">
+			<h4><?php _e( 'Updates While You Sleep' ); ?></h4>
+			<p><?php _e( 'With WordPress 3.7, you don&#8217;t have to lift a finger to apply maintenance and security updates. Most sites are now able to automatically apply these updates in the background, though some configurations may not allow it.' ); ?></p>
+		</div>
+		<div class="col-2">
+			<img alt="" src="<?php echo admin_url( 'images/about-updates-2x.png' ); ?>" />
+		</div>
+		<div class="col-3 last-feature">
+			<h4><?php _e( 'More Reliable Than Ever' ); ?></h4>
+			<p><?php _e( 'The update process has been made even more reliable and secure, with dozens of new checks and safeguards.' ); ?></p>
+			<p><?php _e( 'You&#8217;ll still need to click &#8220;Update Now&#8221; once WordPress 3.8 is released, but we&#8217;ve never had more confidence in that beautiful blue button.' ); ?></p>
+		</div>
+		<?php
+		if ( current_user_can( 'update_core' ) ) {
+			$future_minor_update = (object) array(
+				'current'       => $wp_version . '.1.next.minor',
+				'version'       => $wp_version . '.1.next.minor',
+				'php_version'   => $required_php_version,
+				'mysql_version' => $required_mysql_version,
+			);
+			require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
+			$updater = new WP_Automatic_Updater;
+			$can_auto_update = wp_http_supports( array( 'ssl' ) ) && $updater->should_update( 'core', $future_minor_update, ABSPATH );

-		
+			if ( $can_auto_update ) {
+				echo '<p class="about-auto-update cool">' . __( 'This site <strong>is</strong> able to apply these updates automatically. Cool!' ). '</p>';

+			// If the updater is disabled entirely, don't show them anything.
+			} elseif ( ! $updater->is_disabled() ) {
+				echo '<p class="about-auto-update">';
+				// If this is is filtered to false, they won't get emails, so don't claim we will.
+				// Assumption: If the user can update core, they can see what the admin email is.

+				/** This filter is documented in wp-admin/includes/class-wp-upgrader.php */
+				if ( apply_filters( 'send_core_update_notification_email', true, $future_minor_update ) ) {
+					printf( __( 'This site <strong>is not</strong> able to apply these updates automatically. But we&#8217;ll email %s when there is a new security release.' ), esc_html( get_site_option( 'admin_email' ) ) );
+				} else {
+					_e( 'This site <strong>is not</strong> able to apply these updates automatically.' );
+				}
+				echo '</p>';
+			}
+		}
+		?>
 	</div>
-	
+</div>
+
+<div class="changelog about-passwords">
+	<h3><?php _e( 'Create Stronger Passwords' ); ?></h3>
+
 	<div class="feature-section col two-col">
 		<div>
-			<h4><?php _e( 'Improved Autosaves' ); ?></h4>
-			<p><?php _e( 'Never lose a word you&#8217;ve written. Autosaving is now even better; whether your power goes out, your browser crashes, or you lose your internet connection, your content is safe.' ); ?></p>
+			<p><?php _e( 'Your password is your site&#8217;s first line of defense. It&#8217;s best to create passwords that are complex, long, and unique. To that end, our password meter has been updated in WordPress 3.7 to recognize common mistakes that can weaken your password: dates, names, keyboard patterns (123456789), and even pop culture references.' ); ?></p>
+			<p><strong><?php _e( 'Try it out on the right.' ); ?></strong></p>
 		</div>
-		<div class="last-feature">
-			<h4><?php _e( 'Better Post Locking' ); ?></h4>
-			<p><?php _e( 'Always know who&#8217;s editing with live updates that appear in the list of posts. And if someone leaves for lunch with a post open, you can take over where they left off.' ); ?></p>
+		<div class="last-feature about-password-meter">
+			<input type="password" id="pass" size="25" value="" />
+			<p id="pass-strength-result" ><?php _e( 'Strength indicator' ); ?></p>
+			<?php printf( __( 'Getting the urge to <a href="%s">change your password</a>?' ), esc_url( self_admin_url( 'profile.php' ) ) ); ?>
 		</div>
 	</div>
-	
 </div>

 <div class="changelog">
-	<h3><?php _e( 'Support for Audio and Video' ); ?></h3>
-
-	<div class="feature-section images-stagger-right">
-		<img alt="" src="<?php echo esc_url( admin_url( 'images/screenshots/about-color-picker.png' ) ); ?>" class="image-30" />
-		<h4><?php _e( 'New Media Player' ); ?></h4>
-		<p><?php _e( 'Share your audio and video with the new built-in HTML5 media player. Upload files using the media manager and embed them in your posts.' ); ?></p>
-
-		<h4><?php _e( 'Embed Music from Spotify, Rdio, and SoundCloud' ); ?></h4>
-		<p><?php _e( 'Embed songs and albums from your favorite artists, or playlists you&#8217;ve mixed yourself. It&#8217;s as simple as pasting a URL into a post on its own line.' ); ?></p>
-		<p><?php printf( __( '(Love another service? Check out all of the <a href="%s">embeds</a> that WordPress supports.)' ), 'http://codex.wordpress.org/Embeds' ); ?></p>
+	<div class="feature-section col two-col">
+		<div>
+			<h3><?php _e( 'Improved Search Results' ); ?></h3>
+			<p><img alt="" src="<?php echo admin_url( 'images/about-search-2x.png' ); ?>" /><?php _e( 'Search results are now ordered by how well the search query matches a post, instead of ordered only by date. For example, when your search terms match a post title, that result will be pushed to the top.' ); ?></p>
+		</div>
+		<div class="last-feature">
+			<h3><?php _e( 'Better Global Support' ); ?></h3>
+			<p><img alt="" src="<?php echo admin_url( 'images/about-globe-2x.png' ); ?>" /><?php _e( 'Localized versions of WordPress will receive faster and more complete translations. WordPress 3.7 adds support for automatically installing the right language files and keeping them up to date.' ); ?></p>
+		</div>
 	</div>
 </div>

@@ -91,33 +203,17 @@ include( ABSPATH . 'wp-admin/admin-header.php' );

 	<div class="feature-section col three-col">
 		<div>
-			<h4><?php echo ( 'Shortcode Improvements' ); ?></h4>
-			<p><?php echo ( 'New shortcode utility functions and shortcode_atts_$shortcode filter' ); ?></p>
+			<h4><?php _e( 'More Background Updates (Experimental)' ); ?></h4>
+			<p><?php _e( 'Want WordPress to always update automatically, even for major feature releases? Want to always keep a certain plugin up to date in the background? WordPress 3.7 comes with fine-grained update controls for developers and systems administrators.' ); ?></p>
 		</div>
 		<div>
-			<h4><?php echo ( 'Revision Control' ); ?></h4>
-			<p><?php echo ( 'New fine-grained revision controls (wp_revisions_to_keep(), etc.  — filters instead of constants)' ); ?></p>
+			<h4><?php _e( 'Advanced Date Queries' ); ?></h4>
+			<p><?php _e( 'Developers can now query for posts within a date range, or that are older than or newer than a specific point in time. Or get really fancy: all posts written on Friday afternoons? Not&nbsp;a&nbsp;problem.' ); ?></p>
 		</div>
 		<div class="last-feature">
-			<h4><?php echo ( 'Audio/Video API' ); ?></h4>
-			<p><?php echo ( 'New audio/video API, including access to file metadata' ); ?></p>
+			<h4><?php _e( 'Multisite Improvements' ); ?></h4>
+			<p><?php _e( '<code>wp_get_sites()</code> allows developers to easily get an array of all the sites on your network without resorting to a direct database query &mdash; just one of many improvements to multisite in WordPress 3.7.' ); ?></p>
 		</div>
-	</div>
-
-	<div class="feature-section col three-col">
-		<div>
-			<h4><?php echo ( 'Markup Updates' ); ?></h4>
-			<p><?php echo ( 'Improved markup for comment forms, search forms, and comment lists, including HTML5 markup support' ); ?></p>
-		</div>
-		<div>
-			<h4><?php echo ( 'JS Utilities' ); ?></h4>
-			<p><?php echo ( 'Handy JavaScript utilities for things like Ajax, templating, and Backbone view management' ); ?></p>
-		</div>
-		<div class="last-feature">
-			<h4><?php _e( 'External Libraries' ); ?></h4>
-			<p><?php echo ( 'New and updated libraries: MediaElement.js, jQuery 1.10, jQuery UI 1.10.3, jQuery Migrate, Backbone 1.0' ); ?></p>
-		</div>
-	</div>
 </div>

 <div class="return-to-dashboard">
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -38,6 +38,7 @@ require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
 send_nosniff_header();
 nocache_headers();

+/** This action is documented in wp-admin/admin.php */
 do_action( 'admin_init' );

 $core_actions_get = array(
@@ -68,10 +69,26 @@ if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_po

 add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );

-if ( is_user_logged_in() )
-	do_action( 'wp_ajax_' . $_REQUEST['action'] ); // Authenticated actions
-else
-	do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); // Non-admin actions
-
+if ( is_user_logged_in() ) {
+	/**
+	 * Fires authenticated AJAX actions for logged-in users.
+	 *
+	 * The dynamic portion of the hook name, $_REQUEST['action'],
+	 * refers to the name of the AJAX action callback being fired.
+	 *
+	 * @since 2.1.0
+	 */
+	do_action( 'wp_ajax_' . $_REQUEST['action'] );
+} else {
+	/**
+	 * Fires non-authenticated AJAX actions for logged-out users.
+	 *
+	 * The dynamic portion of the hook name, $_REQUEST['action'],
+	 * refers to the name of the AJAX action callback being fired.
+	 *
+	 * @since 2.8.0
+	 */
+	do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
+}
 // Default status
 die( '0' );
--- a/wp-admin/admin-footer.php
+++ b/wp-admin/admin-footer.php
@@ -16,16 +16,64 @@ if ( !defined('ABSPATH') )
 <div class="clear"></div></div><!-- wpcontent -->

 <div id="wpfooter">
-<?php do_action( 'in_admin_footer' ); ?>
-<p id="footer-left" class="alignleft"><?php
-echo apply_filters( 'admin_footer_text', '<span id="footer-thankyou">' . __( 'Thank you for creating with <a href="http://wordpress.org/">WordPress</a>.' ) . '</span>' );
-?></p>
-<p id="footer-upgrade" class="alignright"><?php echo apply_filters( 'update_footer', '' ); ?></p>
-<div class="clear"></div>
+	<?php
+	/**
+	 * Fires after the opening tag for the admin footer.
+	 *
+	 * @since 2.5.0
+	 */
+	do_action( 'in_admin_footer' );
+	?>
+	<p id="footer-left" class="alignleft">
+		<?php
+		/**
+		 * Filter the "Thank you" text displayed in the admin footer.
+		 *
+		 * @since 2.8.0
+		 * @param string The content that will be printed.
+		 */
+		echo apply_filters( 'admin_footer_text', '<span id="footer-thankyou">' . __( 'Thank you for creating with <a href="http://wordpress.org/">WordPress</a>.' ) . '</span>' );
+		?>
+	</p>
+	<p id="footer-upgrade" class="alignright">
+		<?php
+		/**
+		 * Filter the version/update text displayed in the admin footer.
+		 *
+		 * @see core_update_footer() WordPress prints the current version and update information,
+		 *	using core_update_footer() at priority 10.
+		 *
+		 * @since 2.3.0
+		 * @param string The content that will be printed.
+		 */
+		echo apply_filters( 'update_footer', '' );
+		?>
+	</p>
+	<div class="clear"></div>
 </div>
 <?php
+/**
+ * Print scripts or data before the default footer scripts.
+ *
+ * @since 1.2.0
+ * @param string The data to print.
+ */
 do_action('admin_footer', '');
+
+/**
+ * Prints any scripts and data queued for the footer.
+ *
+ * @since 2.8.0
+ */
 do_action('admin_print_footer_scripts');
+
+/**
+ * Print scripts or data after the default footer scripts.
+ *
+ * @since 2.8.0
+ *
+ * @param string $GLOBALS['hook_suffix'] The current admin page.
+ */
 do_action("admin_footer-" . $GLOBALS['hook_suffix']);

 // get_site_option() won't exist when auto upgrading from <= 2.7
--- a/wp-admin/admin-header.php
+++ b/wp-admin/admin-header.php
@@ -8,7 +8,7 @@

@header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
 if ( ! defined( 'WP_ADMIN' ) )
-	require_once( './admin.php' );
+	require_once( dirname( __FILE__ ) . '/admin.php' );

 // In case admin-header.php is included in a function.
 global $title, $hook_suffix, $current_screen, $wp_locale, $pagenow, $wp_version,
@@ -22,9 +22,9 @@ get_admin_page_title();
 $title = esc_html( strip_tags( $title ) );

 if ( is_network_admin() )
-	$admin_title = __( 'Network Admin' );
+	$admin_title = sprintf( __('Network Admin: %s'), esc_html( $current_site->site_name ) );
 elseif ( is_user_admin() )
-	$admin_title = __( 'Global Dashboard' );
+	$admin_title = sprintf( __('Global Dashboard: %s'), esc_html( $current_site->site_name ) );
 else
 	$admin_title = get_bloginfo( 'name' );

@@ -33,6 +33,14 @@ if ( $admin_title == $title )
 else
 	$admin_title = sprintf( __( '%1$s &lsaquo; %2$s &#8212; WordPress' ), $title, $admin_title );

+/**
+ * Filter the <title> content for an admin page.
+ *
+ * @since 3.1.0
+ *
+ * @param string $admin_title The page title, with extra context added.
+ * @param string $title       The original page title.
+ */
 $admin_title = apply_filters( 'admin_title', $admin_title, $title );

 wp_user_settings();
@@ -60,13 +68,56 @@ var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>',
 </script>
 <?php

-do_action('admin_enqueue_scripts', $hook_suffix);
-do_action("admin_print_styles-$hook_suffix");
-do_action('admin_print_styles');
-do_action("admin_print_scripts-$hook_suffix");
-do_action('admin_print_scripts');
-do_action("admin_head-$hook_suffix");
-do_action('admin_head');
+/**
+ * Enqueue scripts for all admin pages.
+ *
+ * @since 2.8.0
+ *
+ * @param string $hook_suffix The current admin page.
+ */
+do_action( 'admin_enqueue_scripts', $hook_suffix );
+
+/**
+ * Print styles for a specific admin page based on $hook_suffix.
+ *
+ * @since 2.6.0
+ */
+do_action( "admin_print_styles-$hook_suffix" );
+
+/**
+ * Print styles for all admin pages.
+ *
+ * @since 2.6.0
+ */
+do_action( 'admin_print_styles' );
+
+/**
+ * Print scripts for a specific admin page based on $hook_suffix.
+ *
+ * @since 2.1.0
+ */
+do_action( "admin_print_scripts-$hook_suffix" );
+
+/**
+ * Print scripts for all admin pages.
+ *
+ * @since 2.1.0
+ */
+do_action( 'admin_print_scripts' );
+
+/**
+ * Fires in <head> for a specific admin page based on $hook_suffix.
+ *
+ * @since 2.1.0
+ */
+do_action( "admin_head-$hook_suffix" );
+
+/**
+ * Fires in <head> for all admin pages.
+ *
+ * @since 2.1.0
+ */
+do_action( 'admin_head' );

 if ( get_user_setting('mfold') == 'f' )
 	$admin_body_class .= ' folded';
@@ -80,6 +131,12 @@ if ( is_admin_bar_showing() )
 if ( is_rtl() )
 	$admin_body_class .= ' rtl';

+if ( $current_screen->post_type )
+	$admin_body_class .= ' post-type-' . $current_screen->post_type;
+
+if ( $current_screen->taxonomy )
+	$admin_body_class .= ' taxonomy-' . $current_screen->taxonomy;
+
 $admin_body_class .= ' branch-' . str_replace( array( '.', ',' ), '-', floatval( $wp_version ) );
 $admin_body_class .= ' version-' . str_replace( '.', '-', preg_replace( '/^([.0-9]+).*/', '$1', $wp_version ) );
 $admin_body_class .= ' admin-color-' . sanitize_html_class( get_user_option( 'admin_color' ), 'fresh' );
@@ -92,6 +149,19 @@ $admin_body_class .= ' no-customize-support';

 ?>
 </head>
+<?php
+/**
+ * Filter the admin <body> CSS classes.
+ *
+ * This filter differs from the post_class or body_class filters in two important ways:
+ * 1. $classes is a space-separated string of class names instead of an array.
+ * 2. Not all core admin classes are filterable, notably: wp-admin, wp-core-ui, and no-js cannot be removed.
+ *
+ * @since 2.3.0
+ *
+ * @param string $classes Space-separated string of CSS classes.
+ */
+?>
 <body class="wp-admin wp-core-ui no-js <?php echo apply_filters( 'admin_body_class', '' ) . " $admin_body_class"; ?>">
 <script type="text/javascript">
 	document.body.className = document.body.className.replace('no-js','js');
@@ -109,7 +179,12 @@ if ( current_user_can( 'edit_theme_options' ) )
 <div id="wpcontent">

 <?php
-do_action('in_admin_header');
+/**
+ * Fires at the beginning of the content section in an admin page.
+ *
+ * @since 3.0.0
+ */
+do_action( 'in_admin_header' );
 ?>

 <div id="wpbody">
@@ -125,14 +200,35 @@ $current_screen->set_parentage( $parent_file );

 $current_screen->render_screen_meta();

-if ( is_network_admin() )
-	do_action('network_admin_notices');
-elseif ( is_user_admin() )
-	do_action('user_admin_notices');
-else
-	do_action('admin_notices');
+if ( is_network_admin() ) {
+	/**
+	 * Print network admin screen notices.
+	 *
+	 * @since 3.1.0
+	 */
+	do_action( 'network_admin_notices' );
+} elseif ( is_user_admin() ) {
+	/**
+	 * Print user admin screen notices.
+	 *
+	 * @since 3.1.0
+	 */
+	do_action( 'user_admin_notices' );
+} else {
+	/**
+	 * Print admin screen notices.
+	 *
+	 * @since 3.1.0
+	 */
+	do_action( 'admin_notices' );
+}

-do_action('all_admin_notices');
+/**
+ * Print generic admin screen notices.
+ *
+ * @since 3.1.0
+ */
+do_action( 'all_admin_notices' );

 if ( $parent_file == 'options-general.php' )
 	require(ABSPATH . 'wp-admin/options-head.php');
--- a/wp-admin/admin-post.php
+++ b/wp-admin/admin-post.php
@@ -1,6 +1,8 @@
 <?php
 /**
- * WordPress Administration Generic POST Handler.
+ * WordPress Generic Request (POST/GET) Handler
+ *
+ * Intended for form submission handling in themes and plugins.
 *
 * @package WordPress
 * @subpackage Administration
@@ -12,13 +14,17 @@ define('WP_ADMIN', true);
 if ( defined('ABSPATH') )
 	require_once(ABSPATH . 'wp-load.php');
 else
-	require_once('../wp-load.php');
+	require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
+
+/** Allow for cross-domain requests (from the frontend). */
+send_origin_headers();

 require_once(ABSPATH . 'wp-admin/includes/admin.php');

 nocache_headers();

-do_action('admin_init');
+/** This action is documented in wp-admin/admin.php */
+do_action( 'admin_init' );

 $action = 'admin_post';

@@ -28,4 +34,12 @@ if ( !wp_validate_auth_cookie() )
 if ( !empty($_REQUEST['action']) )
 	$action .= '_' . $_REQUEST['action'];

-do_action($action);
+/**
+ * Fires the requested handler action.
+ *
+ * admin_post_nopriv_{$_REQUEST['action']} is called for not-logged-in users.
+ * admin_post_{$_REQUEST['action']} is called for logged-in users.
+ *
+ * @since 2.6.0
+ */
+do_action( $action );
--- a/wp-admin/admin.php
+++ b/wp-admin/admin.php
@@ -36,27 +36,43 @@ if ( get_option('db_upgraded') ) {
 	update_option( 'db_upgraded',  false );

 	/**
-	 * Runs on the next page load after successful upgrade
+	 * Fires on the next page load after a successful DB upgrade.
 	 *
-	 * @since 2.8
+	 * @since 2.8.0
 	 */
-	do_action('after_db_upgrade');
+	do_action( 'after_db_upgrade' );
 } elseif ( get_option('db_version') != $wp_db_version && empty($_POST) ) {
 	if ( !is_multisite() ) {
 		wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
 		exit;
+
+	/**
+	 * Filter whether to attempt to perform the multisite DB upgrade routine.
+	 *
+	 * In single site, the user would be redirected to wp-admin/upgrade.php.
+	 * In multisite, it is automatically fired, but only when this filter
+	 * returns true.
+	 *
+	 * If the network is 50 sites or less, it will run every time. Otherwise,
+	 * it will throttle itself to reduce load.
+	 *
+	 * @since 3.0.0
+	 *
+	 * @param bool true Whether to perform the Multisite upgrade routine. Default true.
+	 */
 	} elseif ( apply_filters( 'do_mu_upgrade', true ) ) {
-		/**
-		 * On really small MU installs run the upgrader every time,
-		 * else run it less often to reduce load.
-		 *
-		 * @since 2.8.4b
-		 */
 		$c = get_blog_count();
 		// If 50 or fewer sites, run every time. Else, run "about ten percent" of the time. Shh, don't check that math.
 		if ( $c <= 50 || ( $c > 50 && mt_rand( 0, (int)( $c / 50 ) ) == 1 ) ) {
 			require_once( ABSPATH . WPINC . '/http.php' );
 			$response = wp_remote_get( admin_url( 'upgrade.php?step=1' ), array( 'timeout' => 120, 'httpversion' => '1.1' ) );
+			/**
+			 * Fires after the multisite DB upgrade is complete.
+			 *
+			 * @since 3.0.0
+			 *
+			 * @param array|WP_Error $response The upgrade response array or WP_Error on failure.
+			 */
 			do_action( 'after_mu_upgrade', $response );
 			unset($response);
 		}
@@ -103,10 +119,35 @@ elseif ( WP_USER_ADMIN )
 else
 	require(ABSPATH . 'wp-admin/menu.php');

-if ( current_user_can( 'manage_options' ) )
+if ( current_user_can( 'manage_options' ) ) {
+	/**
+	 * Filter the maximum memory limit available for administration screens.
+	 *
+	 * This only applies to administrators, who may require more memory for tasks like updates.
+	 * Memory limits when processing images (uploaded or edited by users of any role) are
+	 * handled separately.
+	 *
+	 * The WP_MAX_MEMORY_LIMIT constant specifically defines the maximum memory limit available
+	 * when in the administration back-end. The default is 256M, or 256 megabytes of memory.
+	 *
+	 * @since 3.0.0
+	 *
+	 * @param string 'WP_MAX_MEMORY_LIMIT' The maximum WordPress memory limit. Default 256M.
+	 */
 	@ini_set( 'memory_limit', apply_filters( 'admin_memory_limit', WP_MAX_MEMORY_LIMIT ) );
+}

-do_action('admin_init');
+/**
+ * Fires as an admin screen or script is being initialized.
+ *
+ * Note, this does not just run on user-facing admin screens.
+ * It runs on admin-ajax.php and admin-post.php as well.
+ *
+ * This is roughly analgous to the more general 'init' hook, which fires earlier.
+ *
+ * @since 2.5.0
+ */
+do_action( 'admin_init' );

 if ( isset($plugin_page) ) {
 	if ( !empty($typenow) )
@@ -142,11 +183,38 @@ set_current_screen();
 // Handle plugin admin pages.
 if ( isset($plugin_page) ) {
 	if ( $page_hook ) {
-		do_action('load-' . $page_hook);
+		/**
+		 * Fires before a particular screen is loaded.
+		 *
+		 * The load-* hook fires in a number of contexts. This hook is for plugin screens
+		 * where a callback is provided when the screen is registered.
+		 *
+		 * The dynamic portion of the hook name, $page_hook, refers to a mixture of plugin
+		 * page information including:
+		 * 1. The page type. If the plugin page is registered as a submenu page, such as for
+		 *    Settings, the page type would be 'settings'. Otherwise the type is 'toplevel'.
+		 * 2. A separator of '_page_'.
+		 * 3. The plugin basename minus the file extension.
+		 *
+		 * Together, the three parts form the $page_hook. Citing the example above,
+		 * the hook name used would be 'load-settings_page_pluginbasename'.
+		 *
+		 * @see get_plugin_page_hook()
+		 *
+		 * @since 2.1.0
+		 */
+		do_action( 'load-' . $page_hook );
 		if (! isset($_GET['noheader']))
 			require_once(ABSPATH . 'wp-admin/admin-header.php');

-		do_action($page_hook);
+		/**
+		 * Used to call the registered callback for a plugin screen.
+		 *
+		 * @access private
+		 *
+		 * @since 1.5.0
+		 */
+		do_action( $page_hook );
 	} else {
 		if ( validate_file($plugin_page) )
 			wp_die(__('Invalid plugin page'));
@@ -154,7 +222,19 @@ if ( isset($plugin_page) ) {
 		if ( !( file_exists(WP_PLUGIN_DIR . "/$plugin_page") && is_file(WP_PLUGIN_DIR . "/$plugin_page") ) && !( file_exists(WPMU_PLUGIN_DIR . "/$plugin_page") && is_file(WPMU_PLUGIN_DIR . "/$plugin_page") ) )
 			wp_die(sprintf(__('Cannot load %s.'), htmlentities($plugin_page)));

-		do_action('load-' . $plugin_page);
+		/**
+		 * Fires before a particular screen is loaded.
+		 *
+		 * The load-* hook fires in a number of contexts. This hook is for plugin screens
+		 * where the file to load is directly included, rather than the use of a function.
+		 *
+		 * The dynamic portion of the hook name, $plugin_page, refers to the plugin basename.
+		 *
+		 * @see plugin_basename()
+		 *
+		 * @since 1.5.0
+		 */
+		do_action( 'load-' . $plugin_page );

 		if ( !isset($_GET['noheader']))
 			require_once(ABSPATH . 'wp-admin/admin-header.php');
@@ -185,6 +265,13 @@ if ( isset($plugin_page) ) {
 		exit;
 	}

+	/**
+	 * Fires before an importer screen is loaded.
+	 *
+	 * The dynamic portion of the hook name, $importer, refers to the importer slug.
+	 *
+	 * @since 3.5.0
+	 */
 	do_action( 'load-importer-' . $importer );

 	$parent_file = 'tools.php';
@@ -198,6 +285,16 @@ if ( isset($plugin_page) ) {

 	define('WP_IMPORTING', true);

+	/**
+	 * Whether to filter imported data through kses on import.
+	 *
+	 * Multisite uses this hook to filter all data through kses by default,
+	 * as a super administrator may be assisting an untrusted user.
+	 *
+	 * @since 3.1.0
+	 *
+	 * @param bool false Whether to force data to be filtered through kses. Default false.
+	 */
 	if ( apply_filters( 'force_filtered_html_on_import', false ) )
 		kses_init_filters();  // Always filter imported data with kses on multisite.

@@ -210,7 +307,18 @@ if ( isset($plugin_page) ) {

 	exit();
 } else {
-	do_action("load-$pagenow");
+	/**
+	 * Fires before a particular screen is loaded.
+	 *
+	 * The load-* hook fires in a number of contexts. This hook is for core screens.
+	 *
+	 * The dynamic portion of the hook name, $pagenow, is a global variable
+	 * referring to the filename of the current page, such as 'admin.php',
+	 * 'post-new.php' etc. A complete hook for the latter would be 'load-post-new.php'.
+	 *
+	 * @since 2.1.0
+	 */
+	do_action( 'load-' . $pagenow );
 	// Backwards compatibility with old load-page-new.php, load-page.php,
 	// and load-categories.php actions.
 	if ( $typenow == 'page' ) {
@@ -226,5 +334,14 @@ if ( isset($plugin_page) ) {
 	}
 }

-if ( !empty($_REQUEST['action']) )
-	do_action('admin_action_' . $_REQUEST['action']);
+if ( ! empty( $_REQUEST['action'] ) ) {
+	/**
+	 * Fires when an 'action' request variable is sent.
+	 *
+	 * The dynamic portion of the hook name, $_REQUEST['action'],
+	 * refers to the action derived from the GET or POST request.
+	 *
+	 * @since 2.6.0
+	 */
+	do_action( 'admin_action_' . $_REQUEST['action'] );
+}
--- a/wp-admin/async-upload.php
+++ b/wp-admin/async-upload.php
@@ -11,7 +11,7 @@ define('WP_ADMIN', true);
 if ( defined('ABSPATH') )
 	require_once(ABSPATH . 'wp-load.php');
 else
-	require_once('../wp-load.php');
+	require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );

 if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
 	// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
@@ -24,7 +24,7 @@ if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['actio
 	unset($current_user);
 }

-require_once('./admin.php');
+require_once( ABSPATH . 'wp-admin/admin.php' );

 if ( !current_user_can('upload_files') )
 	wp_die(__('You do not have permission to upload files.'));
--- a/wp-admin/comment.php
+++ b/wp-admin/comment.php
@@ -7,7 +7,7 @@
 */

 /** Load WordPress Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );

 $parent_file = 'edit-comments.php';
 $submenu_file = 'edit-comments.php';
@@ -36,7 +36,7 @@ if ( isset( $_GET['dt'] ) ) {
 */
 function comment_footer_die( $msg ) {
 	echo "<div class='wrap'><p>$msg</p></div>";
-	include('./admin-footer.php');
+	include( ABSPATH . 'wp-admin/admin-footer.php' );
 	die;
 }

@@ -60,7 +60,7 @@ case 'editcomment' :
 	);

 	wp_enqueue_script('comment');
-	require_once('./admin-header.php');
+	require_once( ABSPATH . 'wp-admin/admin-header.php' );

 	$comment_id = absint( $_GET['c'] );

@@ -75,7 +75,7 @@ case 'editcomment' :

 	$comment = get_comment_to_edit( $comment_id );

-	include('./edit-form-comment.php');
+	include( ABSPATH . 'wp-admin/edit-form-comment.php' );

 	break;

@@ -104,7 +104,7 @@ case 'spam'    :
 		die();
 	}

-	require_once('./admin-header.php');
+	require_once( ABSPATH . 'wp-admin/admin-header.php' );

 	$formaction    = $action . 'comment';
 	$nonce_action  = 'approve' == $action ? 'approve-comment_' : 'delete-comment_';
@@ -279,6 +279,15 @@ case 'editedcomment' :
 	edit_comment();

 	$location = ( empty( $_POST['referredby'] ) ? "edit-comments.php?p=$comment_post_id" : $_POST['referredby'] ) . '#comment-' . $comment_id;
+
+	/**
+	 * Filter the URI the user is redirected to after editing a comment in the admin.
+	 *
+	 * @since 2.1.0
+	 *
+	 * @param string $location The URI the user will be redirected to.
+	 * @param int $comment_id The ID of the comment being edited.
+	 */
 	$location = apply_filters( 'comment_edit_redirect', $location, $comment_id );
 	wp_redirect( $location );

@@ -291,4 +300,4 @@ default:

 } // end switch

-include('./admin-footer.php');
+include( ABSPATH . 'wp-admin/admin-footer.php' );
--- a/wp-admin/credits.php
+++ b/wp-admin/credits.php
@@ -7,10 +7,19 @@
 */

 /** WordPress Administration Bootstrap */
-require_once( './admin.php' );
+require_once( dirname( __FILE__ ) . '/admin.php' );

 $title = __( 'Credits' );

+/**
+ * Retrieve the contributor credits.
+ *
+ * @global string $wp_version The current WordPress version.
+ *
+ * @since 3.2.0
+ *
+ * @return array A list of all of the contributors.
+*/
 function wp_credits() {
 	global $wp_version;
 	$locale = get_locale();
@@ -20,12 +29,12 @@ function wp_credits() {
 	if ( ! is_array( $results )
 		|| ( isset( $results['data']['version'] ) && strpos( $wp_version, $results['data']['version'] ) !== 0 )
 	) {
-		$response = wp_remote_get( "http://api.wordpress.org/core/credits/1.0/?version=$wp_version&locale=$locale" );
+		$response = wp_remote_get( "http://api.wordpress.org/core/credits/1.1/?version=$wp_version&locale=$locale" );

 		if ( is_wp_error( $response ) || 200 != wp_remote_retrieve_response_code( $response ) )
 			return false;

-		$results = maybe_unserialize( wp_remote_retrieve_body( $response ) );
+		$results = json_decode( wp_remote_retrieve_body( $response ), true );

 		if ( ! is_array( $results ) )
 			return false;
@@ -36,10 +45,30 @@ function wp_credits() {
 	return $results;
 }

+/**
+ * Retrieve the link to a contributor's WordPress.org profile page.
+ *
+ * @access private
+ * @since 3.2.0
+ *
+ * @param string &$display_name The contributor's display name, passed by reference.
+ * @param string $user_name     The contributor's username.
+ * @param string $profiles      URL to the contributor's WordPress.org profile page.
+ * @return string A contributor's display name, hyperlinked to a WordPress.org profile page.
+ */
 function _wp_credits_add_profile_link( &$display_name, $username, $profiles ) {
 	$display_name = '<a href="' . esc_url( sprintf( $profiles, $username ) ) . '">' . esc_html( $display_name ) . '</a>';
 }

+/**
+ * Retrieve the link to an external library used in WordPress.
+ *
+ * @access private
+ * @since 3.2.0
+ *
+ * @param string &$data External library data, passed by reference.
+ * @return string Link to the external library.
+ */
 function _wp_credits_build_object_link( &$data ) {
 	$data = '<a href="' . esc_url( $data[1] ) . '">' . $data[0] . '</a>';
 }
@@ -52,7 +81,7 @@ include( ABSPATH . 'wp-admin/admin-header.php' );

 <h1><?php printf( __( 'Welcome to WordPress %s' ), $display_version ); ?></h1>

-<div class="about-text"><?php printf( __( 'Thank you for updating to the latest version! WordPress %s is more polished and enjoyable than ever before. We hope you like it.' ), $display_version ); ?></div>
+<div class="about-text"><?php echo str_replace( '3.7', $display_version, __( 'Thank you for updating to WordPress 3.7! You might not notice a thing, and we&#8217;re okay with that.' ) ); ?></div>

 <div class="wp-badge"><?php printf( __( 'Version %s' ), $display_version ); ?></div>

--- a/wp-admin/css/color-picker.min.css
+++ b/wp-admin/css/color-picker.min.css
@@ -1 +1 @@
-.wp-color-picker{width:80px}.wp-picker-container .hidden{display:none}.wp-color-result{background-color:#f9f9f9;border:1px solid #bbb;border-radius:2px;cursor:pointer;display:inline-block;height:22px;margin:0 6px 6px 0;position:relative;top:1px;user-select:none;-moz-user-select:none;-ms-user-select:none;-webkit-user-select:none;vertical-align:bottom;display:inline-block;padding-left:30px}.wp-color-result:after{background:#f3f3f3;background-image:-webkit-gradient(linear,left top,left bottom,from(#fefefe),to(#f4f4f4));background-image:-webkit-linear-gradient(top,#fefefe,#f4f4f4);background-image:-moz-linear-gradient(top,#fefefe,#f4f4f4);background-image:-o-linear-gradient(top,#fefefe,#f4f4f4);background-image:linear-gradient(to bottom,#fefefe,#f4f4f4);color:#333;text-shadow:0 1px 0 #fff;border-radius:0 1px 1px 0;border-left:1px solid #bbb;content:attr(title);display:block;font-size:11px;line-height:22px;padding:0 6px;position:relative;right:0;text-align:center;top:0}.wp-color-result:hover{border-color:#aaa;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.2);box-shadow:0 1px 1px rgba(0,0,0,0.1)}.wp-color-result:hover:after{color:#222;border-color:#aaa;border-left:1px solid #999}.wp-color-result.wp-picker-open{top:0}.wp-color-result.wp-picker-open:after{content:attr(data-current)}.wp-picker-container,.wp-picker-container:active{display:inline-block;outline:0}.wp-color-result:focus{border-color:#888;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.2);box-shadow:0 1px 2px rgba(0,0,0,0.2)}.wp-color-result:focus:after{border-color:#888}.wp-picker-open+.wp-picker-input-wrap{display:inline-block;vertical-align:top}.wp-picker-container .button{margin-left:6px}.wp-picker-container .iris-square-slider .ui-slider-handle:focus{background-color:#555}.wp-picker-container .iris-picker{border-color:#dfdfdf;margin-top:6px}input[type="text"].iris-error{background-color:#ffebe8;border-color:#c00;color:#000}
+.wp-color-picker{width:80px}.wp-picker-container .hidden{display:none}.wp-color-result{background-color:#f9f9f9;border:1px solid #bbb;border-radius:2px;cursor:pointer;display:inline-block;height:22px;margin:0 6px 6px 0;position:relative;top:1px;user-select:none;-moz-user-select:none;-ms-user-select:none;-webkit-user-select:none;vertical-align:bottom;display:inline-block;padding-left:30px}.wp-color-result:after{background:#f3f3f3;background-image:-webkit-gradient(linear,left top,left bottom,from(#fefefe),to(#f4f4f4));background-image:-webkit-linear-gradient(top,#fefefe,#f4f4f4);background-image:-moz-linear-gradient(top,#fefefe,#f4f4f4);background-image:-o-linear-gradient(top,#fefefe,#f4f4f4);background-image:linear-gradient(to bottom,#fefefe,#f4f4f4);color:#333;text-shadow:0 1px 0 #fff;border-radius:0 1px 1px 0;border-left:1px solid #bbb;content:attr(title);display:block;font-size:11px;line-height:22px;padding:0 6px;position:relative;right:0;text-align:center;top:0}.wp-color-result:hover{border-color:#aaa;-webkit-box-shadow:0 1px 2px rgba(0,0,0,.2);box-shadow:0 1px 1px rgba(0,0,0,.1)}.wp-color-result:hover:after{color:#222;border-color:#aaa;border-left:1px solid #999}.wp-color-result.wp-picker-open{top:0}.wp-color-result.wp-picker-open:after{content:attr(data-current)}.wp-picker-container,.wp-picker-container:active{display:inline-block;outline:0}.wp-color-result:focus{border-color:#888;-webkit-box-shadow:0 1px 2px rgba(0,0,0,.2);box-shadow:0 1px 2px rgba(0,0,0,.2)}.wp-color-result:focus:after{border-color:#888}.wp-picker-open+.wp-picker-input-wrap{display:inline-block;vertical-align:top}.wp-picker-container .button{margin-left:6px}.wp-picker-container .iris-square-slider .ui-slider-handle:focus{background-color:#555}.wp-picker-container .iris-picker{border-color:#dfdfdf;margin-top:6px}input[type=text].iris-error{background-color:#ffebe8;border-color:#c00;color:#000}
--- a/wp-admin/css/colors-classic.css
+++ b/wp-admin/css/colors-classic.css
@@ -2000,13 +2000,6 @@ h2.nav-tab-wrapper, h3.nav-tab-wrapper {
 	color: #464646;
 }

-.about-wrap .feature-section img {
-	background: #fff;
-	border: 1px #ccc solid;
-	-webkit-box-shadow: 0 1px 3px rgba( 0, 0, 0, 0.3 );
-	box-shadow:         0 1px 3px rgba( 0, 0, 0, 0.3 );
-}
-
 .about-wrap h4.wp-people-group {
 	text-shadow: 1px 1px 1px #fff;
 }
--- a/wp-admin/css/colors-classic.min.css
+++ b/wp-admin/css/colors-classic.min.css
--- a/wp-admin/css/colors-fresh.css
+++ b/wp-admin/css/colors-fresh.css
@@ -1889,13 +1889,6 @@ h2.nav-tab-wrapper, h3.nav-tab-wrapper {
 	color: #464646;
 }

-.about-wrap .feature-section img {
-	background: #fff;
-	border: 1px #ccc solid;
-	-webkit-box-shadow: 0 1px 3px rgba( 0, 0, 0, 0.3 );
-	box-shadow:         0 1px 3px rgba( 0, 0, 0, 0.3 );
-}
-
 .about-wrap h4.wp-people-group {
 	text-shadow: 1px 1px 1px #fff;
 }
--- a/wp-admin/css/colors-fresh.min.css
+++ b/wp-admin/css/colors-fresh.min.css
--- a/wp-admin/css/customize-controls-rtl.min.css
+++ b/wp-admin/css/customize-controls-rtl.min.css
@@ -1 +1 @@
-#customize-header-actions .button-primary{float:left}#customize-header-actions .spinner{float:left;margin-right:0;margin-left:4px}.customize-control{float:right}.customize-control-radio input,.customize-control-checkbox input{margin-right:0;margin-left:5px}.accordion-section .dropdown{float:right}.accordion-section .dropdown-content{float:right;margin-right:0;margin-left:16px;-webkit-border-radius:0 3px 3px 0;border-radius:0 3px 3px 0}.customize-control .dropdown-arrow{right:auto;left:0;border-color:#ccc;border-style:solid;border-width:1px 0 1px 1px;-webkit-border-radius:3px 0 0 3px;border-radius:3px 0 0 3px}.customize-control .dropdown-arrow:after{right:auto;left:4px}.customize-control-color .dropdown{margin-right:0;margin-left:5px}.accordion-section input[type="text"].color-picker-hex{direction:ltr}.accordion-section .customize-control-image .actions{text-align:left}.customize-control-image .library,.customize-control-image .actions,.accordion-section .customize-control-image .library ul,.accordion-section .customize-control-image .library li,.accordion-section .customize-control-image .library-content{float:right}
+#customize-header-actions .button-primary{float:left}#customize-header-actions .spinner{float:left;margin-right:0;margin-left:4px}.customize-control{float:right}.customize-control-radio input,.customize-control-checkbox input{margin-right:0;margin-left:5px}.accordion-section .dropdown{float:right}.accordion-section .dropdown-content{float:right;margin-right:0;margin-left:16px;-webkit-border-radius:0 3px 3px 0;border-radius:0 3px 3px 0}.customize-control .dropdown-arrow{right:auto;left:0;border-color:#ccc;border-style:solid;border-width:1px 0 1px 1px;-webkit-border-radius:3px 0 0 3px;border-radius:3px 0 0 3px}.customize-control .dropdown-arrow:after{right:auto;left:4px}.customize-control-color .dropdown{margin-right:0;margin-left:5px}.accordion-section input[type=text].color-picker-hex{direction:ltr}.accordion-section .customize-control-image .actions{text-align:left}.customize-control-image .library,.customize-control-image .actions,.accordion-section .customize-control-image .library ul,.accordion-section .customize-control-image .library li,.accordion-section .customize-control-image .library-content{float:right}
--- a/wp-admin/css/customize-controls.min.css
+++ b/wp-admin/css/customize-controls.min.css
--- a/wp-admin/css/ie-rtl.css
+++ b/wp-admin/css/ie-rtl.css
@@ -73,10 +73,6 @@ div#dashboard-widgets {
 	padding-left: 1px;
 }

-.tagchecklist span a {
-	margin: 4px -9px 0 0;
-}
-
 .widefat th input {
 	margin: 0 5px 0 0;
 }
--- a/wp-admin/css/ie-rtl.min.css
+++ b/wp-admin/css/ie-rtl.min.css
@@ -1 +1 @@
-body{direction:rtl;width:99.5%}.rtl #adminmenuback{left:auto;right:0;background-image:none}.rtl #adminmenuback,.rtl #adminmenuwrap{border-width:0 0 0 1px}#plupload-upload-ui{zoom:1}.post-com-count-wrapper a.post-com-count{float:none}#adminmenu .wp-submenu ul{width:99%}#adminmenu .wp-submenu .wp-submenu .wp-submenu,#adminmenu .wp-menu-open .wp-submenu .wp-submenu{border:1px solid #dfdfdf}.folded #adminmenu .wp-submenu{right:30px}#wpcontent #adminmenu .wp-submenu li.wp-submenu-head{padding:3px 10px 4px 4px}div.quicktags-toolbar input{min-width:0}.inline-edit-row fieldset label span.title{float:right}.inline-edit-row fieldset label span.input-text-wrap{margin-right:0}p.search-box{float:left}#bh{margin:7px 10px 0 0;float:left}.postbox div.inside,.wp-editor-wrap .wp-editor-container .wp-editor-area,#nav-menu-theme-locations .howto select{width:97.5%}div#dashboard-widgets{padding-right:0;padding-left:1px}.tagchecklist span a{margin:4px -9px 0 0}.widefat th input{margin:0 5px 0 0}#TB_window{width:670px;position:absolute;top:50%;left:50%;margin-right:335px!important}#dashboard_plugins{direction:ltr}#dashboard_plugins h3.hndle{direction:rtl}#dashboard_incoming_links ul li,#dashboard_secondary ul li,#dashboard_primary ul li,p.row-actions{width:100%}#post-status-info{height:25px}p.submit{height:22px}.available-theme .action-links li{padding-left:7px;margin-left:7px}form#widgets-filter{position:static}.menu-item-depth-0{margin-left:0}.menu-item-depth-1{margin-left:-30px}.menu-item-depth-2{margin-left:-60px}.menu-item-depth-3{margin-left:-90px}.menu-item-depth-4{margin-left:-120px}.menu-item-depth-5{margin-left:-150px}.menu-item-depth-6{margin-left:-180px}.menu-item-depth-7{margin-left:-210px}.menu-item-depth-8{margin-left:-240px}.menu-item-depth-9{margin-left:-270px}.menu-item-depth-10{margin-left:-300px}.menu-item-depth-11{margin-left:-330px}#menu-management,.nav-menus-php .menu-edit,#nav-menu-header .submitbox{zoom:1}.nav-menus-php label{max-width:90%!important}p.button-controls,.nav-menus-php .tabs-panel{max-width:90%}.nav-menus-php .major-publishing-actions .publishing-action{float:none}#wpbody #nav-menu-header label{float:none}#nav-menu-header{margin-top:-10px}#nav-menu-footer{margin-bottom:-20px}#update-nav-menu .publishing-action{max-width:200px}#nav-menus-frame #update-nav-menu .delete-action{margin-top:-25px;float:left}#menu-to-edit li{margin-top:-10px;margin-bottom:-10px}.sortable-placeholder{margin-top:0!important;margin-left:0!important;margin-bottom:13px!important;padding:0!important}.auto-add-pages{clear:both;float:none}#nav-menus-frame .open-label span{float:none;display:inline-block}#nav-menus-frame .delete-action{float:none}#title-wrap #title-prompt-text{right:0}.screen-reader-text{right:auto;text-indent:-1000em}
+body{direction:rtl;width:99.5%}.rtl #adminmenuback{left:auto;right:0;background-image:none}.rtl #adminmenuback,.rtl #adminmenuwrap{border-width:0 0 0 1px}#plupload-upload-ui{zoom:1}.post-com-count-wrapper a.post-com-count{float:none}#adminmenu .wp-submenu ul{width:99%}#adminmenu .wp-submenu .wp-submenu .wp-submenu,#adminmenu .wp-menu-open .wp-submenu .wp-submenu{border:1px solid #dfdfdf}.folded #adminmenu .wp-submenu{right:30px}#wpcontent #adminmenu .wp-submenu li.wp-submenu-head{padding:3px 10px 4px 4px}div.quicktags-toolbar input{min-width:0}.inline-edit-row fieldset label span.title{float:right}.inline-edit-row fieldset label span.input-text-wrap{margin-right:0}p.search-box{float:left}#bh{margin:7px 10px 0 0;float:left}.postbox div.inside,.wp-editor-wrap .wp-editor-container .wp-editor-area,#nav-menu-theme-locations .howto select{width:97.5%}div#dashboard-widgets{padding-right:0;padding-left:1px}.widefat th input{margin:0 5px 0 0}#TB_window{width:670px;position:absolute;top:50%;left:50%;margin-right:335px!important}#dashboard_plugins{direction:ltr}#dashboard_plugins h3.hndle{direction:rtl}#dashboard_incoming_links ul li,#dashboard_secondary ul li,#dashboard_primary ul li,p.row-actions{width:100%}#post-status-info{height:25px}p.submit{height:22px}.available-theme .action-links li{padding-left:7px;margin-left:7px}form#widgets-filter{position:static}.menu-item-depth-0{margin-left:0}.menu-item-depth-1{margin-left:-30px}.menu-item-depth-2{margin-left:-60px}.menu-item-depth-3{margin-left:-90px}.menu-item-depth-4{margin-left:-120px}.menu-item-depth-5{margin-left:-150px}.menu-item-depth-6{margin-left:-180px}.menu-item-depth-7{margin-left:-210px}.menu-item-depth-8{margin-left:-240px}.menu-item-depth-9{margin-left:-270px}.menu-item-depth-10{margin-left:-300px}.menu-item-depth-11{margin-left:-330px}#menu-management,.nav-menus-php .menu-edit,#nav-menu-header .submitbox{zoom:1}.nav-menus-php label{max-width:90%!important}p.button-controls,.nav-menus-php .tabs-panel{max-width:90%}.nav-menus-php .major-publishing-actions .publishing-action{float:none}#wpbody #nav-menu-header label{float:none}#nav-menu-header{margin-top:-10px}#nav-menu-footer{margin-bottom:-20px}#update-nav-menu .publishing-action{max-width:200px}#nav-menus-frame #update-nav-menu .delete-action{margin-top:-25px;float:left}#menu-to-edit li{margin-top:-10px;margin-bottom:-10px}.sortable-placeholder{margin-top:0!important;margin-left:0!important;margin-bottom:13px!important;padding:0!important}.auto-add-pages{clear:both;float:none}#nav-menus-frame .open-label span{float:none;display:inline-block}#nav-menus-frame .delete-action{float:none}#title-wrap #title-prompt-text{right:0}.screen-reader-text{right:auto;text-indent:-1000em}
--- a/wp-admin/css/ie.css
+++ b/wp-admin/css/ie.css
@@ -371,10 +371,6 @@ div#dashboard-widgets {
 	display: block;
 }

-.tagchecklist span a {
-	margin: 4px 0 0 -9px;
-}
-
 .tablenav .button-secondary,
 .nav .button-secondary {
 	padding-top: 2px;
@@ -490,20 +486,6 @@ table.ie-fixed {
 	min-width: 400px;
 }

-.about-wrap img.element-screenshot {
-	padding: 2px;
-}
-
-.about-wrap .feature-section img,
-.about-wrap .feature-section .image-mask {
-	border-width: 1px;
-	border-style: solid;
-}
-
-.about-wrap .feature-section.three-col img {
-	margin-left: 0;
-}
-
 .available-theme {
 	display: inline;
 }
@@ -517,13 +499,21 @@ table.ie-fixed {
 	margin-right: 7px;
 }

-.about-wrap .three-col-images img {
-	margin: 0 0.6% 10px;
+.about-wrap .three-col.about-updates .col-2 {
+	width: 15%;
 }

-.about-wrap .three-col-images .last-feature,
-.about-wrap .three-col-images .first-feature {
-	float: none;
+.about-wrap .about-password-meter input {
+	width: 98%;
+}
+
+.revisions-tickmarks,
+.revisions-tooltip {
+	display: none !important;
+}
+
+.revisions.pinned .revisions-controls {
+	position: relative;
 }

 /* IE6 leftovers */
@@ -630,13 +620,3 @@ table.ie-fixed {
 * html #adminmenu div.wp-menu-image {
 	height: 29px;
 }
-
-.revisions-tickmarks,
-.revisions-tooltip {
-	display: none !important;
-}
-
-.revisions.pinned .revisions-controls {
-    position: relative;
-}
-
--- a/wp-admin/css/ie.min.css
+++ b/wp-admin/css/ie.min.css
--- a/wp-admin/css/install.css
+++ b/wp-admin/css/install.css
@@ -215,10 +215,12 @@ textarea {
 }

 .message {
-	border: 1px solid #e6db55;
-	padding: 0.3em 0.6em;
+	border: 1px solid #c00;
+	-webkit-border-radius: 3px;
+	border-radius:         3px;
+	padding: 0.5em 0.7em;
 	margin: 5px 0 15px;
-	background-color: #ffffe0;
+	background-color: #ffebe8;
 }

 /* install-rtl */
--- a/wp-admin/css/install.min.css
+++ b/wp-admin/css/install.min.css
@@ -1 +1 @@
-html{background:#f9f9f9}body{background:#fff;color:#333;font-family:sans-serif;margin:2em auto;padding:1em 2em;-webkit-border-radius:3px;border-radius:3px;border:1px solid #dfdfdf;max-width:700px}a{color:#21759b;text-decoration:none}a:hover{color:#d54e21}h1{border-bottom:1px solid #dadada;clear:both;color:#666;font:24px Georgia,"Times New Roman",Times,serif;margin:30px 0 0 0;padding:0;padding-bottom:7px}h2{font-size:16px}p,li,dd,dt{padding-bottom:2px;font-size:14px;line-height:1.5}code,.code{font-size:14px}ul,ol,dl{padding:5px 5px 5px 22px}a img{border:0}abbr{border:0;font-variant:normal}#logo{margin:6px 0 14px 0;border-bottom:0;text-align:center}#logo a{background-image:url('../images/wordpress-logo.png?ver=20120216');background-size:274px 63px;background-position:top center;background-repeat:no-repeat;height:67px;text-indent:-9999px;outline:0;overflow:hidden;display:block}@media print,(-o-min-device-pixel-ratio:5/4),(-webkit-min-device-pixel-ratio:1.25),(min-resolution:120dpi){#logo a{background-image:url('../images/wordpress-logo-2x.png?ver=20120412');background-size:274px 63px}}.step{margin:20px 0 15px}.step,th{text-align:left;padding:0}.step .button-large{font-size:14px}textarea{border:1px solid #dfdfdf;-webkit-border-radius:3px;border-radius:3px;font-family:sans-serif;width:695px}.form-table{border-collapse:collapse;margin-top:1em;width:100%}.form-table td{margin-bottom:9px;padding:10px 20px 10px 0;border-bottom:8px solid #fff;font-size:14px;vertical-align:top}.form-table th{font-size:14px;text-align:left;padding:16px 20px 10px 0;border-bottom:8px solid #fff;width:140px;vertical-align:top}.form-table code{line-height:18px;font-size:14px}.form-table p{margin:4px 0 0 0;font-size:11px}.form-table input{line-height:20px;font-size:15px;padding:2px;border:1px #dfdfdf solid;-webkit-border-radius:3px;border-radius:3px;font-family:sans-serif}.form-table input[type=text],.form-table input[type=password]{width:206px}.form-table th p{font-weight:normal}.form-table.install-success td{vertical-align:middle;padding:16px 20px 10px 0}.form-table.install-success td p{margin:0;font-size:14px}.form-table.install-success td code{margin:0;font-size:18px}#error-page{margin-top:50px}#error-page p{font-size:14px;line-height:18px;margin:25px 0 20px}#error-page code,.code{font-family:Consolas,Monaco,monospace}#pass-strength-result{background-color:#eee;border-color:#ddd!important;border-style:solid;border-width:1px;margin:5px 5px 5px 0;padding:5px;text-align:center;width:200px;display:none}#pass-strength-result.bad{background-color:#ffb78c;border-color:#ff853c!important}#pass-strength-result.good{background-color:#ffec8b;border-color:#fc0!important}#pass-strength-result.short{background-color:#ffa0a0;border-color:#f04040!important}#pass-strength-result.strong{background-color:#c3ff88;border-color:#8dff1c!important}.message{border:1px solid #e6db55;padding:.3em .6em;margin:5px 0 15px;background-color:#ffffe0}body.rtl{font-family:Tahoma,arial}.rtl h1{font-family:arial;margin:5px -4px 0 0}.rtl ul,.rtl ol{padding:5px 22px 5px 5px}.rtl .step,.rtl th,.rtl .form-table th{text-align:right}.rtl .submit input,.rtl .button,.rtl .button-secondary{margin-right:0}.rtl #dbname,.rtl #uname,.rtl #pwd,.rtl #dbhost,.rtl #prefix,.rtl #user_login,.rtl #admin_email,.rtl #pass1,.rtl #pass2{direction:ltr}
+html{background:#f9f9f9}body{background:#fff;color:#333;font-family:sans-serif;margin:2em auto;padding:1em 2em;-webkit-border-radius:3px;border-radius:3px;border:1px solid #dfdfdf;max-width:700px}a{color:#21759b;text-decoration:none}a:hover{color:#d54e21}h1{border-bottom:1px solid #dadada;clear:both;color:#666;font:24px Georgia,"Times New Roman",Times,serif;margin:30px 0 0;padding:0;padding-bottom:7px}h2{font-size:16px}p,li,dd,dt{padding-bottom:2px;font-size:14px;line-height:1.5}code,.code{font-size:14px}ul,ol,dl{padding:5px 5px 5px 22px}a img{border:0}abbr{border:0;font-variant:normal}#logo{margin:6px 0 14px;border-bottom:0;text-align:center}#logo a{background-image:url(../images/wordpress-logo.png?ver=20120216);background-size:274px 63px;background-position:top center;background-repeat:no-repeat;height:67px;text-indent:-9999px;outline:0;overflow:hidden;display:block}@media print,(-o-min-device-pixel-ratio:5/4),(-webkit-min-device-pixel-ratio:1.25),(min-resolution:120dpi){#logo a{background-image:url(../images/wordpress-logo-2x.png?ver=20120412);background-size:274px 63px}}.step{margin:20px 0 15px}.step,th{text-align:left;padding:0}.step .button-large{font-size:14px}textarea{border:1px solid #dfdfdf;-webkit-border-radius:3px;border-radius:3px;font-family:sans-serif;width:695px}.form-table{border-collapse:collapse;margin-top:1em;width:100%}.form-table td{margin-bottom:9px;padding:10px 20px 10px 0;border-bottom:8px solid #fff;font-size:14px;vertical-align:top}.form-table th{font-size:14px;text-align:left;padding:16px 20px 10px 0;border-bottom:8px solid #fff;width:140px;vertical-align:top}.form-table code{line-height:18px;font-size:14px}.form-table p{margin:4px 0 0;font-size:11px}.form-table input{line-height:20px;font-size:15px;padding:2px;border:1px #dfdfdf solid;-webkit-border-radius:3px;border-radius:3px;font-family:sans-serif}.form-table input[type=text],.form-table input[type=password]{width:206px}.form-table th p{font-weight:400}.form-table.install-success td{vertical-align:middle;padding:16px 20px 10px 0}.form-table.install-success td p{margin:0;font-size:14px}.form-table.install-success td code{margin:0;font-size:18px}#error-page{margin-top:50px}#error-page p{font-size:14px;line-height:18px;margin:25px 0 20px}#error-page code,.code{font-family:Consolas,Monaco,monospace}#pass-strength-result{background-color:#eee;border-color:#ddd!important;border-style:solid;border-width:1px;margin:5px 5px 5px 0;padding:5px;text-align:center;width:200px;display:none}#pass-strength-result.bad{background-color:#ffb78c;border-color:#ff853c!important}#pass-strength-result.good{background-color:#ffec8b;border-color:#fc0!important}#pass-strength-result.short{background-color:#ffa0a0;border-color:#f04040!important}#pass-strength-result.strong{background-color:#c3ff88;border-color:#8dff1c!important}.message{border:1px solid #c00;-webkit-border-radius:3px;border-radius:3px;padding:.5em .7em;margin:5px 0 15px;background-color:#ffebe8}body.rtl{font-family:Tahoma,arial}.rtl h1{font-family:arial;margin:5px -4px 0 0}.rtl ul,.rtl ol{padding:5px 22px 5px 5px}.rtl .step,.rtl th,.rtl .form-table th{text-align:right}.rtl .submit input,.rtl .button,.rtl .button-secondary{margin-right:0}.rtl #dbname,.rtl #uname,.rtl #pwd,.rtl #dbhost,.rtl #prefix,.rtl #user_login,.rtl #admin_email,.rtl #pass1,.rtl #pass2{direction:ltr}
--- a/wp-admin/css/media.min.css
+++ b/wp-admin/css/media.min.css
@@ -1 +1 @@
-div#media-upload-header{margin:0;padding:5px 5px 0;font-weight:bold;position:relative;border-bottom-width:1px;border-bottom-style:solid}body#media-upload ul#sidemenu{font-weight:normal;margin:0 5px;left:0;bottom:-1px;float:none;overflow:hidden}form{margin:1em}#search-filter{text-align:right}th{position:relative}.media-upload-form label.form-help,td.help{font-family:sans-serif;font-style:italic;font-weight:normal}.media-upload-form p.help{margin:0;padding:0}.media-upload-form fieldset{width:100%;border:0;text-align:justify;margin:0 0 1em 0;padding:0}.image-align-none-label{background:url(../images/align-none.png) no-repeat center left}.image-align-left-label{background:url(../images/align-left.png) no-repeat center left}.image-align-center-label{background:url(../images/align-center.png) no-repeat center left}.image-align-right-label{background:url(../images/align-right.png) no-repeat center left}tr.image-size td{width:460px}tr.image-size div.image-size-item{margin:0 0 5px}#library-form .progress,#gallery-form .progress,.insert-gallery,.describe.startopen,.describe.startclosed{display:none}.media-item .thumbnail{max-width:128px;max-height:128px}thead.media-item-info tr{background-color:transparent}.form-table thead.media-item-info{border:8px solid #fff}abbr.required{text-decoration:none;border:0}.describe label{display:inline}.describe td.error{padding:2px 8px}.describe td.A1{width:132px}.describe input[type="text"],.describe textarea{width:460px;border-width:1px;border-style:solid}#media-upload p.ml-submit{padding:1em 0}#media-upload p.help,#media-upload label.help{font-family:sans-serif;font-style:italic;font-weight:normal}#media-upload .ui-sortable .media-item{cursor:move}#media-upload tr.image-size{margin-bottom:1em;height:3em}#media-upload #filter{width:623px}#media-upload #filter .subsubsub{margin:8px 0}#filter .tablenav select{border-style:solid;border-width:1px;padding:2px;vertical-align:top;width:auto}#media-upload .del-attachment{display:none;margin:5px 0}.menu_order{float:right;font-size:11px;margin:10px 10px 0}.menu_order_input{border:1px solid #ddd;font-size:10px;padding:1px;width:23px}.ui-sortable-helper{background-color:#fff;border:1px solid #aaa;opacity:.6;filter:alpha(opacity=60)}#media-upload th.order-head{width:20%;text-align:center}#media-upload th.actions-head{width:25%;text-align:center}#media-upload a.wp-post-thumbnail{margin:0 20px}#media-upload .widefat{width:626px;border-style:solid solid none}.sorthelper{height:37px;width:623px;display:block}#gallery-settings th.label{width:160px}#gallery-settings #basic th.label{padding:5px 5px 5px 0}#gallery-settings .title{clear:both;padding:0 0 3px;font-size:1.6em;border-bottom:1px solid #dadada}h3.media-title{font-size:1.6em}h4.media-sub-title{border-bottom:1px solid #dadada;font-size:1.3em;margin:12px;padding:0 0 3px}#gallery-settings .title,h3.media-title,h4.media-sub-title{font-family:Georgia,"Times New Roman",Times,serif;font-weight:normal;color:#5a5a5a}#gallery-settings .describe td{vertical-align:middle;height:3em}#gallery-settings .describe th.label{padding-top:.5em;text-align:left}#gallery-settings .describe{padding:5px;width:615px;clear:both;cursor:default}#gallery-settings .describe select{width:15em}#gallery-settings .describe select option,#gallery-settings .describe td{padding:0}#gallery-settings label,#gallery-settings legend{font-size:13px;color:#464646;margin-right:15px}#gallery-settings .align .field label{margin:0 1em 0 3px}#gallery-settings p.ml-submit{border-top:1px solid #dfdfdf}#gallery-settings select#columns{width:6em}#sort-buttons{font-size:.8em;margin:3px 25px -8px 0;text-align:right;max-width:625px}#sort-buttons a{text-decoration:none}#sort-buttons #asc,#sort-buttons #showall{padding-left:5px}#sort-buttons span{margin-right:25px}p.media-types{margin:1em}tr.not-image{display:none}table.not-image tr.not-image{display:table-row}table.not-image tr.image-only{display:none}@media print,(-o-min-device-pixel-ratio:5/4),(-webkit-min-device-pixel-ratio:1.25),(min-resolution:120dpi){.image-align-none-label{background-image:url("../images/align-none-2x.png?ver=20120916");background-size:21px 15px}.image-align-left-label{background-image:url("../images/align-left-2x.png?ver=20120916");background-size:22px 15px}.image-align-center-label{background-image:url("../images/align-center-2x.png?ver=20120916");background-size:21px 15px}.image-align-right-label{background-image:url("../images/align-right-2x.png?ver=20120916");background-size:22px 15px}}
+div#media-upload-header{margin:0;padding:5px 5px 0;font-weight:700;position:relative;border-bottom-width:1px;border-bottom-style:solid}body#media-upload ul#sidemenu{font-weight:400;margin:0 5px;left:0;bottom:-1px;float:none;overflow:hidden}form{margin:1em}#search-filter{text-align:right}th{position:relative}.media-upload-form label.form-help,td.help{font-family:sans-serif;font-style:italic;font-weight:400}.media-upload-form p.help{margin:0;padding:0}.media-upload-form fieldset{width:100%;border:0;text-align:justify;margin:0 0 1em;padding:0}.image-align-none-label{background:url(../images/align-none.png) no-repeat center left}.image-align-left-label{background:url(../images/align-left.png) no-repeat center left}.image-align-center-label{background:url(../images/align-center.png) no-repeat center left}.image-align-right-label{background:url(../images/align-right.png) no-repeat center left}tr.image-size td{width:460px}tr.image-size div.image-size-item{margin:0 0 5px}#library-form .progress,#gallery-form .progress,.insert-gallery,.describe.startopen,.describe.startclosed{display:none}.media-item .thumbnail{max-width:128px;max-height:128px}thead.media-item-info tr{background-color:transparent}.form-table thead.media-item-info{border:8px solid #fff}abbr.required{text-decoration:none;border:0}.describe label{display:inline}.describe td.error{padding:2px 8px}.describe td.A1{width:132px}.describe input[type=text],.describe textarea{width:460px;border-width:1px;border-style:solid}#media-upload p.ml-submit{padding:1em 0}#media-upload p.help,#media-upload label.help{font-family:sans-serif;font-style:italic;font-weight:400}#media-upload .ui-sortable .media-item{cursor:move}#media-upload tr.image-size{margin-bottom:1em;height:3em}#media-upload #filter{width:623px}#media-upload #filter .subsubsub{margin:8px 0}#filter .tablenav select{border-style:solid;border-width:1px;padding:2px;vertical-align:top;width:auto}#media-upload .del-attachment{display:none;margin:5px 0}.menu_order{float:right;font-size:11px;margin:10px 10px 0}.menu_order_input{border:1px solid #ddd;font-size:10px;padding:1px;width:23px}.ui-sortable-helper{background-color:#fff;border:1px solid #aaa;opacity:.6;filter:alpha(opacity=60)}#media-upload th.order-head{width:20%;text-align:center}#media-upload th.actions-head{width:25%;text-align:center}#media-upload a.wp-post-thumbnail{margin:0 20px}#media-upload .widefat{width:626px;border-style:solid solid none}.sorthelper{height:37px;width:623px;display:block}#gallery-settings th.label{width:160px}#gallery-settings #basic th.label{padding:5px 5px 5px 0}#gallery-settings .title{clear:both;padding:0 0 3px;font-size:1.6em;border-bottom:1px solid #DADADA}h3.media-title{font-size:1.6em}h4.media-sub-title{border-bottom:1px solid #DADADA;font-size:1.3em;margin:12px;padding:0 0 3px}#gallery-settings .title,h3.media-title,h4.media-sub-title{font-family:Georgia,"Times New Roman",Times,serif;font-weight:400;color:#5A5A5A}#gallery-settings .describe td{vertical-align:middle;height:3em}#gallery-settings .describe th.label{padding-top:.5em;text-align:left}#gallery-settings .describe{padding:5px;width:615px;clear:both;cursor:default}#gallery-settings .describe select{width:15em}#gallery-settings .describe select option,#gallery-settings .describe td{padding:0}#gallery-settings label,#gallery-settings legend{font-size:13px;color:#464646;margin-right:15px}#gallery-settings .align .field label{margin:0 1em 0 3px}#gallery-settings p.ml-submit{border-top:1px solid #dfdfdf}#gallery-settings select#columns{width:6em}#sort-buttons{font-size:.8em;margin:3px 25px -8px 0;text-align:right;max-width:625px}#sort-buttons a{text-decoration:none}#sort-buttons #asc,#sort-buttons #showall{padding-left:5px}#sort-buttons span{margin-right:25px}p.media-types{margin:1em}tr.not-image{display:none}table.not-image tr.not-image{display:table-row}table.not-image tr.image-only{display:none}@media print,(-o-min-device-pixel-ratio:5/4),(-webkit-min-device-pixel-ratio:1.25),(min-resolution:120dpi){.image-align-none-label{background-image:url(../images/align-none-2x.png?ver=20120916);background-size:21px 15px}.image-align-left-label{background-image:url(../images/align-left-2x.png?ver=20120916);background-size:22px 15px}.image-align-center-label{background-image:url(../images/align-center-2x.png?ver=20120916);background-size:21px 15px}.image-align-right-label{background-image:url(../images/align-right-2x.png?ver=20120916);background-size:22px 15px}}
--- a/wp-admin/css/wp-admin-rtl.css
+++ b/wp-admin/css/wp-admin-rtl.css
@@ -691,20 +691,29 @@ form.upgrade .hint {
 .fixed .column-comments {
 	text-align: right;
 }
+
 .fixed .column-comments .vers {
 	padding-left: 0;
 	padding-right: 3px;
 }
+
 .fixed .column-comments a {
 	float: right;
 }
+
 .fixed .column-menus {
 	text-align: right;
 }
+
 .sorting-indicator {
 	margin-left: 0;
 	margin-right: 7px;
 }
+
+tr.wp-locked .locked-indicator {
+	margin: -2px 6px 0 0;
+}
+
 th.sortable a span,
 th.sorted a span {
 	float: right;
@@ -945,6 +954,23 @@ th.sorted a span {
 	padding-left: 10px;
 }

+#post-lock-dialog .post-locked-message a.button {
+	margin-right: 0;
+	margin-left: 10px;
+}
+
+#post-lock-dialog .post-locked-avatar {
+	float: right;
+	margin: 0 0 20px 20px;
+}
+
+#post-lock-dialog .locked-saving img {
+	float: right;
+	margin-right: 0;
+	margin-left: 3px;
+}
+
+
 /*------------------------------------------------------------------------------
  11.1 - Custom Fields
 ------------------------------------------------------------------------------*/
@@ -1680,37 +1706,21 @@ h2 .nav-tab {
 	float: right;
 }

+.about-wrap .feature-section.two-col div,
 .about-wrap .feature-section.three-col div {
 	margin-right: 0;
 	margin-left: 4.999999999%;
 	float: right;
 }

-.about-wrap .feature-section.three-col h4 {
-	text-align: right;
-}
-
-.about-wrap .feature-section.three-col img {
-	margin-right: 5px;
+.about-wrap .feature-section.col .last-feature {
 	margin-left: 0;
 }

-.about-wrap .feature-section.three-col .last-feature {
-	margin-left: 0;
-}
-
-.about-wrap .feature-section img {
-	margin: 0 0 10px 0.7%;
-}
-
-.about-wrap .feature-section.images-stagger-right img {
+.about-wrap .feature-section div p img {
 	float: left;
-	margin: 0 2em 12px 5px;
-}
-
-.about-wrap .feature-section.images-stagger-left img {
-	float: right;
-	margin: 0 5px 12px 2em;
+	margin-left: 0;
+	margin-right: 10px;
 }

 .about-wrap li.wp-person,
@@ -1720,19 +1730,6 @@ h2 .nav-tab {
 	margin-left: 10px;
 }

-@media only screen and (max-width: 768px) {
-	.about-wrap .feature-section img.image-66 {
-		float: none;
-	}
-
-	.about-wrap .feature-section.images-stagger-right img.image-66 {
-		margin-right: 3px;
-	}
-
-	.about-wrap .feature-section.images-stagger-left img.image-66 {
-		margin-left: 3px;
-	}
-}

 /*------------------------------------------------------------------------------
  23.0 - Misc
@@ -1766,7 +1763,7 @@ h2 .nav-tab {

 }
 .tagchecklist span a {
-	margin: 6px -9px 0pt 0pt;
+	margin: 4px -10px 0 0;
 	float: right;
 }

--- a/wp-admin/css/wp-admin-rtl.min.css
+++ b/wp-admin/css/wp-admin-rtl.min.css
--- a/wp-admin/css/wp-admin.css
+++ b/wp-admin/css/wp-admin.css
@@ -2091,7 +2091,7 @@ html.wp-toolbar {
 }

 /* one column on the post write/edit screen */
-@media only screen and (max-width: 850px) {
+@media only screen and (max-width: 960px) {
 	#wpbody-content #poststuff #post-body {
 		margin: 0;
 	}
@@ -2312,7 +2312,7 @@ html.wp-toolbar {
 }

 .wp-core-ui .welcome-panel .button.button-hero {
-    margin: 15px 0 3px;
+	margin: 15px 0 3px;
 }

 .welcome-panel-content {
@@ -2378,7 +2378,7 @@ html.wp-toolbar {
 }

 .welcome-panel .welcome-write-blog {
- 	background-position: 0 -44px;
+	background-position: 0 -44px;
 }

 .welcome-panel .welcome-panel-column ul {
@@ -2386,8 +2386,8 @@ html.wp-toolbar {
 }

 .welcome-panel .welcome-panel-column li {
-    line-height: 16px;
-    list-style-type: none;
+	line-height: 16px;
+	list-style-type: none;
 }

@media screen and (max-width: 870px) {
@@ -2552,7 +2552,7 @@ tr .locked-info {
 }

 tr.wp-locked .locked-info {
-	height: 22px;
+	height: auto;
 	opacity: 1;
 }

@@ -3162,7 +3162,7 @@ ul.category-tabs li,
 }

 .no-js .category-tabs li.hide-if-no-js {
- 	display: none;
+	display: none;
 }

 .category-tabs a,
@@ -3681,8 +3681,10 @@ body.folded .revisions .loading-indicator {
 }

 table.diff {
+	table-layout: fixed;
 	width: 100%;
 	white-space: pre-wrap;
+	word-wrap: break-word;
 }

 table.diff col.content {
@@ -3817,7 +3819,7 @@ table.diff .diff-addedline ins {
 	-moz-transform: rotate(45deg);
 	-ms-transform: rotate(45deg);
 	-o-transform: rotate(45deg);
-	tranform: rotate(45deg);
+	transform: rotate(45deg);
 }

 .revisions-tooltip.flipped .revisions-tooltip-arrow > span {
@@ -5314,6 +5316,54 @@ h3.available-themes {
 	margin: 0;
 }

+/* Allow for three-up in small windows when sidebar is collapsed */
+@media only screen and (max-width: 1200px) {
+	.folded .available-theme,
+	.folded .available-theme .screenshot {
+		width: 300px;
+	}
+
+	.folded .available-theme .screenshot {
+		height: 225px;
+	}
+
+	.folded #current-theme img {
+		width: 300px;
+	}
+
+	.folded #current-theme.has-screenshot {
+		padding-left: 330px;
+	}
+
+	.folded #current-theme img {
+		margin-left: -330px;
+	}
+}
+
+/* Adjust three-up display in smaller windows when sidebar is collapsed */
+@media only screen and (max-width: 1079px) {
+	.folded .available-theme,
+	.folded .available-theme .screenshot {
+		width: 270px;
+	}
+
+	.folded .available-theme .screenshot {
+		height: 203px;
+	}
+
+	.folded #current-theme img {
+		width: 270px;
+	}
+
+	.folded #current-theme.has-screenshot {
+		padding-left: 300px;
+	}
+
+	.folded #current-theme img {
+		margin-left: -300px;
+	}
+}
+
 /* Allow for three-up on 1024px wide screens, e.g. tablets */
@media only screen and (max-width: 1200px) {
 	.available-theme,
@@ -5496,7 +5546,7 @@ h2 .nav-tab {
 	list-style-type: disc;
 }

-.plugins .row-actions-visible {
+.plugins .row-actions {
 	padding: 0;
 }

@@ -5528,12 +5578,12 @@ h2 .nav-tab {
 }

 .plugins .second,
-.plugins .row-actions-visible {
+.plugins .row-actions {
 	padding: 0 0 5px;
 }

 .plugins .update .second,
-.plugins .update .row-actions-visible {
+.plugins .update .row-actions {
 	padding-bottom: 0;
 }

@@ -5716,6 +5766,16 @@ h2 .nav-tab {
 	display: none !important;
 }

+.about-wrap p.about-notice {
+	background-color: #ffffe0;
+	border: 1px solid #e6db55;
+	margin: 5px 0 15px;
+	padding: 0.4em 0.8em;
+	border-radius: 3px;
+	-webkit-border-radius: 3px;
+}
+
+
 /* Typography */

 .about-wrap p {
@@ -5749,8 +5809,8 @@ h2 .nav-tab {
 }

 .about-wrap h3 {
-	font-size: 24px;
-	margin-bottom: 1em;
+	font-size: 1.5em;
+	line-height: 1.5em;
 	padding-top: 20px;
 }

@@ -5823,69 +5883,18 @@ h2 .nav-tab {

 /* Changelog / Update screen */

-.about-wrap .feature-section img {
-	border: none;
-	margin: 0 1.94% 10px 0;
-	-webkit-border-radius: 3px;
-	border-radius: 3px;
-}
-
 .about-wrap .feature-section.three-col img {
 	margin: 0.5em 0 0.5em 5px;
 	max-width: 100%;
 	float: none;
 }

-.ie8 .about-wrap .feature-section.three-col img {
-	margin-left: 0;
-}
-
-.about-wrap .feature-section.images-stagger-right img {
-	float: right;
-	margin: 0 5px 12px 2em;
-}
-
-.about-wrap .feature-section.images-stagger-left img {
-	float: left;
-	margin: 0 2em 12px 5px;
-}
-
-.about-wrap .feature-section img.image-100 {
-	margin: 0 0 2em 0;
-	width: 100%;
-}
-
-.about-wrap .feature-section img.image-66 {
-	width: 65%;
-}
-
-.about-wrap .feature-section img.image-50 {
-	max-width: 50%;
-}
-
-.about-wrap .feature-section img.image-30 {
-	max-width: 31.2381%;
-}
-
-.ie8 .about-wrap .feature-section img {
-	border-width: 1px;
-	border-style: solid;
-}
-
-.about-wrap .images-stagger-right img.image-30:nth-child(2) {
-	margin-left: 1em;
-}
-
 .about-wrap .feature-section.col {
 	margin-bottom: 0;
 }

 .about-wrap .feature-section.col h4 {
-	margin:  0 0 0.6em 0;
-}
-
-.about-wrap .feature-section.col .last-feature {
-	margin-right: 0;
+	margin: 0 0 0.6em 0;
 }

 .about-wrap .feature-section.two-col div {
@@ -5900,53 +5909,77 @@ h2 .nav-tab {
 	float: left;
 }

-.about-wrap .three-col-images {
-	text-align: center;
+.about-wrap .three-col.about-updates .col-1,
+.about-wrap .three-col.about-updates .col-3 {
+	width: 37%;
+	margin: 0;
 }

-.about-wrap .three-col-images img {
-	margin: 0 0 10px;
+.about-wrap .three-col.about-updates .col-2 {
+	width: 16%;
+	margin: 0 5%;
 }

-.about-wrap .three-col-images .last-feature {
-	float: right;
+.about-wrap .feature-section.col .last-feature {
+	margin-right: 0;
 }

-.about-wrap .three-col-images .first-feature {
-	float: left;
+.about-wrap .three-col.about-updates img {
+	margin: 0;
 }

 .about-wrap .changelog .feature-section {
 	overflow: hidden;
 }

+.about-wrap .about-passwords {
+	margin: 20px 0;
+	padding: 1px 20px 10px;
+	background-color: #f9f9f9;
+}
+
+.about-wrap .about-auto-update {
+	text-align: center;
+	background-color: #f9f9ef;
+	clear: both;
+	padding: 10px;
+}
+
+.about-wrap .about-auto-update.cool {
+	background-color: #eff9ef;
+}
+
+.about-wrap .about-password-meter input {
+	font-size: 250%;
+	line-height: 1;
+	width: 100%;
+	display: block;
+	padding: 5px;
+}
+
+.about-wrap .about-password-meter #pass-strength-result {
+	display: block !important;
+	font-size: 150%;
+	font-weight: normal !important;
+	-webkit-box-sizing: border-box;
+	-moz-box-sizing:    border-box;
+	box-sizing:         border-box;
+	width: 100%;
+	padding: 17px 0;
+	margin-bottom: 15px;
+}
+
+.about-wrap .feature-section div p img {
+	float: right;
+	margin-left: 10px;
+	max-width: 20%;
+}
+
 .about-wrap .changelog li {
 	list-style-type: disc;
 	margin-left: 3em;
 }

-@media only screen and (max-width: 900px) {
-	.about-wrap .feature-section.images-stagger-left img,
-	.about-wrap .feature-section.images-stagger-right img {
-		clear: both;
-	}
-}
-
-@media only screen and (max-width: 768px) {
-	.about-wrap .feature-section img.image-66 {
-		float: none;
-		width: 98%;
-		max-width: 98%;
-	}
-
-	.about-wrap .feature-section.images-stagger-right img.image-66 {
-		margin-left: 3px;
-	}
-
-	.about-wrap .feature-section.images-stagger-left img.image-66 {
-		margin-right: 3px;
-	}
-}

 /* Return to Dashboard Home link */

@@ -5970,7 +6003,7 @@ h2 .nav-tab {

 .about-wrap ul.wp-people-group {
 	overflow: hidden;
-	padding: 5px;
+	padding: 0 5px;
 	margin: 0 -15px 0 -5px;
 }

@@ -6384,15 +6417,14 @@ p.pagenav {
 	padding: 2px 0 0;
 }

-.mobile .row-actions {
-	visibility: visible;
-}
-
 tr:hover .row-actions,
+.mobile .row-actions,
+.row-actions.visible,
 div.comment-item:hover .row-actions {
 	visibility: visible;
 }

+/* deprecated */
 .row-actions-visible {
 	padding: 2px 0 0;
 }
@@ -6425,7 +6457,7 @@ table.form-table td .updated {
 	cursor: default;
 }
 .tagchecklist span a {
-	margin: 6px 0pt 0pt -9px;
+	margin: 4px 0 0 -10px;
 	cursor: pointer;
 	width: 10px;
 	height: 10px;
@@ -6566,6 +6598,14 @@ body.iframe {
 	height: 98%;
 }

+/* Upgrader styles, Specific to Language Packs */
+.lp-show-latest p {
+	display: none;
+}
+.lp-show-latest p:last-child,
+.lp-show-latest .lp-error p {
+	display: block;
+}

 /* - Only used once or twice in all of WP - deprecate for global style
 ------------------------------------------------------------------------------*/
@@ -7842,8 +7882,9 @@ body.interim-login {
 	font-weight: bold;
 	padding: 7px 0;
 	line-height: 20px;
-	display:block;
-	margin-right:13em;
+	min-height: 20px;
+	display: block;
+	margin-right: 13em;
 }

 /* Sortables */
@@ -8550,11 +8591,6 @@ input.newtag:focus ~ div.taghint {
 	visibility: hidden;
 }

-/* TinyMCE */
-#mce_fullscreen_container {
-	background: #fff;
-}
-
 #photo-add-url-div input[type="text"] {
 	width: 300px;
 }
@@ -9221,20 +9257,20 @@ a.widget-control-edit {
  (min-resolution: 120dpi) {

 	.press-this .tagchecklist span a {
-	 	background-image: url('../images/xit-2x.gif');
-	 	background-size: 20px auto;
+		background-image: url('../images/xit-2x.gif');
+		background-size: 20px auto;
 	 }

 	.js .postbox:hover .handlediv,
 	.js .stuffbox:hover .handlediv,
 	.widget-top a.widget-action {
-	 	background-image: url('../images/arrows-2x.png');
-	 	background-size: 15px 123px;
+		background-image: url('../images/arrows-2x.png');
+		background-size: 15px 123px;
 	 }

 	.widget-top a.widget-action:hover {
-	 	background-image: url('../images/arrows-dark-2x.png');
-	 	background-size: 15px 123px;
+		background-image: url('../images/arrows-dark-2x.png');
+		background-size: 15px 123px;
 	}

 	.post-com-count {
@@ -9293,8 +9329,8 @@ a.widget-control-edit {
 	}

 	.wp-full-overlay .collapse-sidebar-arrow {
-	 	background-image: url('../images/arrows-2x.png');
-	 	background-size: 15px 123px;
+		background-image: url('../images/arrows-2x.png');
+		background-size: 15px 123px;
 	 }

 	.pressthis a span {
--- a/wp-admin/css/wp-admin.min.css
+++ b/wp-admin/css/wp-admin.min.css
--- a/wp-admin/custom-background.php
+++ b/wp-admin/custom-background.php
@@ -67,11 +67,11 @@ class Custom_Background {
 		if ( ! current_user_can('edit_theme_options') )
 			return;

-		$this->page = $page = add_theme_page(__('Background'), __('Background'), 'edit_theme_options', 'custom-background', array(&$this, 'admin_page'));
+		$this->page = $page = add_theme_page(__('Background'), __('Background'), 'edit_theme_options', 'custom-background', array($this, 'admin_page'));

-		add_action("load-$page", array(&$this, 'admin_load'));
-		add_action("load-$page", array(&$this, 'take_action'), 49);
-		add_action("load-$page", array(&$this, 'handle_upload'), 49);
+		add_action("load-$page", array($this, 'admin_load'));
+		add_action("load-$page", array($this, 'take_action'), 49);
+		add_action("load-$page", array($this, 'handle_upload'), 49);

 		if ( $this->admin_header_callback )
 			add_action("admin_head-$page", $this->admin_header_callback, 51);
@@ -386,7 +386,8 @@ if ( current_theme_supports( 'custom-background', 'default-color' ) )
 		$thumbnail = wp_get_attachment_image_src( $id, 'thumbnail' );
 		set_theme_mod('background_image_thumb', esc_url_raw( $thumbnail[0] ) );

-		do_action('wp_create_file_in_uploads', $file, $id); // For replication
+		/** This action is documented in wp-admin/custom-header.php */
+		do_action( 'wp_create_file_in_uploads', $file, $id ); // For replication
 		$this->updated = true;
 	}

@@ -411,6 +412,7 @@ if ( current_theme_supports( 'custom-background', 'default-color' ) )
 	public function wp_set_background_image() {
 		if ( ! current_user_can('edit_theme_options') || ! isset( $_POST['attachment_id'] ) ) exit;
 		$attachment_id = absint($_POST['attachment_id']);
+		/** This filter is documented in wp-admin/includes/media.php */
 		$sizes = array_keys(apply_filters( 'image_size_names_choose', array('thumbnail' => __('Thumbnail'), 'medium' => __('Medium'), 'large' => __('Large'), 'full' => __('Full Size')) ));
 		$size = 'thumbnail';
 		if ( in_array( $_POST['size'], $sizes ) )
--- a/wp-admin/custom-header.php
+++ b/wp-admin/custom-header.php
@@ -84,13 +84,13 @@ class Custom_Image_Header {
 		if ( ! current_user_can('edit_theme_options') )
 			return;

-		$this->page = $page = add_theme_page(__('Header'), __('Header'), 'edit_theme_options', 'custom-header', array(&$this, 'admin_page'));
+		$this->page = $page = add_theme_page(__('Header'), __('Header'), 'edit_theme_options', 'custom-header', array($this, 'admin_page'));

-		add_action("admin_print_scripts-$page", array(&$this, 'js_includes'));
-		add_action("admin_print_styles-$page", array(&$this, 'css_includes'));
-		add_action("admin_head-$page", array(&$this, 'help') );
-		add_action("admin_head-$page", array(&$this, 'take_action'), 50);
-		add_action("admin_head-$page", array(&$this, 'js'), 50);
+		add_action("admin_print_scripts-$page", array($this, 'js_includes'));
+		add_action("admin_print_styles-$page", array($this, 'css_includes'));
+		add_action("admin_head-$page", array($this, 'help') );
+		add_action("admin_head-$page", array($this, 'take_action'), 50);
+		add_action("admin_head-$page", array($this, 'js'), 50);
 		if ( $this->admin_header_callback )
 			add_action("admin_head-$page", $this->admin_header_callback, 51);
 	}
@@ -464,6 +464,7 @@ class Custom_Image_Header {
 <table class="form-table">
 <tbody>

+<?php if ( get_custom_header() || display_header_text() ) : ?>
 <tr valign="top">
 <th scope="row"><?php _e( 'Preview' ); ?></th>
 <td>
@@ -490,6 +491,8 @@ class Custom_Image_Header {
 	<?php } ?>
 </td>
 </tr>
+<?php endif; ?>
+
 <?php if ( current_theme_supports( 'custom-header', 'uploads' ) ) : ?>
 <tr valign="top">
 <th scope="row"><?php _e( 'Select Image' ); ?></th>
@@ -630,6 +633,11 @@ if ( current_theme_supports( 'custom-header', 'default-text-color' ) ) {
 </table>
 <?php endif;

+/**
+ * Fires just before the submit button in the custom header options form.
+ *
+ * @since 3.1.0
+ */
 do_action( 'custom_header_options' );

 wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>
@@ -687,7 +695,16 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>

 			$this->set_header_image( compact( 'url', 'attachment_id', 'width', 'height' ) );

-			do_action('wp_create_file_in_uploads', $file, $attachment_id); // For replication
+			/**
+			 * Fires after the header image is set or an error is returned.
+			 *
+			 * @since 2.1.0
+			 *
+			 * @param string $file          Path to the file.
+			 * @param int    $attachment_id Attachment ID.
+			 */
+			do_action( 'wp_create_file_in_uploads', $file, $attachment_id ); // For replication
+
 			return $this->finished();
 		} elseif ( $width > $max_width ) {
 			$oitar = $width / $max_width;
@@ -695,7 +712,8 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>
 			if ( ! $image || is_wp_error( $image ) )
 				wp_die( __( 'Image could not be processed. Please go back and try again.' ), __( 'Image Processing Error' ) );

-			$image = apply_filters('wp_create_file_in_uploads', $image, $attachment_id); // For replication
+			/** This filter is documented in wp-admin/custom-header.php */
+			$image = apply_filters( 'wp_create_file_in_uploads', $image, $attachment_id ); // For replication

 			$url = str_replace(basename($url), basename($image), $url);
 			$width = $width / $oitar;
@@ -836,7 +854,8 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>
 		if ( ! $cropped || is_wp_error( $cropped ) )
 			wp_die( __( 'Image could not be processed. Please go back and try again.' ), __( 'Image Processing Error' ) );

-		$cropped = apply_filters('wp_create_file_in_uploads', $cropped, $attachment_id); // For replication
+		/** This filter is documented in wp-admin/custom-header.php */
+		$cropped = apply_filters( 'wp_create_file_in_uploads', $cropped, $attachment_id ); // For replication

 		$parent = get_post($attachment_id);
 		$parent_url = $parent->guid;
@@ -867,10 +886,21 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>

 		// cleanup
 		$medium = str_replace( basename( $original ), 'midsize-' . basename( $original ), $original );
-		if ( file_exists( $medium ) )
+		if ( file_exists( $medium ) ) {
+			/**
+			 * Filter the path of the file to delete.
+			 *
+			 * @since 2.1.0
+			 *
+			 * @param string $medium Path to the file to delete.
+			 */
 			@unlink( apply_filters( 'wp_delete_file', $medium ) );
-		if ( empty( $_POST['create-new-attachment'] ) && empty( $_POST['skip-cropping'] ) )
+		}
+
+		if ( empty( $_POST['create-new-attachment'] ) && empty( $_POST['skip-cropping'] ) ) {
+			/** This filter is documented in wp-admin/custom-header.php */
 			@unlink( apply_filters( 'wp_delete_file', $original ) );
+		}

 		return $this->finished();
 	}
--- a/wp-admin/customize.php
+++ b/wp-admin/customize.php
@@ -9,15 +9,16 @@

 define( 'IFRAME_REQUEST', true );

-require_once( './admin.php' );
+require_once( dirname( __FILE__ ) . '/admin.php' );
 if ( ! current_user_can( 'edit_theme_options' ) )
 	wp_die( __( 'Cheatin&#8217; uh?' ) );

 wp_reset_vars( array( 'url', 'return' ) );
 $url = urldecode( $url );
+$url = esc_url_raw( $url );
 $url = wp_validate_redirect( $url, home_url( '/' ) );
 if ( $return )
-	$return = wp_validate_redirect( urldecode( $return ) );
+	$return = wp_validate_redirect( esc_url_raw( urldecode( $return ) ) );
 if ( ! $return )
 	$return = $url;

@@ -31,6 +32,11 @@ add_action( 'customize_controls_print_scripts',        'print_head_scripts', 20
 add_action( 'customize_controls_print_footer_scripts', '_wp_footer_scripts'     );
 add_action( 'customize_controls_print_styles',         'print_admin_styles', 20 );

+/**
+ * Fires when Customizer controls are initialized, before scripts are enqueued.
+ *
+ * @since 3.4.0
+ */
 do_action( 'customize_controls_init' );

 wp_enqueue_script( 'customize-controls' );
@@ -38,6 +44,11 @@ wp_enqueue_style( 'customize-controls' );

 wp_enqueue_script( 'accordion' );

+/**
+ * Enqueue Customizer control scripts.
+ *
+ * @since 3.4.0
+ */
 do_action( 'customize_controls_enqueue_scripts' );

 // Let's roll.
@@ -66,7 +77,18 @@ $body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '
 $admin_title = sprintf( __( '%1$s &#8212; WordPress' ), strip_tags( sprintf( __( 'Customize %s' ), $wp_customize->theme()->display('Name') ) ) );
 ?><title><?php echo $admin_title; ?></title><?php

+/**
+ * Print Customizer control styles.
+ *
+ * @since 3.4.0
+ */
 do_action( 'customize_controls_print_styles' );
+
+/**
+ * Print Customizer control scripts.
+ *
+ * @since 3.4.0
+ */
 do_action( 'customize_controls_print_scripts' );
 ?>
 </head>
@@ -129,6 +151,11 @@ do_action( 'customize_controls_print_scripts' );
 	<div id="customize-preview" class="wp-full-overlay-main"></div>
 	<?php

+	/**
+	 * Print Customizer control scripts in the footer.
+	 *
+	 * @since 3.4.0
+	 */
 	do_action( 'customize_controls_print_footer_scripts' );

 	// If the frontend and the admin are served from the same domain, load the
@@ -146,6 +173,13 @@ do_action( 'customize_controls_print_scripts' );
 	if ( is_ssl() && ! $cross_domain )
 		$allowed_urls[] = home_url( '/', 'https' );

+	/**
+	 * Filter the list of URLs allowed to be clicked and followed in the Customizer preview.
+	 *
+	 * @since 3.4.0
+	 *
+	 * @param array $allowed_urls An array of allowed URLs.
+	 */
 	$allowed_urls = array_unique( apply_filters( 'customize_allowed_urls', $allowed_urls ) );

 	$fallback_url = add_query_arg( array(
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -7,7 +7,7 @@
 */

 /** WordPress Administration Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
 if ( !current_user_can('edit_posts') )
 	wp_die(__('Cheatin&#8217; uh?'));

@@ -136,7 +136,7 @@ get_current_screen()->set_help_sidebar(
 	'<p>' . __( '<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
 );

-require_once('./admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 ?>

 <div class="wrap">
@@ -153,7 +153,7 @@ else
 	echo __('Comments');

 if ( isset($_REQUEST['s']) && $_REQUEST['s'] )
-	printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50, '&hellip;' ) ) . '</span>' ); ?>
+	echo '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50, '&hellip;' ) ) . '</span>'; ?>
 </h2>

 <?php
@@ -252,4 +252,4 @@ if ( isset($_REQUEST['approved']) || isset($_REQUEST['deleted']) || isset($_REQU
 <?php
 wp_comment_reply('-1', true, 'detail');
 wp_comment_trashnotice();
-include('./admin-footer.php'); ?>
+include( ABSPATH . 'wp-admin/admin-footer.php' ); ?>
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -32,6 +32,9 @@ if ( post_type_supports($post_type, 'editor') || post_type_supports($post_type,
 // Add the local autosave notice HTML
 add_action( 'admin_footer', '_local_storage_notice' );

+/*
+ * @todo Document the $messages array(s).
+ */
 $messages = array();
 $messages['post'] = array(
 	 0 => '', // Unused. Messages start at index 1.
@@ -64,6 +67,13 @@ $messages['page'] = array(
 );
 $messages['attachment'] = array_fill( 1, 10, __( 'Media attachment updated.' ) ); // Hack, for now.

+/**
+ * Filter the post updated messages.
+ *
+ * @since 3.0.0
+ *
+ * @param array $messages Post updated messages. For defaults @see $messages declarations above.
+ */
 $messages = apply_filters( 'post_updated_messages', $messages );

 $message = false;
@@ -107,22 +117,18 @@ if ( $autosave && mysql2date( 'U', $autosave->post_modified_gmt, false ) > mysql
 $post_type_object = get_post_type_object($post_type);

 // All meta boxes should be defined and added before the first do_meta_boxes() call (or potentially during the do_meta_boxes action).
-require_once('./includes/meta-boxes.php');
+require_once( ABSPATH . 'wp-admin/includes/meta-boxes.php' );


 $publish_callback_args = null;
 if ( post_type_supports($post_type, 'revisions') && 'auto-draft' != $post->post_status ) {
 	$revisions = wp_get_post_revisions( $post_ID );

-	// Check if the revisions have been upgraded
-	if ( ! empty( $revisions ) && _wp_get_post_revision_version( end( $revisions ) ) < 1 )
-		_wp_upgrade_revisions_of_post( $post, $revisions );
-
 	// We should aim to show the revisions metabox only when there are revisions.
 	if ( count( $revisions ) > 1 ) {
 		reset( $revisions ); // Reset pointer for key()
 		$publish_callback_args = array( 'revisions_count' => count( $revisions ), 'revision_id' => key( $revisions ) );
-		// add_meta_box('revisionsdiv', __('Revisions'), 'post_revisions_meta_box', null, 'normal', 'core');
+		add_meta_box('revisionsdiv', __('Revisions'), 'post_revisions_meta_box', null, 'normal', 'core');
 	}
 }

@@ -140,16 +146,18 @@ if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post_type,

 // all taxonomies
 foreach ( get_object_taxonomies( $post ) as $tax_name ) {
-	$taxonomy = get_taxonomy($tax_name);
+	$taxonomy = get_taxonomy( $tax_name );
 	if ( ! $taxonomy->show_ui )
 		continue;

 	$label = $taxonomy->labels->name;

-	if ( !is_taxonomy_hierarchical($tax_name) )
-		add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', null, 'side', 'core', array( 'taxonomy' => $tax_name ));
+	if ( ! is_taxonomy_hierarchical( $tax_name ) )
+		$tax_meta_box_id = 'tagsdiv-' . $tax_name;
 	else
-		add_meta_box($tax_name . 'div', $label, 'post_categories_meta_box', null, 'side', 'core', array( 'taxonomy' => $tax_name ));
+		$tax_meta_box_id = $tax_name . 'div';
+
+	add_meta_box( $tax_meta_box_id, $label, $taxonomy->meta_box_cb, null, 'side', 'core', array( 'taxonomy' => $tax_name ) );
 }

 if ( post_type_supports($post_type, 'page-attributes') )
@@ -174,7 +182,16 @@ if ( post_type_supports($post_type, 'trackbacks') )
 if ( post_type_supports($post_type, 'custom-fields') )
 	add_meta_box('postcustom', __('Custom Fields'), 'post_custom_meta_box', null, 'normal', 'core');

-do_action('dbx_post_advanced', $post);
+/**
+ * Fires in the middle of built-in meta box registration.
+ *
+ * @since 2.1.0
+ * @deprecated 3.7.0 Use 'add_meta_boxes' instead.
+ *
+ * @param WP_Post $post Post object.
+ */
+do_action( 'dbx_post_advanced', $post );
+
 if ( post_type_supports($post_type, 'comments') )
 	add_meta_box('commentstatusdiv', __('Discussion'), 'post_comment_status_meta_box', null, 'normal', 'core');

@@ -189,12 +206,43 @@ if ( post_type_supports($post_type, 'author') ) {
 		add_meta_box('authordiv', __('Author'), 'post_author_meta_box', null, 'normal', 'core');
 }

-do_action('add_meta_boxes', $post_type, $post);
-do_action('add_meta_boxes_' . $post_type, $post);
+/**
+ * Fires after all built-in meta boxes have been added.
+ *
+ * @since 3.0.0
+ *
+ * @param string  $post_type Post type.
+ * @param WP_Post $post      Post object.
+ */
+do_action( 'add_meta_boxes', $post_type, $post );

-do_action('do_meta_boxes', $post_type, 'normal', $post);
-do_action('do_meta_boxes', $post_type, 'advanced', $post);
-do_action('do_meta_boxes', $post_type, 'side', $post);
+/**
+ * Fires after all built-in meta boxes have been added, contextually for the given post type.
+ *
+ * The dynamic portion of the hook, $post_type, refers to the post type of the post.
+ *
+ * @since 3.0.0
+ *
+ * @param WP_Post $post Post object.
+ */
+do_action( 'add_meta_boxes_' . $post_type, $post );
+
+/**
+ * Fires after meta boxes have been added.
+ *
+ * Fires once for each of the default meta box contexts: normal, advanced, and side.
+ *
+ * @since 3.0.0
+ *
+ * @param string  $post_type Post type of the post.
+ * @param string  $context   string  Meta box context.
+ * @param WP_Post $post      Post object.
+ */
+do_action( 'do_meta_boxes', $post_type, 'normal', $post );
+/** This action is documented in wp-admin/edit-form-advanced.php */
+do_action( 'do_meta_boxes', $post_type, 'advanced', $post );
+/** This action is documented in wp-admin/edit-form-advanced.php */
+do_action( 'do_meta_boxes', $post_type, 'side', $post );

 add_screen_option('layout_columns', array('max' => 2, 'default' => 2) );

@@ -307,7 +355,7 @@ if ( 'post' == $post_type ) {
 	) );
 }

-require_once('./admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 ?>

 <div class="wrap">
@@ -315,7 +363,7 @@ require_once('./admin-header.php');
 <h2><?php
 echo esc_html( $title );
 if ( isset( $post_new_file ) && current_user_can( $post_type_object->cap->create_posts ) )
-	echo ' <a href="' . esc_url( $post_new_file ) . '" class="add-new-h2">' . esc_html( $post_type_object->labels->add_new ) . '</a>';
+	echo ' <a href="' . esc_url( admin_url( $post_new_file ) ) . '" class="add-new-h2">' . esc_html( $post_type_object->labels->add_new ) . '</a>';
 ?></h2>
 <?php if ( $notice ) : ?>
 <div id="notice" class="error"><p id="has-newer-autosave"><?php echo $notice ?></p></div>
@@ -328,8 +376,16 @@ if ( isset( $post_new_file ) && current_user_can( $post_type_object->cap->create
 	<span class="hide-if-no-sessionstorage"><?php _e( 'We&#8217;re backing up this post in your browser, just in case.' ); ?></span>
 	</p>
 </div>
-
-<form name="post" action="post.php" method="post" id="post"<?php do_action('post_edit_form_tag', $post); ?>>
+<?php
+/**
+ * Fires inside the post editor <form> tag.
+ *
+ * @since 3.0.0
+ *
+ * @param WP_Post $post Post object.
+ */
+?>
+<form name="post" action="post.php" method="post" id="post"<?php do_action( 'post_edit_form_tag', $post ); ?>>
 <?php wp_nonce_field($nonce_action); ?>
 <input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr( $form_action ) ?>" />
@@ -352,6 +408,18 @@ wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false );
 wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false );
 ?>

+<?php
+/**
+ * Fires at the beginning of the edit form.
+ *
+ * At this point, the required hidden fields and nonces have already been output.
+ *
+ * @since 3.7.0
+ *
+ * @param WP_Post $post Post object.
+ */
+do_action( 'edit_form_top', $post ); ?>
+
 <div id="poststuff">
 <div id="post-body" class="metabox-holder columns-<?php echo 1 == get_current_screen()->get_columns() ? '1' : '2'; ?>">
 <div id="post-body-content">
@@ -359,6 +427,16 @@ wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false );
 <?php if ( post_type_supports($post_type, 'title') ) { ?>
 <div id="titlediv">
 <div id="titlewrap">
+	<?php
+	/**
+	 * Filter the title field placeholder text.
+	 *
+	 * @since 3.1.0
+	 *
+	 * @param string  $text Placeholder text. Default 'Enter title here'.
+	 * @param WP_Post $post Post object.
+	 */
+	?>
 	<label class="screen-reader-text" id="title-prompt-text" for="title"><?php echo apply_filters( 'enter_title_here', __( 'Enter title here' ), $post ); ?></label>
 	<input type="text" name="post_title" size="30" value="<?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
 </div>
@@ -366,7 +444,8 @@ wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false );
 <?php
 $sample_permalink_html = $post_type_object->public ? get_sample_permalink_html($post->ID) : '';
 $shortlink = wp_get_shortlink($post->ID, 'post');
-if ( !empty($shortlink) )
+$permalink = get_permalink( $post->ID );
+if ( !empty( $shortlink ) && $shortlink !== $permalink && $permalink !== home_url('?page_id=' . $post->ID) )
    $sample_permalink_html .= '<input id="shortlink" type="hidden" value="' . esc_attr($shortlink) . '" /><a href="#" class="button button-small" onclick="prompt(&#39;URL:&#39;, jQuery(\'#shortlink\').val()); return false;">' . __('Get Shortlink') . '</a>';

 if ( $post_type_object->public && ! ( 'pending' == get_post_status( $post ) && !current_user_can( $post_type_object->cap->publish_posts ) ) ) {
@@ -388,7 +467,13 @@ wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false );
 </div><!-- /titlediv -->
 <?php
 }
-
+/**
+ * Fires after the title field.
+ *
+ * @since 3.5.0
+ *
+ * @param WP_Post $post Post object.
+ */
 do_action( 'edit_form_after_title', $post );

 if ( post_type_supports($post_type, 'editor') ) {
@@ -407,8 +492,7 @@ if ( post_type_supports($post_type, 'editor') ) {
 <?php
 	if ( 'auto-draft' != $post->post_status ) {
 		echo '<span id="last-edit">';
-		if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) {
-			$last_user = get_userdata($last_id);
+		if ( $last_user = get_userdata( get_post_meta( $post_ID, '_edit_last', true ) ) ) {
 			printf(__('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
 		} else {
 			printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
@@ -420,7 +504,13 @@ if ( post_type_supports($post_type, 'editor') ) {

 </div>
 <?php }
-
+/**
+ * Fires after the content editor.
+ *
+ * @since 3.5.0
+ *
+ * @param WP_Post $post Post object.
+ */
 do_action( 'edit_form_after_editor', $post );
 ?>
 </div><!-- /post-body-content -->
@@ -428,10 +518,31 @@ do_action( 'edit_form_after_editor', $post );
 <div id="postbox-container-1" class="postbox-container">
 <?php

-if ( 'page' == $post_type )
-	do_action('submitpage_box', $post);
-else
-	do_action('submitpost_box', $post);
+if ( 'page' == $post_type ) {
+	/**
+	 * Fires before meta boxes with 'side' context are output for the 'page' post type.
+	 *
+	 * The submitpage box is a meta box with 'side' context, so this hook fires just before it is output.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param WP_Post $post Post object.
+	 */
+	do_action( 'submitpage_box', $post );
+}
+else {
+	/**
+	 * Fires before meta boxes with 'side' context are output for all post types other than 'page'.
+	 *
+	 * The submitpost box is a meta box with 'side' context, so this hook fires just before it is output.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param WP_Post $post Post object.
+	 */
+	do_action( 'submitpost_box', $post );
+}
+

 do_meta_boxes($post_type, 'side', $post);

@@ -442,18 +553,41 @@ do_meta_boxes($post_type, 'side', $post);

 do_meta_boxes(null, 'normal', $post);

-if ( 'page' == $post_type )
-	do_action('edit_page_form', $post);
-else
-	do_action('edit_form_advanced', $post);
+if ( 'page' == $post_type ) {
+	/**
+	 * Fires after 'normal' context meta boxes have been output for the 'page' post type.
+	 *
+	 * @since 1.5.2
+	 *
+	 * @param WP_Post $post Post object.
+	 */
+	do_action( 'edit_page_form', $post );
+}
+else {
+	/**
+	 * Fires after 'normal' context meta boxes have been output for all post types other than 'page'.
+	 *
+	 * @since 1.5.2
+	 *
+	 * @param WP_Post $post Post object.
+	 */
+	do_action( 'edit_form_advanced', $post );
+}
+

 do_meta_boxes(null, 'advanced', $post);

 ?>
 </div>
 <?php
-
-do_action('dbx_post_sidebar', $post);
+/**
+ * Fires after all meta box sections have been output, before the closing #post-body div.
+ *
+ * @since 2.1.0
+ *
+ * @param WP_Post $post Post object.
+ */
+do_action( 'dbx_post_sidebar', $post );

 ?>
 </div><!-- /post-body -->
@@ -467,7 +601,7 @@ if ( post_type_supports( $post_type, 'comments' ) )
 	wp_comment_reply();
 ?>

-<?php if ( (isset($post->post_title) && '' == $post->post_title) || (isset($_GET['message']) && 2 > $_GET['message']) ) : ?>
+<?php if ( post_type_supports( $post_type, 'title' ) && '' === $post->post_title ) : ?>
 <script type="text/javascript">
 try{document.post.title.focus();}catch(e){}
 </script>
--- a/wp-admin/edit-form-comment.php
+++ b/wp-admin/edit-form-comment.php
@@ -85,13 +85,19 @@ if ( !defined('ABSPATH') )

 <div id="misc-publishing-actions">

-<div class="misc-pub-section" id="comment-status-radio">
+<div class="misc-pub-section misc-pub-comment-status" id="comment-status-radio">
 <label class="approved"><input type="radio"<?php checked( $comment->comment_approved, '1' ); ?> name="comment_status" value="1" /><?php /* translators: comment type radio button */ _ex('Approved', 'adjective') ?></label><br />
 <label class="waiting"><input type="radio"<?php checked( $comment->comment_approved, '0' ); ?> name="comment_status" value="0" /><?php /* translators: comment type radio button */ _ex('Pending', 'adjective') ?></label><br />
 <label class="spam"><input type="radio"<?php checked( $comment->comment_approved, 'spam' ); ?> name="comment_status" value="spam" /><?php /* translators: comment type radio button */ _ex('Spam', 'adjective'); ?></label>
 </div>

-<div class="misc-pub-section curtime">
+<?php if ( $ip = get_comment_author_IP() ) : ?>
+<div class="misc-pub-section misc-pub-comment-author-ip">
+	<?php _e( 'IP address:' ); ?> <strong><a href="<?php echo esc_url( sprintf( 'http://whois.arin.net/rest/ip/%s', $ip ) ); ?>"><?php echo esc_html( $ip ); ?></a></strong>
+</div>
+<?php endif; ?>
+
+<div class="misc-pub-section curtime misc-pub-curtime">
 <?php
 // translators: Publish box date format, see http://php.net/date
 $datef = __( 'M j, Y @ G:i' );
--- a/wp-admin/edit-link-form.php
+++ b/wp-admin/edit-link-form.php
@@ -22,7 +22,7 @@ if ( ! empty($link_id) ) {
 	$nonce_action = 'add-bookmark';
 }

-require_once('./includes/meta-boxes.php');
+require_once( ABSPATH . 'wp-admin/includes/meta-boxes.php' );

 add_meta_box('linksubmitdiv', __('Save'), 'link_submit_meta_box', null, 'side', 'core');
 add_meta_box('linkcategorydiv', __('Categories'), 'link_categories_meta_box', null, 'normal', 'core');
@@ -33,8 +33,11 @@ add_meta_box('linkadvanceddiv', __('Advanced'), 'link_advanced_meta_box', null,
 do_action('add_meta_boxes', 'link', $link);
 do_action('add_meta_boxes_link', $link);

+/** This action is documented in wp-admin/edit-form-advanced.php */
 do_action('do_meta_boxes', 'link', 'normal', $link);
+/** This action is documented in wp-admin/edit-form-advanced.php */
 do_action('do_meta_boxes', 'link', 'advanced', $link);
+/** This action is documented in wp-admin/edit-form-advanced.php */
 do_action('do_meta_boxes', 'link', 'side', $link);

 add_screen_option('layout_columns', array('max' => 2, 'default' => 2) );
@@ -54,7 +57,7 @@ get_current_screen()->set_help_sidebar(
 	'<p>' . __( '<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
 );

-require_once ('admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 ?>

 <div class="wrap">
@@ -82,7 +85,7 @@ wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?>
 <div id="namediv" class="stuffbox">
 <h3><label for="link_name"><?php _ex('Name', 'link name') ?></label></h3>
 <div class="inside">
-	<input type="text" name="link_name" size="30" value="<?php echo esc_attr($link->link_name); ?>" id="link_name" />
+	<input type="text" name="link_name" size="30" maxlength="255" value="<?php echo esc_attr($link->link_name); ?>" id="link_name" />
    <p><?php _e('Example: Nifty blogging software'); ?></p>
 </div>
 </div>
@@ -90,7 +93,7 @@ wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?>
 <div id="addressdiv" class="stuffbox">
 <h3><label for="link_url"><?php _e('Web Address') ?></label></h3>
 <div class="inside">
-	<input type="text" name="link_url" size="30" class="code" value="<?php echo esc_attr($link->link_url); ?>" id="link_url" />
+	<input type="text" name="link_url" size="30" maxlength="255" class="code" value="<?php echo esc_attr($link->link_url); ?>" id="link_url" />
    <p><?php _e('Example: <code>http://wordpress.org/</code> &#8212; don&#8217;t forget the <code>http://</code>'); ?></p>
 </div>
 </div>
@@ -98,7 +101,7 @@ wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?>
 <div id="descriptiondiv" class="stuffbox">
 <h3><label for="link_description"><?php _e('Description') ?></label></h3>
 <div class="inside">
-	<input type="text" name="link_description" size="30" value="<?php echo isset($link->link_description) ? esc_attr($link->link_description) : ''; ?>" id="link_description" />
+	<input type="text" name="link_description" size="30" maxlength="255" value="<?php echo isset($link->link_description) ? esc_attr($link->link_description) : ''; ?>" id="link_description" />
    <p><?php _e('This will be shown when someone hovers over the link in the blogroll, or optionally below the link.'); ?></p>
 </div>
 </div>
--- a/wp-admin/edit-tag-form.php
+++ b/wp-admin/edit-tag-form.php
@@ -30,7 +30,7 @@ do_action($taxonomy . '_pre_edit_form', $tag, $taxonomy); ?>
 <?php screen_icon(); ?>
 <h2><?php echo $tax->labels->edit_item; ?></h2>
 <div id="ajax-response"></div>
-<form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate">
+<form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate"<?php do_action( $taxonomy . '_term_edit_form_tag' ); ?>>
 <input type="hidden" name="action" value="editedtag" />
 <input type="hidden" name="tag_ID" value="<?php echo esc_attr($tag->term_id) ?>" />
 <input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy) ?>" />
--- a/wp-admin/edit-tags.php
+++ b/wp-admin/edit-tags.php
@@ -7,7 +7,7 @@
 */

 /** WordPress Administration Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );

 if ( ! $taxnow )
 	wp_die( __( 'Invalid taxonomy' ) );
@@ -126,8 +126,8 @@ case 'edit':
 	$tag = get_term( $tag_ID, $taxonomy, OBJECT, 'edit' );
 	if ( ! $tag )
 		wp_die( __( 'You attempted to edit an item that doesn&#8217;t exist. Perhaps it was deleted?' ) );
-	require_once ( 'admin-header.php' );
-	include( './edit-tag-form.php' );
+	require_once( ABSPATH . 'wp-admin/admin-header.php' );
+	include( ABSPATH . 'wp-admin/edit-tag-form.php' );

 break;

@@ -247,17 +247,49 @@ if ( 'category' == $taxonomy || 'link_category' == $taxonomy || 'post_tag' == $t
 	unset( $help );
 }

-require_once ('admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );

 if ( !current_user_can($tax->cap->edit_terms) )
 	wp_die( __('You are not allowed to edit this item.') );

-$messages[1] = __('Item added.');
-$messages[2] = __('Item deleted.');
-$messages[3] = __('Item updated.');
-$messages[4] = __('Item not added.');
-$messages[5] = __('Item not updated.');
-$messages[6] = __('Items deleted.');
+$messages = array();
+$messages['_item'] = array(
+	0 => '', // Unused. Messages start at index 1.
+	1 => __( 'Item added.' ),
+	2 => __( 'Item deleted.' ),
+	3 => __( 'Item updated.' ),
+	4 => __( 'Item not added.' ),
+	5 => __( 'Item not updated.' ),
+	6 => __( 'Items deleted.' )
+);
+$messages['category'] = array(
+	0 => '', // Unused. Messages start at index 1.
+	1 => __( 'Category added.' ),
+	2 => __( 'Category deleted.' ),
+	3 => __( 'Category updated.' ),
+	4 => __( 'Category not added.' ),
+	5 => __( 'Category not updated.' ),
+	6 => __( 'Categories deleted.' )
+);
+$messages['post_tag'] = array(
+	0 => '', // Unused. Messages start at index 1.
+	1 => __( 'Tag added.' ),
+	2 => __( 'Tag deleted.' ),
+	3 => __( 'Tag updated.' ),
+	4 => __( 'Tag not added.' ),
+	5 => __( 'Tag not updated.' ),
+	6 => __( 'Tags deleted.' )
+);
+
+$messages = apply_filters( 'term_updated_messages', $messages );
+
+$message = false;
+if ( isset( $_REQUEST['message'] ) && ( $msg = (int) $_REQUEST['message'] ) ) {
+	if ( isset( $messages[ $taxonomy ][ $msg ] ) )
+		$message = $messages[ $taxonomy ][ $msg ];
+	elseif ( ! isset( $messages[ $taxonomy ] ) && isset( $messages['_item'][ $msg ] ) )
+		$message = $messages['_item'][ $msg ];
+}

 ?>

@@ -268,8 +300,8 @@ if ( !empty($_REQUEST['s']) )
 	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>
 </h2>

-<?php if ( isset($_REQUEST['message']) && ( $msg = (int) $_REQUEST['message'] ) ) : ?>
-<div id="message" class="updated"><p><?php echo $messages[$msg]; ?></p></div>
+<?php if ( $message ) : ?>
+<div id="message" class="updated"><p><?php echo $message; ?></p></div>
 <?php $_SERVER['REQUEST_URI'] = remove_query_arg(array('message'), $_SERVER['REQUEST_URI']);
 endif; ?>
 <div id="ajax-response"></div>
@@ -349,7 +381,7 @@ if ( current_user_can($tax->cap->edit_terms) ) {

 <div class="form-wrap">
 <h3><?php echo $tax->labels->add_new_item; ?></h3>
-<form id="addtag" method="post" action="edit-tags.php" class="validate">
+<form id="addtag" method="post" action="edit-tags.php" class="validate"<?php do_action( $taxonomy . '_term_new_form_tag' ); ?>>
 <input type="hidden" name="action" value="add-tag" />
 <input type="hidden" name="screen" value="<?php echo esc_attr($current_screen->id); ?>" />
 <input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" />
@@ -371,7 +403,20 @@ if ( current_user_can($tax->cap->edit_terms) ) {
 <?php if ( is_taxonomy_hierarchical($taxonomy) ) : ?>
 <div class="form-field">
 	<label for="parent"><?php _ex('Parent', 'Taxonomy Parent'); ?></label>
-	<?php wp_dropdown_categories(array('hide_empty' => 0, 'hide_if_empty' => false, 'taxonomy' => $taxonomy, 'name' => 'parent', 'orderby' => 'name', 'hierarchical' => true, 'show_option_none' => __('None'))); ?>
+	<?php
+	$dropdown_args = array(
+		'hide_empty'       => 0,
+		'hide_if_empty'    => false,
+		'taxonomy'         => $taxonomy,
+		'name'             => 'parent',
+		'orderby'          => 'name',
+		'hierarchical'     => true,
+		'show_option_none' => __( 'None' ),
+	);
+
+	$dropdown_args = apply_filters( 'taxonomy_parent_dropdown_args', $dropdown_args, $taxonomy );
+	wp_dropdown_categories( $dropdown_args );
+	?>
 	<?php if ( 'category' == $taxonomy ) : // @todo: Generic text for hierarchical taxonomies ?>
 		<p><?php _e('Categories, unlike tags, can have a hierarchy. You might have a Jazz category, and under that have children categories for Bebop and Big Band. Totally optional.'); ?></p>
 	<?php endif; ?>
@@ -417,4 +462,4 @@ try{document.forms.addtag['tag-name'].focus();}catch(e){}
 break;
 }

-include('./admin-footer.php');
+include( ABSPATH . 'wp-admin/admin-footer.php' );
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -7,7 +7,7 @@
 */

 /** WordPress Administration Bootstrap */
-require_once( './admin.php' );
+require_once( dirname( __FILE__ ) . '/admin.php' );

 if ( ! $typenow )
 	wp_die( __( 'Invalid post type' ) );
@@ -224,52 +224,77 @@ if ( 'post' == $post_type ) {

 add_screen_option( 'per_page', array( 'label' => $title, 'default' => 20, 'option' => 'edit_' . $post_type . '_per_page' ) );

-require_once('./admin-header.php');
+$bulk_counts = array(
+	'updated'   => isset( $_REQUEST['updated'] )   ? absint( $_REQUEST['updated'] )   : 0,
+	'locked'    => isset( $_REQUEST['locked'] )    ? absint( $_REQUEST['locked'] )    : 0,
+	'deleted'   => isset( $_REQUEST['deleted'] )   ? absint( $_REQUEST['deleted'] )   : 0,
+	'trashed'   => isset( $_REQUEST['trashed'] )   ? absint( $_REQUEST['trashed'] )   : 0,
+	'untrashed' => isset( $_REQUEST['untrashed'] ) ? absint( $_REQUEST['untrashed'] ) : 0,
+);
+
+$bulk_messages = array();
+$bulk_messages['post'] = array(
+	'updated'   => _n( '%s post updated.', '%s posts updated.', $bulk_counts['updated'] ),
+	'locked'    => _n( '%s post not updated, somebody is editing it.', '%s posts not updated, somebody is editing them.', $bulk_counts['locked'] ),
+	'deleted'   => _n( '%s post permanently deleted.', '%s posts permanently deleted.', $bulk_counts['deleted'] ),
+	'trashed'   => _n( '%s post moved to the Trash.', '%s posts moved to the Trash.', $bulk_counts['trashed'] ),
+	'untrashed' => _n( '%s post restored from the Trash.', '%s posts restored from the Trash.', $bulk_counts['untrashed'] ),
+);
+$bulk_messages['page'] = array(
+	'updated'   => _n( '%s page updated.', '%s pages updated.', $bulk_counts['updated'] ),
+	'locked'    => _n( '%s page not updated, somebody is editing it.', '%s pages not updated, somebody is editing them.', $bulk_counts['locked'] ),
+	'deleted'   => _n( '%s page permanently deleted.', '%s pages permanently deleted.', $bulk_counts['deleted'] ),
+	'trashed'   => _n( '%s page moved to the Trash.', '%s pages moved to the Trash.', $bulk_counts['trashed'] ),
+	'untrashed' => _n( '%s page restored from the Trash.', '%s pages restored from the Trash.', $bulk_counts['untrashed'] ),
+);
+
+/**
+ * Filter the bulk action updated messages.
+ *
+ * By default, custom post types use the messages for the 'post' post type.
+ *
+ * @since 3.7.0
+ *
+ * @param array $bulk_messages Arrays of messages, each keyed by the corresponding post type. Messages are
+ *                             keyed with 'updated', 'locked', 'deleted', 'trashed', and 'untrashed'.
+ * @param array $bulk_counts   Array of item counts for each message, used to build internationalized strings.
+ */
+$bulk_messages = apply_filters( 'bulk_post_updated_messages', $bulk_messages, $bulk_counts );
+$bulk_counts = array_filter( $bulk_counts );
+
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 ?>
 <div class="wrap">
 <?php screen_icon(); ?>
 <h2><?php
 echo esc_html( $post_type_object->labels->name );
 if ( current_user_can( $post_type_object->cap->create_posts ) )
-	echo ' <a href="' . esc_url( $post_new_file ) . '" class="add-new-h2">' . esc_html( $post_type_object->labels->add_new ) . '</a>';
+	echo ' <a href="' . esc_url( admin_url( $post_new_file ) ) . '" class="add-new-h2">' . esc_html( $post_type_object->labels->add_new ) . '</a>';
 if ( ! empty( $_REQUEST['s'] ) )
 	printf( ' <span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', get_search_query() );
 ?></h2>

-<?php if ( isset( $_REQUEST['locked'] ) || isset( $_REQUEST['updated'] ) || isset( $_REQUEST['deleted'] ) || isset( $_REQUEST['trashed'] ) || isset( $_REQUEST['untrashed'] ) ) {
-	$messages = array();
-?>
-<div id="message" class="updated"><p>
-<?php if ( isset( $_REQUEST['updated'] ) && $updated = absint( $_REQUEST['updated'] ) ) {
-	$messages[] = sprintf( _n( '%s post updated.', '%s posts updated.', $updated ), number_format_i18n( $updated ) );
-}
+<?php
+// If we have a bulk message to issue:
+$messages = array();
+foreach ( $bulk_counts as $message => $count ) {
+	if ( isset( $bulk_messages[ $post_type ][ $message ] ) )
+		$messages[] = sprintf( $bulk_messages[ $post_type ][ $message ], number_format_i18n( $count ) );
+	elseif ( isset( $bulk_messages['post'][ $message ] ) )
+		$messages[] = sprintf( $bulk_messages['post'][ $message ], number_format_i18n( $count ) );

-if ( isset( $_REQUEST['locked'] ) && $locked = absint( $_REQUEST['locked'] ) ) {
-	$messages[] = sprintf( _n( '%s item not updated, somebody is editing it.', '%s items not updated, somebody is editing them.', $locked ), number_format_i18n( $locked ) );
-}
-
-if ( isset( $_REQUEST['deleted'] ) && $deleted = absint( $_REQUEST['deleted'] ) ) {
-	$messages[] = sprintf( _n( 'Item permanently deleted.', '%s items permanently deleted.', $deleted ), number_format_i18n( $deleted ) );
-}
-
-if ( isset( $_REQUEST['trashed'] ) && $trashed = absint( $_REQUEST['trashed'] ) ) {
-	$messages[] = sprintf( _n( 'Item moved to the Trash.', '%s items moved to the Trash.', $trashed ), number_format_i18n( $trashed ) );
-	$ids = isset($_REQUEST['ids']) ? $_REQUEST['ids'] : 0;
-	$messages[] = '<a href="' . esc_url( wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) ) . '">' . __('Undo') . '</a>';
-}
-
-if ( isset( $_REQUEST['untrashed'] ) && $untrashed = absint( $_REQUEST['untrashed'] ) ) {
-	$messages[] = sprintf( _n( 'Item restored from the Trash.', '%s items restored from the Trash.', $untrashed ), number_format_i18n( $untrashed ) );
+	if ( $message == 'trashed' && isset( $_REQUEST['ids'] ) ) {
+		$ids = preg_replace( '/[^0-9,]/', '', $_REQUEST['ids'] );
+		$messages[] = '<a href="' . esc_url( wp_nonce_url( "edit.php?post_type=$post_type&doaction=undo&action=untrash&ids=$ids", "bulk-posts" ) ) . '">' . __('Undo') . '</a>';
+	}
 }

 if ( $messages )
-	echo join( ' ', $messages );
+	echo '<div id="message" class="updated"><p>' . join( ' ', $messages ) . '</p></div>';
 unset( $messages );

 $_SERVER['REQUEST_URI'] = remove_query_arg( array( 'locked', 'skipped', 'updated', 'deleted', 'trashed', 'untrashed' ), $_SERVER['REQUEST_URI'] );
 ?>
-</p></div>
-<?php } ?>

 <?php $wp_list_table->views(); ?>

@@ -297,4 +322,4 @@ if ( $wp_list_table->has_items() )
 </div>

 <?php
-include('./admin-footer.php');
+include( ABSPATH . 'wp-admin/admin-footer.php' );
--- a/wp-admin/export.php
+++ b/wp-admin/export.php
@@ -7,13 +7,13 @@
 */

 /** Load WordPress Bootstrap */
-require_once ('admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );

 if ( !current_user_can('export') )
 	wp_die(__('You do not have sufficient permissions to export the content of this site.'));

 /** Load WordPress export API */
-require_once('./includes/export.php');
+require_once( ABSPATH . 'wp-admin/includes/export.php' );
 $title = __('Export');

 /**
@@ -94,14 +94,31 @@ if ( isset( $_GET['download'] ) ) {
 		$args['content'] = $_GET['content'];
 	}

+	/**
+	 * Filter the export args.
+	 *
+	 * @since 3.5.0
+	 *
+	 * @param array $args The arguments to send to the exporter.
+	 */
 	$args = apply_filters( 'export_args', $args );

 	export_wp( $args );
 	die();
 }

-require_once ('admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );

+/**
+ * Create the date options fields for exporting a given post type.
+ *
+ * @global wpdb      $wpdb      WordPress database object.
+ * @global WP_Locale $wp_locale Date and Time Locale object.
+ *
+ * @since 3.1.0
+ *
+ * @param string $post_type The post type. Default 'post'.
+ */
 function export_date_options( $post_type = 'post' ) {
 	global $wpdb, $wp_locale;

@@ -211,10 +228,17 @@ function export_date_options( $post_type = 'post' ) {
 <p><label><input type="radio" name="content" value="<?php echo esc_attr( $post_type->name ); ?>" /> <?php echo esc_html( $post_type->label ); ?></label></p>
 <?php endforeach; ?>

-<?php do_action( 'export_filters' ) ?>
+<?php
+/**
+ * Fires after the export filters form.
+ *
+ * @since 3.5.0
+ */
+do_action( 'export_filters' );
+?>

 <?php submit_button( __('Download Export File') ); ?>
 </form>
 </div>

-<?php include('admin-footer.php'); ?>
+<?php include( ABSPATH . 'wp-admin/admin-footer.php' ); ?>
--- a/wp-admin/freedoms.php
+++ b/wp-admin/freedoms.php
@@ -7,7 +7,7 @@
 */

 /** WordPress Administration Bootstrap */
-require_once( './admin.php' );
+require_once( dirname( __FILE__ ) . '/admin.php' );

 $title = __( 'Freedoms' );

@@ -19,7 +19,7 @@ include( ABSPATH . 'wp-admin/admin-header.php' );

 <h1><?php printf( __( 'Welcome to WordPress %s' ), $display_version ); ?></h1>

-<div class="about-text"><?php printf( __( 'Thank you for updating to the latest version! WordPress %s is more polished and enjoyable than ever before. We hope you like it.' ), $display_version ); ?></div>
+<div class="about-text"><?php echo str_replace( '3.7', $display_version, __( 'Thank you for updating to WordPress 3.7! You might not notice a thing, and we&#8217;re okay with that.' ) ); ?></div>

 <div class="wp-badge"><?php printf( __( 'Version %s' ), $display_version ); ?></div>

--- a/wp-admin/images/about-globe-2x.png
+++ b/wp-admin/images/about-globe-2x.png
--- a/wp-admin/images/about-search-2x.png
+++ b/wp-admin/images/about-search-2x.png
--- a/wp-admin/images/about-updates-2x.png
+++ b/wp-admin/images/about-updates-2x.png
--- a/wp-admin/images/screenshots/about-color-picker.png
+++ b/wp-admin/images/screenshots/about-color-picker.png
--- a/wp-admin/images/screenshots/about-media.png
+++ b/wp-admin/images/screenshots/about-media.png
--- a/wp-admin/images/screenshots/about-retina.png
+++ b/wp-admin/images/screenshots/about-retina.png
--- a/wp-admin/images/screenshots/about-twenty-twelve.png
+++ b/wp-admin/images/screenshots/about-twenty-twelve.png
--- a/wp-admin/import.php
+++ b/wp-admin/import.php
@@ -9,7 +9,7 @@
 define('WP_LOAD_IMPORTERS', true);

 /** Load WordPress Bootstrap */
-require_once ('admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );

 if ( !current_user_can('import') )
 	wp_die(__('You do not have sufficient permissions to import content in this site.'));
@@ -47,7 +47,7 @@ if ( ! empty( $_GET['invalid'] ) && isset( $popular_importers[ $_GET['invalid']
 add_thickbox();
 wp_enqueue_script( 'plugin-install' );

-require_once ('admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 $parent_file = 'tools.php';
 ?>

@@ -130,4 +130,4 @@ if ( current_user_can('install_plugins') )

 <?php

-include ('admin-footer.php');
+include( ABSPATH . 'wp-admin/admin-footer.php' );
--- a/wp-admin/includes/ajax-actions.php
+++ b/wp-admin/includes/ajax-actions.php
@@ -9,6 +9,12 @@
 /*
 * No-privilege Ajax handlers.
 */
+
+/**
+ * Heartbeat API (experimental)
+ *
+ * Runs when the user is not logged in.
+ */
 function wp_ajax_nopriv_heartbeat() {
 	$response = array();

@@ -20,12 +26,39 @@ function wp_ajax_nopriv_heartbeat() {

 	if ( ! empty($_POST['data']) ) {
 		$data = wp_unslash( (array) $_POST['data'] );
+
+		/**
+		 * Filter Heartbeat AJAX response in no-privilege environments.
+		 *
+		 * @since 3.6.0
+		 *
+		 * @param array|object $response  The no-priv Heartbeat response object or array.
+		 * @param array        $data      An array of data passed via $_POST.
+		 * @param string       $screen_id The screen id.
+		 */
 		$response = apply_filters( 'heartbeat_nopriv_received', $response, $data, $screen_id );
 	}

+	/**
+	 * Filter Heartbeat AJAX response when no data is passed.
+	 *
+	 * @since 3.6.0
+	 *
+	 * @param array|object $response  The Heartbeat response object or array.
+	 * @param string       $screen_id The screen id.
+	 */
 	$response = apply_filters( 'heartbeat_nopriv_send', $response, $screen_id );

-	// Allow the transport to be replaced with long-polling easily
+	/**
+	 * Fires when Heartbeat ticks in no-privilege environments.
+	 *
+	 * Allows the transport to be easily replaced with long-polling.
+	 *
+	 * @since 3.6.0
+	 *
+	 * @param array|object $response  The no-priv Heartbeat response.
+	 * @param string       $screen_id The screen id.
+	 */
 	do_action( 'heartbeat_nopriv_tick', $response, $screen_id );

 	// send the current time according to the server
@@ -81,7 +114,7 @@ function wp_ajax_ajax_tag_search() {
 	if ( strlen( $s ) < 2 )
 		wp_die(); // require 2 chars for matching

-	$results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) );
+	$results = get_terms( $taxonomy, array( 'name__like' => $s, 'fields' => 'names', 'hide_empty' => false ) );

 	echo join( $results, "\n" );
 	wp_die();
@@ -157,6 +190,7 @@ function wp_ajax_autocomplete_user() {
 	if ( ! is_multisite() || ! current_user_can( 'promote_users' ) || wp_is_large_network( 'users' ) )
 		wp_die( -1 );

+	/** This filter is documented in wp-admin/user-new.php */
 	if ( ! is_super_admin() && ! apply_filters( 'autocomplete_users_for_site_admins', false ) )
 		wp_die( -1 );

@@ -235,10 +269,11 @@ function wp_ajax_logged_in() {
 * @return die
 */
 function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) {
-	$total = (int) @$_POST['_total'];
-	$per_page = (int) @$_POST['_per_page'];
-	$page = (int) @$_POST['_page'];
-	$url = esc_url_raw( @$_POST['_url'] );
+	$total    = isset( $_POST['_total'] )    ? (int) $_POST['_total']    : 0;
+	$per_page = isset( $_POST['_per_page'] ) ? (int) $_POST['_per_page'] : 0;
+	$page     = isset( $_POST['_page'] )     ? (int) $_POST['_page']     : 0;
+	$url      = isset( $_POST['_url'] )      ? esc_url_raw( $_POST['_url'] ) : '';
+
 	// JS didn't send us everything we need to know. Just die with success message
 	if ( !$total || !$per_page || !$page || !$url )
 		wp_die( time() );
@@ -540,7 +575,7 @@ function wp_ajax_dim_comment() {
 		wp_die( -1 );

 	$current = wp_get_comment_status( $comment->comment_ID );
-	if ( $_POST['new'] == $current )
+	if ( isset( $_POST['new'] ) && $_POST['new'] == $current )
 		wp_die( time() );

 	check_ajax_referer( "approve-comment_$id" );
@@ -688,9 +723,18 @@ function wp_ajax_get_comments( $action ) {

 	check_ajax_referer( $action );

+	if ( empty( $post_id ) && ! empty( $_REQUEST['p'] ) ) {
+		$id = absint( $_REQUEST['p'] );
+		if ( ! empty( $id ) )
+			$post_id = $id;
+	}
+
+	if ( empty( $post_id ) )
+		wp_die( -1 );
+
 	$wp_list_table = _get_list_table( 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );

-	if ( !current_user_can( 'edit_post', $post_id ) )
+	if ( ! current_user_can( 'edit_post', $post_id ) )
 		wp_die( -1 );

 	$wp_list_table->prepare_items();
@@ -744,6 +788,9 @@ function wp_ajax_replyto_comment( $action ) {
 		$comment_author_url   = wp_slash( $user->user_url );
 		$comment_content      = trim($_POST['content']);
 		if ( current_user_can( 'unfiltered_html' ) ) {
+			if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) )
+				$_POST['_wp_unfiltered_html_comment'] = '';
+
 			if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
 				kses_remove_filters(); // start with a clean slate
 				kses_init_filters(); // set up the filters
@@ -756,7 +803,9 @@ function wp_ajax_replyto_comment( $action ) {
 	if ( '' == $comment_content )
 		wp_die( __( 'ERROR: please type a comment.' ) );

-	$comment_parent = absint($_POST['comment_ID']);
+	$comment_parent = 0;
+	if ( isset( $_POST['comment_ID'] ) )
+		$comment_parent = absint( $_POST['comment_ID'] );
 	$comment_auto_approved = false;
 	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');

@@ -777,19 +826,18 @@ function wp_ajax_replyto_comment( $action ) {
 	$position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1';

 	ob_start();
-		if ( 'dashboard' == $_REQUEST['mode'] ) {
-			require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
-			_wp_dashboard_recent_comments_row( $comment );
+	if ( isset( $_REQUEST['mode'] ) && 'dashboard' == $_REQUEST['mode'] ) {
+		require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
+		_wp_dashboard_recent_comments_row( $comment );
+	} else {
+		if ( isset( $_REQUEST['mode'] ) && 'single' == $_REQUEST['mode'] ) {
+			$wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
 		} else {
-			if ( 'single' == $_REQUEST['mode'] ) {
-				$wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
-			} else {
-				$wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
-			}
-			$wp_list_table->single_row( $comment );
+			$wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
 		}
-		$comment_list_item = ob_get_contents();
-	ob_end_clean();
+		$wp_list_table->single_row( $comment );
+	}
+	$comment_list_item = ob_get_clean();

 	$response =  array(
 		'what' => 'comment',
@@ -818,7 +866,8 @@ function wp_ajax_edit_comment() {
 	if ( '' == $_POST['content'] )
 		wp_die( __( 'ERROR: please type a comment.' ) );

-	$_POST['comment_status'] = $_POST['status'];
+	if ( isset( $_POST['status'] ) )
+		$_POST['comment_status'] = $_POST['status'];
 	edit_comment();

 	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
@@ -828,11 +877,12 @@ function wp_ajax_edit_comment() {
 	$wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );

 	$comment = get_comment( $comment_id );
+	if ( empty( $comment->comment_ID ) )
+		wp_die( -1 );

 	ob_start();
-		$wp_list_table->single_row( $comment );
-		$comment_list_item = ob_get_contents();
-	ob_end_clean();
+	$wp_list_table->single_row( $comment );
+	$comment_list_item = ob_get_clean();

 	$x = new WP_Ajax_Response();

@@ -899,6 +949,14 @@ function wp_ajax_add_menu_item() {
 		}
 	}

+	/**
+	 * Filter the Walker class used when adding nav menu items.
+	 *
+	 * @since 3.4.0
+	 *
+	 * @param string $class   The walker class to use. Default 'Walker_Nav_Menu_Edit'.
+	 * @param int    $menu_id The menu id, derived from $_POST['menu'].
+	 */
 	$walker_class_name = apply_filters( 'wp_edit_nav_menu_walker', 'Walker_Nav_Menu_Edit', $_POST['menu'] );

 	if ( ! class_exists( $walker_class_name ) )
@@ -1040,9 +1098,10 @@ function wp_ajax_autosave() {

 	check_ajax_referer( 'autosave', 'autosavenonce' );

-	$_POST['post_category'] = explode(",", $_POST['catslist']);
-	if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
-		unset($_POST['post_category']);
+	if ( ! empty( $_POST['catslist'] ) )
+		$_POST['post_category'] = explode( ',', $_POST['catslist'] );
+	if ( $_POST['post_type'] == 'page' || empty( $_POST['post_category'] ) )
+		unset( $_POST['post_category'] );

 	$data = '';
 	$supplemental = array();
@@ -1050,18 +1109,16 @@ function wp_ajax_autosave() {

 	$post_id = (int) $_POST['post_id'];
 	$_POST['ID'] = $_POST['post_ID'] = $post_id;
-	$post = get_post($post_id);
+	$post = get_post( $post_id );
+	if ( empty( $post->ID ) || ! current_user_can( 'edit_post', $post->ID ) )
+		wp_die( __( 'You are not allowed to edit this post.' ) );
+
+	if ( 'page' == $post->post_type && ! current_user_can( 'edit_page', $post->ID ) )
+		wp_die( __( 'You are not allowed to edit this page.' ) );
+
 	if ( 'auto-draft' == $post->post_status )
 		$_POST['post_status'] = 'draft';

-	if ( 'page' == $post->post_type ) {
-		if ( !current_user_can('edit_page', $post->ID) )
-			wp_die( __( 'You are not allowed to edit this page.' ) );
-	} else {
-		if ( !current_user_can('edit_post', $post->ID) )
-			wp_die( __( 'You are not allowed to edit this post.' ) );
-	}
-
 	if ( ! empty( $_POST['autosave'] ) ) {
 		if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
 			// Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked
@@ -1171,7 +1228,15 @@ function wp_ajax_menu_get_metabox() {
 	}

 	if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) {
-		$item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] );
+		$menus_meta_box_object = $items[ $_POST['item-object'] ];
+		/**
+		 * Filter a nav menu meta box object.
+		 *
+		 * @since 3.0.0
+		 *
+		 * @param object $menus_meta_box_object A nav menu meta box object, such as Page, Post, Category, Tag, etc.
+		 */
+		$item = apply_filters( 'nav_menu_meta_box_object', $menus_meta_box_object );
 		ob_start();
 		call_user_func_array($callback, array(
 			null,
@@ -1307,16 +1372,18 @@ function wp_ajax_inline_save() {
 	$data['excerpt'] = $post['post_excerpt'];

 	// rename
-	$data['user_ID'] = $GLOBALS['user_ID'];
+	$data['user_ID'] = get_current_user_id();

 	if ( isset($data['post_parent']) )
 		$data['parent_id'] = $data['post_parent'];

-	// status
-	if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
+	// Status.
+	if ( isset( $data['keep_private'] ) && 'private' == $data['keep_private'] ) {
+		$data['visibility']  = 'private';
 		$data['post_status'] = 'private';
-	else
+	} else {
 		$data['post_status'] = $data['_status'];
+	}

 	if ( empty($data['comment_status']) )
 		$data['comment_status'] = 'closed';
@@ -1500,9 +1567,26 @@ function wp_ajax_save_widget() {

 	unset( $_POST['savewidgets'], $_POST['action'] );

-	do_action('load-widgets.php');
-	do_action('widgets.php');
-	do_action('sidebar_admin_setup');
+	/**
+	 * Fires early when editing the widgets displayed in sidebars.
+	 *
+	 * @since 2.8.0
+	 */
+	do_action( 'load-widgets.php' );
+
+	/**
+	 * Fires early when editing the widgets displayed in sidebars.
+	 *
+	 * @since 2.8.0
+	 */
+	do_action( 'widgets.php' );
+
+	/**
+	 * Fires early when editing the widgets displayed in sidebars.
+	 *
+	 * @since 2.2.0
+	 */
+	do_action( 'sidebar_admin_setup' );

 	$id_base = $_POST['id_base'];
 	$widget_id = $_POST['widget-id'];
@@ -1756,6 +1840,13 @@ function wp_ajax_wp_remove_post_lock() {
 	if ( $active_lock[1] != get_current_user_id() )
 		wp_die( 0 );

+	/**
+	 * Filter the post lock window duration.
+	 *
+	 * @since 3.3.0
+	 *
+	 * @param int $interval The interval in seconds the post lock duration should last, plus 5 seconds. Default 120.
+	 */
 	$new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', 120 ) + 5 ) . ':' . $active_lock[1];
 	update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );
 	wp_die( 1 );
@@ -1827,6 +1918,14 @@ function wp_ajax_query_attachments() {
 	if ( current_user_can( get_post_type_object( 'attachment' )->cap->read_private_posts ) )
 		$query['post_status'] .= ',private';

+	/**
+	 * Filter the arguments passed to WP_Query during an AJAX call for querying attachments.
+	 *
+	 * @since 3.7.0
+	 *
+	 * @param array $query An array of query variables. @see WP_Query::parse_query()
+	 */
+	$query = apply_filters( 'ajax_query_attachments_args', $query );
 	$query = new WP_Query( $query );

 	$posts = array_map( 'wp_prepare_attachment_for_js', $query->posts );
@@ -1905,6 +2004,7 @@ function wp_ajax_save_attachment_compat() {
 	if ( 'attachment' != $post['post_type'] )
 		wp_send_json_error();

+	/** This filter is documented in wp-admin/includes/media.php */
 	$post = apply_filters( 'attachment_fields_to_save', $post, $attachment_data );

 	if ( isset( $post['errors'] ) ) {
@@ -2007,6 +2107,7 @@ function wp_ajax_send_attachment_to_editor() {
 		$html = stripslashes_deep( $_POST['html'] );
 	}

+	/** This filter is documented in wp-admin/includes/media.php */
 	$html = apply_filters( 'media_send_to_editor', $html, $id, $attachment );

 	wp_send_json_success( $html );
@@ -2047,11 +2148,17 @@ function wp_ajax_send_link_to_editor() {
 		&& ( 'audio' == $ext_type || 'video' == $ext_type ) )
 			$type = $ext_type;

+	/** This filter is documented in wp-admin/includes/media.php */
 	$html = apply_filters( $type . '_send_to_editor_url', $html, $src, $title );

 	wp_send_json_success( $html );
 }

+/**
+ * Heartbeat API (experimental)
+ *
+ * Runs when the user is logged in.
+ */
 function wp_ajax_heartbeat() {
 	if ( empty( $_POST['_nonce'] ) )
 		wp_send_json_error();
@@ -2073,14 +2180,38 @@ function wp_ajax_heartbeat() {
 	if ( ! empty($_POST['data']) ) {
 		$data = (array) $_POST['data'];

-		// todo: separate filters: 'heartbeat_[action]' so we call different callbacks only when there is data for them,
-		// or all callbacks listen to one filter and run when there is something for them in $data?
+		/**
+		 * Filter the Heartbeat response received.
+		 *
+		 * @since 3.6.0
+		 *
+		 * @param array|object $response  The Heartbeat response object or array.
+		 * @param array        $data      The $_POST data sent.
+		 * @param string       $screen_id The screen id.
+		 */
 		$response = apply_filters( 'heartbeat_received', $response, $data, $screen_id );
 	}

+	/**
+	 * Filter the Heartbeat response sent.
+	 *
+	 * @since 3.6.0
+	 *
+	 * @param array|object $response  The Heartbeat response object or array.
+	 * @param string       $screen_id The screen id.
+	 */
 	$response = apply_filters( 'heartbeat_send', $response, $screen_id );

-	// Allow the transport to be replaced with long-polling easily
+	/**
+	 * Fires when Heartbeat ticks in logged-in environments.
+	 *
+	 * Allows the transport to be easily replaced with long-polling.
+	 *
+	 * @since 3.6.0
+	 *
+	 * @param array|object $response  The Heartbeat response object or array.
+	 * @param string       $screen_id The screen id.
+	 */
 	do_action( 'heartbeat_tick', $response, $screen_id );

 	// Send the current time according to the server
@@ -2095,7 +2226,7 @@ function wp_ajax_get_revision_diffs() {
 	if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) )
 		wp_send_json_error();

-	if ( ! current_user_can( 'read_post', $post->ID ) )
+	if ( ! current_user_can( 'edit_post', $post->ID ) )
 		wp_send_json_error();

 	// Really just pre-loading the cache here.
--- a/wp-admin/includes/bookmark.php
+++ b/wp-admin/includes/bookmark.php
@@ -70,7 +70,7 @@ function get_default_link_to_edit() {
 }

 /**
- * Delete link specified from database
+ * Delete link specified from database.
 *
 * @since 2.0.0
 *
@@ -79,13 +79,25 @@ function get_default_link_to_edit() {
 */
 function wp_delete_link( $link_id ) {
 	global $wpdb;
-
+	/**
+	 * Fires before a link is deleted.
+	 *
+	 * @since 2.0.0
+	 *
+	 * @param int $link_id ID of the link to delete.
+	 */
 	do_action( 'delete_link', $link_id );

 	wp_delete_object_term_relationships( $link_id, 'link_category' );

 	$wpdb->delete( $wpdb->links, array( 'link_id' => $link_id ) );
-
+	/**
+	 * Fires after a link has been deleted.
+	 *
+	 * @since 2.2.0
+	 *
+	 * @param int $link_id ID of the deleted link.
+	 */
 	do_action( 'deleted_link', $link_id );

 	clean_bookmark_cache( $link_id );
@@ -206,11 +218,25 @@ function wp_insert_link( $linkdata, $wp_error = false ) {

 	wp_set_link_cats( $link_id, $link_category );

-	if ( $update )
+	if ( $update ) {
+		/**
+		 * Fires after a link was updated in the database.
+		 *
+		 * @since 2.0.0
+		 *
+		 * @param int $link_id ID of the link that was updated.
+		 */
 		do_action( 'edit_link', $link_id );
-	else
+	} else {
+		/**
+		 * Fires after a link was added to the database.
+		 *
+		 * @since 2.0.0
+		 *
+		 * @param int $link_id ID of the link that was added.
+		 */
 		do_action( 'add_link', $link_id );
-
+	}
 	clean_bookmark_cache( $link_id );

 	return $link_id;
--- a/wp-admin/includes/class-wp-comments-list-table.php
+++ b/wp-admin/includes/class-wp-comments-list-table.php
@@ -52,6 +52,8 @@ class WP_Comments_List_Table extends WP_List_Table {

 		$search = ( isset( $_REQUEST['s'] ) ) ? $_REQUEST['s'] : '';

+		$post_type = ( isset( $_REQUEST['post_type'] ) ) ? sanitize_key( $_REQUEST['post_type'] ) : '';
+
 		$user_id = ( isset( $_REQUEST['user_id'] ) ) ? $_REQUEST['user_id'] : '';

 		$orderby = ( isset( $_REQUEST['orderby'] ) ) ? $_REQUEST['orderby'] : '';
@@ -96,6 +98,7 @@ class WP_Comments_List_Table extends WP_List_Table {
 			'type' => $comment_type,
 			'orderby' => $orderby,
 			'order' => $order,
+			'post_type' => $post_type,
 		);

 		$_comments = get_comments( $args );
@@ -490,9 +493,9 @@ class WP_Comments_List_Table extends WP_List_Table {

 		if ( current_user_can( 'edit_post', $post->ID ) ) {
 			$post_link = "<a href='" . get_edit_post_link( $post->ID ) . "'>";
-			$post_link .= get_the_title( $post->ID ) . '</a>';
+			$post_link .= esc_html( get_the_title( $post->ID ) ) . '</a>';
 		} else {
-			$post_link = get_the_title( $post->ID );
+			$post_link = esc_html( get_the_title( $post->ID ) );
 		}

 		echo '<div class="response-links"><span class="post-com-count-wrapper">';
--- a/wp-admin/includes/class-wp-filesystem-base.php
+++ b/wp-admin/includes/class-wp-filesystem-base.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Base WordPress Filesystem.
+ * Base WordPress Filesystem
 *
 * @package WordPress
 * @subpackage Filesystem
@@ -9,22 +9,23 @@
 /**
 * Base WordPress Filesystem class for which Filesystem implementations extend
 *
- * @since 2.5
+ * @since 2.5.0
 */
 class WP_Filesystem_Base {
 	/**
 	 * Whether to display debug data for the connection.
 	 *
-	 * @since 2.5
 	 * @access public
+	 * @since 2.5.0
 	 * @var bool
 	 */
 	var $verbose = false;
+
 	/**
 	 * Cached list of local filepaths to mapped remote filepaths.
 	 *
-	 * @since 2.7
 	 * @access private
+	 * @since 2.7.0
 	 * @var array
 	 */
 	var $cache = array();
@@ -32,63 +33,81 @@ class WP_Filesystem_Base {
 	/**
 	 * The Access method of the current connection, Set automatically.
 	 *
-	 * @since 2.5
 	 * @access public
+	 * @since 2.5.0
 	 * @var string
 	 */
 	var $method = '';

 	/**
-	 * Returns the path on the remote filesystem of ABSPATH
+	 * Constructor (empty).
+	 */
+	function __construct() {}
+
+	/**
+	 * Return the path on the remote filesystem of ABSPATH.
 	 *
-	 * @since 2.7
 	 * @access public
+	 * @since 2.7.0
+	 *
 	 * @return string The location of the remote path.
 	 */
 	function abspath() {
 		$folder = $this->find_folder(ABSPATH);
-		//Perhaps the FTP folder is rooted at the WordPress install, Check for wp-includes folder in root, Could have some false positives, but rare.
+		// Perhaps the FTP folder is rooted at the WordPress install, Check for wp-includes folder in root, Could have some false positives, but rare.
 		if ( ! $folder && $this->is_dir('/wp-includes') )
 			$folder = '/';
 		return $folder;
 	}
+
 	/**
-	 * Returns the path on the remote filesystem of WP_CONTENT_DIR
+	 * Return the path on the remote filesystem of WP_CONTENT_DIR.
 	 *
-	 * @since 2.7
 	 * @access public
+	 * @since 2.7.0
+	 *
 	 * @return string The location of the remote path.
 	 */
 	function wp_content_dir() {
 		return $this->find_folder(WP_CONTENT_DIR);
 	}
+
 	/**
-	 * Returns the path on the remote filesystem of WP_PLUGIN_DIR
+	 * Return the path on the remote filesystem of WP_PLUGIN_DIR.
 	 *
-	 * @since 2.7
 	 * @access public
+	 * @since 2.7.0
 	 *
 	 * @return string The location of the remote path.
 	 */
 	function wp_plugins_dir() {
 		return $this->find_folder(WP_PLUGIN_DIR);
 	}
+
 	/**
-	 * Returns the path on the remote filesystem of the Themes Directory
+	 * Return the path on the remote filesystem of the Themes Directory.
 	 *
-	 * @since 2.7
 	 * @access public
+	 * @since 2.7.0
 	 *
+	 * @param string $theme The Theme stylesheet or template for the directory.
 	 * @return string The location of the remote path.
 	 */
-	function wp_themes_dir() {
-		return $this->wp_content_dir() . 'themes/';
+	function wp_themes_dir( $theme = false ) {
+		$theme_root = get_theme_root( $theme );
+
+		// Account for relative theme roots
+		if ( '/themes' == $theme_root || ! is_dir( $theme_root ) )
+			$theme_root = WP_CONTENT_DIR . $theme_root;
+
+		return $this->find_folder( $theme_root );
 	}
+
 	/**
-	 * Returns the path on the remote filesystem of WP_LANG_DIR
+	 * Return the path on the remote filesystem of WP_LANG_DIR.
 	 *
-	 * @since 3.2.0
 	 * @access public
+	 * @since 3.2.0
 	 *
 	 * @return string The location of the remote path.
 	 */
@@ -97,73 +116,109 @@ class WP_Filesystem_Base {
 	}

 	/**
-	 * Locates a folder on the remote filesystem.
+	 * Locate a folder on the remote filesystem.
 	 *
-	 * Deprecated; use WP_Filesystem::abspath() or WP_Filesystem::wp_*_dir() methods instead.
-	 *
-	 * @since 2.5
-	 * @deprecated 2.7
 	 * @access public
+	 * @since 2.5.0
+	 * @deprecated 2.7.0 use WP_Filesystem::abspath() or WP_Filesystem::wp_*_dir() instead.
+	 * @see WP_Filesystem::abspath()
+	 * @see WP_Filesystem::wp_content_dir()
+	 * @see WP_Filesystem::wp_plugins_dir()
+	 * @see WP_Filesystem::wp_themes_dir()
+	 * @see WP_Filesystem::wp_lang_dir()
 	 *
-	 * @param string $base The folder to start searching from
-	 * @param bool $echo True to display debug information
+	 * @param string $base The folder to start searching from.
+	 * @param bool   $echo True to display debug information.
+	 *                     Default false.
 	 * @return string The location of the remote path.
 	 */
-	function find_base_dir($base = '.', $echo = false) {
-		_deprecated_function(__FUNCTION__, '2.7', 'WP_Filesystem::abspath() or WP_Filesystem::wp_*_dir()' );
-		$this->verbose = $echo;
-		return $this->abspath();
-	}
-	/**
-	 * Locates a folder on the remote filesystem.
-	 *
-	 * Deprecated; use WP_Filesystem::abspath() or WP_Filesystem::wp_*_dir() methods instead.
-	 *
-	 * @since 2.5
-	 * @deprecated 2.7
-	 * @access public
-	 *
-	 * @param string $base The folder to start searching from
-	 * @param bool $echo True to display debug information
-	 * @return string The location of the remote path.
-	 */
-	function get_base_dir($base = '.', $echo = false) {
+	function find_base_dir( $base = '.', $echo = false ) {
 		_deprecated_function(__FUNCTION__, '2.7', 'WP_Filesystem::abspath() or WP_Filesystem::wp_*_dir()' );
 		$this->verbose = $echo;
 		return $this->abspath();
 	}

 	/**
-	 * Locates a folder on the remote filesystem.
+	 * Locate a folder on the remote filesystem.
 	 *
-	 * Assumes that on Windows systems, Stripping off the Drive letter is OK
-	 * Sanitizes \\ to / in windows filepaths.
-	 *
-	 * @since 2.7
 	 * @access public
+	 * @since 2.5.0
+	 * @deprecated 2.7.0 use WP_Filesystem::abspath() or WP_Filesystem::wp_*_dir() methods instead.
+	 * @see WP_Filesystem::abspath()
+	 * @see WP_Filesystem::wp_content_dir()
+	 * @see WP_Filesystem::wp_plugins_dir()
+	 * @see WP_Filesystem::wp_themes_dir()
+	 * @see WP_Filesystem::wp_lang_dir()
 	 *
-	 * @param string $folder the folder to locate
+	 * @param string $base The folder to start searching from.
+	 * @param bool   $echo True to display debug information.
 	 * @return string The location of the remote path.
 	 */
-	function find_folder($folder) {
+	function get_base_dir( $base = '.', $echo = false ) {
+		_deprecated_function(__FUNCTION__, '2.7', 'WP_Filesystem::abspath() or WP_Filesystem::wp_*_dir()' );
+		$this->verbose = $echo;
+		return $this->abspath();
+	}

-		if ( strpos($this->method, 'ftp') !== false ) {
-			$constant_overrides = array( 'FTP_BASE' => ABSPATH, 'FTP_CONTENT_DIR' => WP_CONTENT_DIR, 'FTP_PLUGIN_DIR' => WP_PLUGIN_DIR, 'FTP_LANG_DIR' => WP_LANG_DIR );
-			foreach ( $constant_overrides as $constant => $dir )
-				if ( defined($constant) && $folder === $dir )
-					return trailingslashit(constant($constant));
+	/**
+	 * Locate a folder on the remote filesystem.
+	 *
+	 * Assumes that on Windows systems, Stripping off the Drive
+	 * letter is OK Sanitizes \\ to / in windows filepaths.
+	 *
+	 * @access public
+	 * @since 2.7.0
+	 *
+	 * @param string $folder the folder to locate.
+	 * @return string The location of the remote path.
+	 */
+	function find_folder( $folder ) {
+
+		if ( isset( $this->cache[ $folder ] ) )
+			return $this->cache[ $folder ];
+
+		if ( stripos($this->method, 'ftp') !== false ) {
+			$constant_overrides = array(
+				'FTP_BASE' => ABSPATH,
+				'FTP_CONTENT_DIR' => WP_CONTENT_DIR,
+				'FTP_PLUGIN_DIR' => WP_PLUGIN_DIR,
+				'FTP_LANG_DIR' => WP_LANG_DIR
+			);
+
+			// Direct matches ( folder = CONSTANT/ )
+			foreach ( $constant_overrides as $constant => $dir ) {
+				if ( ! defined( $constant ) )
+					continue;
+				if ( $folder === $dir )
+					return trailingslashit( constant( $constant ) );
+			}
+
+			// Prefix Matches ( folder = CONSTANT/subdir )
+			foreach ( $constant_overrides as $constant => $dir ) {
+				if ( ! defined( $constant ) )
+					continue;
+				if ( 0 === stripos( $folder, $dir ) ) { // $folder starts with $dir
+					$potential_folder = preg_replace( '#^' . preg_quote( $dir, '#' ) . '/#i', trailingslashit( constant( $constant ) ), $folder );
+					$potential_folder = trailingslashit( $potential_folder );
+
+					if ( $this->is_dir( $potential_folder ) ) {
+						$this->cache[ $folder ] = $potential_folder;
+						return $potential_folder;
+					}
+				}
+			}
 		} elseif ( 'direct' == $this->method ) {
-			$folder = str_replace('\\', '/', $folder); //Windows path sanitisation
+			$folder = str_replace('\\', '/', $folder); // Windows path sanitisation
 			return trailingslashit($folder);
 		}

-		$folder = preg_replace('|^([a-z]{1}):|i', '', $folder); //Strip out windows drive letter if it's there.
-		$folder = str_replace('\\', '/', $folder); //Windows path sanitisation
+		$folder = preg_replace('|^([a-z]{1}):|i', '', $folder); // Strip out windows drive letter if it's there.
+		$folder = str_replace('\\', '/', $folder); // Windows path sanitisation

 		if ( isset($this->cache[ $folder ] ) )
 			return $this->cache[ $folder ];

-		if ( $this->exists($folder) ) { //Folder exists at that absolute path.
+		if ( $this->exists($folder) ) { // Folder exists at that absolute path.
 			$folder = trailingslashit($folder);
 			$this->cache[ $folder ] = $folder;
 			return $folder;
@@ -174,43 +229,47 @@ class WP_Filesystem_Base {
 	}

 	/**
-	 * Locates a folder on the remote filesystem.
+	 * Locate a folder on the remote filesystem.
 	 *
-	 * Expects Windows sanitized path
+	 * Expects Windows sanitized path.
 	 *
-	 * @since 2.7
 	 * @access private
+	 * @since 2.7.0
 	 *
-	 * @param string $folder the folder to locate
-	 * @param string $base the folder to start searching from
-	 * @param bool $loop if the function has recursed, Internal use only
+	 * @param string $folder The folder to locate.
+	 * @param string $base   The folder to start searching from.
+	 * @param bool   $loop   If the function has recursed, Internal use only.
 	 * @return string The location of the remote path.
 	 */
-	function search_for_folder($folder, $base = '.', $loop = false ) {
+	function search_for_folder( $folder, $base = '.', $loop = false ) {
 		if ( empty( $base ) || '.' == $base )
 			$base = trailingslashit($this->cwd());

 		$folder = untrailingslashit($folder);

+		if ( $this->verbose )
+			printf( "\n" . __('Looking for %1$s in %2$s') . "<br/>\n", $folder, $base );
+
 		$folder_parts = explode('/', $folder);
-		$last_index = array_pop( array_keys( $folder_parts ) );
+		$folder_part_keys = array_keys( $folder_parts );
+		$last_index = array_pop( $folder_part_keys );
 		$last_path = $folder_parts[ $last_index ];

 		$files = $this->dirlist( $base );

 		foreach ( $folder_parts as $index => $key ) {
 			if ( $index == $last_index )
-				continue; //We want this to be caught by the next code block.
+				continue; // We want this to be caught by the next code block.

-			//Working from /home/ to /user/ to /wordpress/ see if that file exists within the current folder,
+			// Working from /home/ to /user/ to /wordpress/ see if that file exists within the current folder,
 			// If it's found, change into it and follow through looking for it.
 			// If it cant find WordPress down that route, it'll continue onto the next folder level, and see if that matches, and so on.
 			// If it reaches the end, and still cant find it, it'll return false for the entire function.
 			if ( isset($files[ $key ]) ){
-				//Lets try that folder:
+				// Lets try that folder:
 				$newdir = trailingslashit(path_join($base, $key));
 				if ( $this->verbose )
-					printf( __('Changing to %s') . '<br/>', $newdir );
+					printf( "\n" . __('Changing to %s') . "<br/>\n", $newdir );
 				// only search for the remaining path tokens in the directory, not the full path again
 				$newfolder = implode( '/', array_slice( $folder_parts, $index + 1 ) );
 				if ( $ret = $this->search_for_folder( $newfolder, $newdir, $loop) )
@@ -218,32 +277,38 @@ class WP_Filesystem_Base {
 			}
 		}

-		//Only check this as a last resort, to prevent locating the incorrect install. All above procedures will fail quickly if this is the right branch to take.
+		// Only check this as a last resort, to prevent locating the incorrect install. All above procedures will fail quickly if this is the right branch to take.
 		if (isset( $files[ $last_path ] ) ) {
 			if ( $this->verbose )
-				printf( __('Found %s') . '<br/>',  $base . $last_path );
+				printf( "\n" . __('Found %s') . "<br/>\n",  $base . $last_path );
 			return trailingslashit($base . $last_path);
 		}
-		if ( $loop )
-			return false; //Prevent this function from looping again.
-		//As an extra last resort, Change back to / if the folder wasn't found. This comes into effect when the CWD is /home/user/ but WP is at /var/www/.... mainly dedicated setups.
-		return $this->search_for_folder($folder, '/', true);
+
+		// Prevent this function from looping again.
+		// No need to proceed if we've just searched in /
+		if ( $loop || '/' == $base )
+			return false;
+
+		// As an extra last resort, Change back to / if the folder wasn't found.
+		// This comes into effect when the CWD is /home/user/ but WP is at /var/www/....
+		return $this->search_for_folder( $folder, '/', true );

 	}

 	/**
-	 * Returns the *nix style file permissions for a file
+	 * Return the *nix-style file permissions for a file.
 	 *
-	 * From the PHP documentation page for fileperms()
+	 * From the PHP documentation page for fileperms().
 	 *
 	 * @link http://docs.php.net/fileperms
-	 * @since 2.5
-	 * @access public
 	 *
-	 * @param string $file string filename
-	 * @return string *nix style representation of permissions
+	 * @access public
+	 * @since 2.5.0
+	 *
+	 * @param string $file String filename.
+	 * @return string The *nix-style representation of permissions.
 	 */
-	function gethchmod($file){
+	function gethchmod( $file ){
 		$perms = $this->getchmod($file);
 		if (($perms & 0xC000) == 0xC000) // Socket
 			$info = 's';
@@ -286,19 +351,20 @@ class WP_Filesystem_Base {
 	}

 	/**
-	 * Converts *nix style file permissions to a octal number.
+	 * Convert *nix-style file permissions to a octal number.
 	 *
 	 * Converts '-rw-r--r--' to 0644
 	 * From "info at rvgate dot nl"'s comment on the PHP documentation for chmod()
 	 *
 	 * @link http://docs.php.net/manual/en/function.chmod.php#49614
-	 * @since 2.5
-	 * @access public
 	 *
-	 * @param string $mode string *nix style file permission
+	 * @access public
+	 * @since 2.5.0
+	 *
+	 * @param string $mode string The *nix-style file permission.
 	 * @return int octal representation
 	 */
-	function getnumchmodfromh($mode) {
+	function getnumchmodfromh( $mode ) {
 		$realmode = '';
 		$legal =  array('', 'w', 'r', 'x', '-');
 		$attarray = preg_split('//', $mode);
@@ -319,15 +385,379 @@ class WP_Filesystem_Base {
 	}

 	/**
-	 * Determines if the string provided contains binary characters.
+	 * Determine if the string provided contains binary characters.
 	 *
-	 * @since 2.7
 	 * @access private
+	 * @since 2.7.0
 	 *
-	 * @param string $text String to test against
-	 * @return bool true if string is binary, false otherwise
+	 * @param string $text String to test against.
+	 * @return bool true if string is binary, false otherwise.
 	 */
 	function is_binary( $text ) {
-		return (bool) preg_match('|[^\x20-\x7E]|', $text); //chr(32)..chr(127)
+		return (bool) preg_match( '|[^\x20-\x7E]|', $text ); // chr(32)..chr(127)
 	}
-}
+
+	/**
+	 * Change the ownership of a file / folder.
+	 *
+	 * Default behavior is to do nothing, override this in your subclass, if desired.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file      Path to the file.
+	 * @param mixed  $owner     A user name or number.
+	 * @param bool   $recursive Optional. If set True changes file owner recursivly. Defaults to False.
+	 * @return bool Returns true on success or false on failure.
+	 */
+	function chown( $file, $owner, $recursive = false ) {
+		return false;
+	}
+
+	/**
+	 * Connect filesystem.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @return bool True on success or false on failure (always true for WP_Filesystem_Direct).
+	 */
+	function connect() {
+		return true;
+	}
+
+	/**
+	 * Read entire file into a string.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file Name of the file to read.
+	 * @return string|bool Returns the read data or false on failure.
+	 */
+	function get_contents( $file ) {
+		return false;
+	}
+
+	/**
+	 * Read entire file into an array.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file Path to the file.
+	 * @return array|bool the file contents in an array or false on failure.
+	 */
+	function get_contents_array( $file ) {
+		return false;
+	}
+
+	/**
+	 * Write a string to a file.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file     Remote path to the file where to write the data.
+	 * @param string $contents The data to write.
+	 * @param int    $mode     Optional. The file permissions as octal number, usually 0644.
+	 * @return bool False on failure.
+	 */
+	function put_contents( $file, $contents, $mode = false ) {
+		return false;
+	}
+
+	/**
+	 * Get the current working directory.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @return string|bool The current working directory on success, or false on failure.
+	 */
+	function cwd() {
+		return false;
+	}
+
+	/**
+	 * Change current directory.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $dir The new current directory.
+	 * @return bool Returns true on success or false on failure.
+	 */
+	function chdir( $dir ) {
+		return false;
+	}
+
+	/**
+	 * Change the file group.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file      Path to the file.
+	 * @param mixed  $group     A group name or number.
+	 * @param bool   $recursive Optional. If set True changes file group recursively. Defaults to False.
+	 * @return bool Returns true on success or false on failure.
+	 */
+	function chgrp( $file, $group, $recursive = false ) {
+		return false;
+	}
+
+	/**
+	 * Change filesystem permissions.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file      Path to the file.
+	 * @param int    $mode      Optional. The permissions as octal number, usually 0644 for files, 0755 for dirs.
+	 * @param bool   $recursive Optional. If set True changes file group recursively. Defaults to False.
+	 * @return bool Returns true on success or false on failure.
+	 */
+	function chmod( $file, $mode = false, $recursive = false ) {
+		return false;
+	}
+
+	/**
+	 * Get the file owner.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file Path to the file.
+	 * @return string|bool Username of the user or false on error.
+	 */
+	function owner( $file ) {
+		return false;
+	}
+
+	/**
+	 * Get the file's group.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file Path to the file.
+	 * @return string|bool The group or false on error.
+	 */
+	function group( $file ) {
+		return false;
+	}
+
+	/**
+	 * Copy a file.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $source      Path to the source file.
+	 * @param string $destination Path to the destination file.
+	 * @param bool   $overwrite   Optional. Whether to overwrite the destination file if it exists.
+	 *                            Default false.
+	 * @param int    $mode        Optional. The permissions as octal number, usually 0644 for files, 0755 for dirs.
+	 *                            Default false.
+	 * @return bool True if file copied successfully, False otherwise.
+	 */
+	function copy( $source, $destination, $overwrite = false, $mode = false ) {
+		return false;
+	}
+
+	/**
+	 * Move a file.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $source      Path to the source file.
+	 * @param string $destination Path to the destination file.
+	 * @param bool   $overwrite   Optional. Whether to overwrite the destination file if it exists.
+	 *                            Default false.
+	 * @return bool True if file copied successfully, False otherwise.
+	 */
+	function move( $source, $destination, $overwrite = false ) {
+		return false;
+	}
+
+	/**
+	 * Delete a file or directory.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file      Path to the file.
+	 * @param bool   $recursive Optional. If set True changes file group recursively. Defaults to False.
+	 *                          Default false.
+	 * @param bool   $type      Type of resource. 'f' for file, 'd' for directory.
+	 *                          Default false.
+	 * @return bool True if the file or directory was deleted, false on failure.
+	 */
+	function delete( $file, $recursive = false, $type = false ) {
+		return false;
+	}
+
+	/**
+	 * Check if a file or directory exists.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file Path to file/directory.
+	 * @return bool Whether $file exists or not.
+	 */
+	function exists( $file ) {
+		return false;
+	}
+
+	/**
+	 * Check if resource is a file.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file File path.
+	 * @return bool Whether $file is a file.
+	 */
+	function is_file( $file ) {
+		return false;
+	}
+
+	/**
+	 * Check if resource is a directory.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $path Directory path.
+	 * @return bool Whether $path is a directory.
+	 */
+	function is_dir( $path ) {
+		return false;
+	}
+
+	/**
+	 * Check if a file is readable.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file Path to file.
+	 * @return bool Whether $file is readable.
+	 */
+	function is_readable( $file ) {
+		return false;
+	}
+
+	/**
+	 * Check if a file or directory is writable.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $path Path to file/directory.
+	 * @return bool Whether $file is writable.
+	 */
+	function is_writable( $file ) {
+		return false;
+	}
+
+	/**
+	 * Gets the file's last access time.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file Path to file.
+	 * @return int Unix timestamp representing last access time.
+	 */
+	function atime( $file ) {
+		return false;
+	}
+
+	/**
+	 * Gets the file modification time.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file Path to file.
+	 * @return int Unix timestamp representing modification time.
+	 */
+	function mtime( $file ) {
+		return false;
+	}
+
+	/**
+	 * Gets the file size (in bytes).
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file Path to file.
+	 * @return int Size of the file in bytes.
+	 */
+	function size( $file ) {
+		return false;
+	}
+
+	/**
+	 * Set the access and modification times of a file.
+	 *
+	 * Note: If $file doesn't exist, it will be created.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $file  Path to file.
+	 * @param int    $time  Optional. Modified time to set for file.
+	 *                      Default 0.
+	 * @param int    $atime Optional. Access time to set for file.
+	 *                      Default 0.
+	 * @return bool Whether operation was successful or not.
+	 */
+	function touch( $file, $time = 0, $atime = 0 ) {
+		return false;
+	}
+
+	/**
+	 * Create a directory.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $path  Path for new directory.
+	 * @param mixed  $chmod Optional. The permissions as octal number, (or False to skip chmod)
+	 *                      Default false.
+	 * @param mixed  $chown Optional. A user name or number (or False to skip chown)
+	 *                      Default false.
+	 * @param mixed  $chgrp Optional. A group name or number (or False to skip chgrp).
+	 *                      Default false.
+	 * @return bool False if directory cannot be created, true otherwise.
+	 */
+	function mkdir( $path, $chmod = false, $chown = false, $chgrp = false ) {
+		return false;
+	}
+
+	/**
+	 * Delete a directory.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $path      Path to directory.
+	 * @param bool   $recursive Optional. Whether to recursively remove files/directories.
+	 *                          Default false.
+	 * @return bool Whether directory is deleted successfully or not.
+	 */
+	function rmdir( $path, $recursive = false ) {
+		return false;
+	}
+
+	/**
+	 * Get details for files in a directory or a specific file.
+	 *
+	 * @since 2.5.0
+	 *
+	 * @param string $path           Path to directory or file.
+	 * @param bool   $include_hidden Optional. Whether to include details of hidden ("." prefixed) files.
+	 *                               Default true.
+	 * @param bool   $recursive      Optional. Whether to recursively include file details in nested directories.
+	 *                               Default false.
+	 * @return array|bool {
+	 *     Array of files. False if unable to list directory contents.
+	 *
+	 *     @type string 'name'        Name of the file/directory.
+	 *     @type string 'perms'       *nix representation of permissions.
+	 *     @type int    'permsn'      Octal representation of permissions.
+	 *     @type string 'owner'       Owner name or ID.
+	 *     @type int    'size'        Size of file in bytes.
+	 *     @type int    'lastmodunix' Last modified unix timestamp.
+	 *     @type mixed  'lastmod'     Last modified month (3 letter) and day (without leading 0).
+	 *     @type int    'time'        Last modified time.
+	 *     @type string 'type'        Type of resource. 'f' for file, 'd' for directory.
+	 *     @type mixed  'files'       If a directory and $recursive is true, contains another array of files.
+	 * }
+	 */
+	function dirlist( $path, $include_hidden = true, $recursive = false ) {
+		return false;
+	}
+
+} // WP_Filesystem_Base
--- a/wp-admin/includes/class-wp-filesystem-direct.php
+++ b/wp-admin/includes/class-wp-filesystem-direct.php
@@ -15,7 +15,7 @@
 * @uses WP_Filesystem_Base Extends class
 */
 class WP_Filesystem_Direct extends WP_Filesystem_Base {
-	var $errors = null;
+
 	/**
 	 * constructor
 	 *
@@ -25,14 +25,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 		$this->method = 'direct';
 		$this->errors = new WP_Error();
 	}
-	/**
-	 * connect filesystem.
-	 *
-	 * @return bool Returns true on success or false on failure (always true for WP_Filesystem_Direct).
-	 */
-	function connect() {
-		return true;
-	}
+
 	/**
 	 * Reads entire file into a string
 	 *
@@ -42,6 +35,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	function get_contents($file) {
 		return @file_get_contents($file);
 	}
+
 	/**
 	 * Reads entire file into an array
 	 *
@@ -51,6 +45,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	function get_contents_array($file) {
 		return @file($file);
 	}
+
 	/**
 	 * Write a string to a file
 	 *
@@ -59,14 +54,29 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	 * @param int $mode (optional) The file permissions as octal number, usually 0644.
 	 * @return bool False upon failure.
 	 */
-	function put_contents($file, $contents, $mode = false ) {
-		if ( ! ($fp = @fopen($file, 'w')) )
+	function put_contents( $file, $contents, $mode = false ) {
+		$fp = @fopen( $file, 'wb' );
+		if ( ! $fp )
 			return false;
-		@fwrite($fp, $contents);
-		@fclose($fp);
-		$this->chmod($file, $mode);
+
+		mbstring_binary_safe_encoding();
+
+		$data_length = strlen( $contents );
+
+		$bytes_written = fwrite( $fp, $contents );
+
+		reset_mbstring_encoding();
+
+		fclose( $fp );
+
+		if ( $data_length !== $bytes_written )
+			return false;
+
+		$this->chmod( $file, $mode );
+
 		return true;
 	}
+
 	/**
 	 * Gets the current working directory
 	 *
@@ -75,6 +85,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	function cwd() {
 		return @getcwd();
 	}
+
 	/**
 	 * Change directory
 	 *
@@ -84,6 +95,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	function chdir($dir) {
 		return @chdir($dir);
 	}
+
 	/**
 	 * Changes file group
 	 *
@@ -99,7 +111,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 			return @chgrp($file, $group);
 		if ( ! $this->is_dir($file) )
 			return @chgrp($file, $group);
-		//Is a directory, and we want recursive
+		// Is a directory, and we want recursive
 		$file = trailingslashit($file);
 		$filelist = $this->dirlist($file);
 		foreach ($filelist as $filename)
@@ -107,6 +119,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {

 		return true;
 	}
+
 	/**
 	 * Changes filesystem permissions
 	 *
@@ -127,7 +140,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {

 		if ( ! $recursive || ! $this->is_dir($file) )
 			return @chmod($file, $mode);
-		//Is a directory, and we want recursive
+		// Is a directory, and we want recursive
 		$file = trailingslashit($file);
 		$filelist = $this->dirlist($file);
 		foreach ( (array)$filelist as $filename => $filemeta)
@@ -135,6 +148,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {

 		return true;
 	}
+
 	/**
 	 * Changes file owner
 	 *
@@ -150,18 +164,19 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 			return @chown($file, $owner);
 		if ( ! $this->is_dir($file) )
 			return @chown($file, $owner);
-		//Is a directory, and we want recursive
+		// Is a directory, and we want recursive
 		$filelist = $this->dirlist($file);
 		foreach ($filelist as $filename) {
 			$this->chown($file . '/' . $filename, $owner, $recursive);
 		}
 		return true;
 	}
+
 	/**
 	 * Gets file owner
 	 *
 	 * @param string $file Path to the file.
-	 * @return string Username of the user.
+	 * @return string|bool Username of the user or false on error.
 	 */
 	function owner($file) {
 		$owneruid = @fileowner($file);
@@ -172,6 +187,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 		$ownerarray = posix_getpwuid($owneruid);
 		return $ownerarray['name'];
 	}
+
 	/**
 	 * Gets file permissions
 	 *
@@ -183,6 +199,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	function getchmod($file) {
 		return substr(decoct(@fileperms($file)),3);
 	}
+
 	function group($file) {
 		$gid = @filegroup($file);
 		if ( ! $gid )
@@ -220,27 +237,30 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	}

 	function delete($file, $recursive = false, $type = false) {
-		if ( empty($file) ) //Some filesystems report this as /, which can cause non-expected recursive deletion of all files in the filesystem.
+		if ( empty( $file ) ) // Some filesystems report this as /, which can cause non-expected recursive deletion of all files in the filesystem.
 			return false;
-		$file = str_replace('\\', '/', $file); //for win32, occasional problems deleting files otherwise
+		$file = str_replace( '\\', '/', $file ); // for win32, occasional problems deleting files otherwise

 		if ( 'f' == $type || $this->is_file($file) )
 			return @unlink($file);
 		if ( ! $recursive && $this->is_dir($file) )
 			return @rmdir($file);

-		//At this point it's a folder, and we're in recursive mode
+		// At this point it's a folder, and we're in recursive mode
 		$file = trailingslashit($file);
 		$filelist = $this->dirlist($file, true);

 		$retval = true;
-		if ( is_array($filelist) ) //false if no files, So check first.
-			foreach ($filelist as $filename => $fileinfo)
+		if ( is_array( $filelist ) ) {
+			foreach ( $filelist as $filename => $fileinfo ) {
 				if ( ! $this->delete($file . $filename, $recursive, $fileinfo['type']) )
 					$retval = false;
+			}
+		}

 		if ( file_exists($file) && ! @rmdir($file) )
 			$retval = false;
+
 		return $retval;
 	}

@@ -271,6 +291,7 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	function mtime($file) {
 		return @filemtime($file);
 	}
+
 	function size($file) {
 		return @filesize($file);
 	}
--- a/wp-admin/includes/class-wp-filesystem-ftpext.php
+++ b/wp-admin/includes/class-wp-filesystem-ftpext.php
@@ -23,14 +23,13 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 		$this->method = 'ftpext';
 		$this->errors = new WP_Error();

-		//Check if possible to use ftp functions.
+		// Check if possible to use ftp functions.
 		if ( ! extension_loaded('ftp') ) {
 			$this->errors->add('no_ftp_ext', __('The ftp PHP extension is not available'));
 			return false;
 		}

-		// Set defaults:
-		//This Class uses the timeout on a per-connection basis, Others use it on a per-action basis.
+		// This Class uses the timeout on a per-connection basis, Others use it on a per-action basis.

 		if ( ! defined('FS_TIMEOUT') )
 			define('FS_TIMEOUT', 240);
@@ -80,7 +79,7 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 			return false;
 		}

-		//Set the Connection to use Passive FTP
+		// Set the Connection to use Passive FTP
 		@ftp_pasv( $this->link, true );
 		if ( @ftp_get_option($this->link, FTP_TIMEOUT_SEC) < FS_TIMEOUT )
 			@ftp_set_option($this->link, FTP_TIMEOUT_SEC, FS_TIMEOUT);
@@ -88,20 +87,17 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 		return true;
 	}

-	function get_contents($file, $type = '', $resumepos = 0 ) {
-		if ( empty($type) )
-			$type = FTP_BINARY;
-
+	function get_contents( $file ) {
 		$tempfile = wp_tempnam($file);
 		$temp = fopen($tempfile, 'w+');

 		if ( ! $temp )
 			return false;

-		if ( ! @ftp_fget($this->link, $temp, $file, $type, $resumepos) )
+		if ( ! @ftp_fget($this->link, $temp, $file, FTP_BINARY ) )
 			return false;

-		fseek($temp, 0); //Skip back to the start of the file being written to
+		fseek( $temp, 0 ); // Skip back to the start of the file being written to
 		$contents = '';

 		while ( ! feof($temp) )
@@ -111,21 +107,33 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 		unlink($tempfile);
 		return $contents;
 	}
+
 	function get_contents_array($file) {
 		return explode("\n", $this->get_contents($file));
 	}

 	function put_contents($file, $contents, $mode = false ) {
 		$tempfile = wp_tempnam($file);
-		$temp = fopen($tempfile, 'w+');
+		$temp = fopen( $tempfile, 'wb+' );
 		if ( ! $temp )
 			return false;

-		fwrite($temp, $contents);
-		fseek($temp, 0); //Skip back to the start of the file being written to
+		mbstring_binary_safe_encoding();

-		$type = $this->is_binary($contents) ? FTP_BINARY : FTP_ASCII;
-		$ret = @ftp_fput($this->link, $file, $temp, $type);
+		$data_length = strlen( $contents );
+		$bytes_written = fwrite( $temp, $contents );
+
+		reset_mbstring_encoding();
+
+		if ( $data_length !== $bytes_written ) {
+			fclose( $temp );
+			unlink( $tempfile );
+			return false;
+		}
+
+		fseek( $temp, 0 ); // Skip back to the start of the file being written to
+
+		$ret = @ftp_fput( $this->link, $file, $temp, FTP_BINARY );

 		fclose($temp);
 		unlink($tempfile);
@@ -134,18 +142,22 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {

 		return $ret;
 	}
+
 	function cwd() {
 		$cwd = @ftp_pwd($this->link);
 		if ( $cwd )
 			$cwd = trailingslashit($cwd);
 		return $cwd;
 	}
+
 	function chdir($dir) {
 		return @ftp_chdir($this->link, $dir);
 	}
+
 	function chgrp($file, $group, $recursive = false ) {
 		return false;
 	}
+
 	function chmod($file, $mode = false, $recursive = false) {
 		if ( ! $mode ) {
 			if ( $this->is_file($file) )
@@ -168,29 +180,31 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 			return (bool)@ftp_site($this->link, sprintf('CHMOD %o %s', $mode, $file));
 		return (bool)@ftp_chmod($this->link, $mode, $file);
 	}
-	function chown($file, $owner, $recursive = false ) {
-		return false;
-	}
+
 	function owner($file) {
 		$dir = $this->dirlist($file);
 		return $dir[$file]['owner'];
 	}
+
 	function getchmod($file) {
 		$dir = $this->dirlist($file);
 		return $dir[$file]['permsn'];
 	}
+
 	function group($file) {
 		$dir = $this->dirlist($file);
 		return $dir[$file]['group'];
 	}
+
 	function copy($source, $destination, $overwrite = false, $mode = false) {
 		if ( ! $overwrite && $this->exists($destination) )
 			return false;
 		$content = $this->get_contents($source);
-		if ( false === $content)
+		if ( false === $content )
 			return false;
 		return $this->put_contents($destination, $content, $mode);
 	}
+
 	function move($source, $destination, $overwrite = false) {
 		return ftp_rename($this->link, $source, $destination);
 	}
@@ -214,9 +228,11 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 		$list = @ftp_nlist($this->link, $file);
 		return !empty($list); //empty list = no file, so invert.
 	}
+
 	function is_file($file) {
 		return $this->exists($file) && !$this->is_dir($file);
 	}
+
 	function is_dir($path) {
 		$cwd = $this->cwd();
 		$result = @ftp_chdir($this->link, trailingslashit($path) );
@@ -226,26 +242,31 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 		}
 		return false;
 	}
+
 	function is_readable($file) {
-		//Get dir list, Check if the file is readable by the current user??
 		return true;
 	}
+
 	function is_writable($file) {
-		//Get dir list, Check if the file is writable by the current user??
 		return true;
 	}
+
 	function atime($file) {
 		return false;
 	}
+
 	function mtime($file) {
 		return ftp_mdtm($this->link, $file);
 	}
+
 	function size($file) {
 		return ftp_size($this->link, $file);
 	}
+
 	function touch($file, $time = 0, $atime = 0) {
 		return false;
 	}
+
 	function mkdir($path, $chmod = false, $chown = false, $chgrp = false) {
 		$path = untrailingslashit($path);
 		if ( empty($path) )
@@ -260,6 +281,7 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 			$this->chgrp($path, $chgrp);
 		return true;
 	}
+
 	function rmdir($path, $recursive = false) {
 		return $this->delete($path, $recursive);
 	}
--- a/wp-admin/includes/class-wp-filesystem-ftpsockets.php
+++ b/wp-admin/includes/class-wp-filesystem-ftpsockets.php
@@ -23,12 +23,11 @@ class WP_Filesystem_ftpsockets extends WP_Filesystem_Base {
 		$this->method = 'ftpsockets';
 		$this->errors = new WP_Error();

-		//Check if possible to use ftp functions.
+		// Check if possible to use ftp functions.
 		if ( ! @include_once ABSPATH . 'wp-admin/includes/class-ftp.php' )
 				return false;
 		$this->ftp = new ftp();

-		//Set defaults:
 		if ( empty($opt['port']) )
 			$this->options['port'] = 21;
 		else
@@ -75,32 +74,35 @@ class WP_Filesystem_ftpsockets extends WP_Filesystem_Base {
 			return false;
 		}

-		$this->ftp->SetType(FTP_AUTOASCII);
-		$this->ftp->Passive(true);
-		$this->ftp->setTimeout(FS_TIMEOUT);
+		$this->ftp->SetType( FTP_BINARY );
+		$this->ftp->Passive( true );
+		$this->ftp->setTimeout( FS_TIMEOUT );
 		return true;
 	}

-	function get_contents($file, $type = '', $resumepos = 0) {
+	function get_contents( $file ) {
 		if ( ! $this->exists($file) )
 			return false;

-		if ( empty($type) )
-			$type = FTP_AUTOASCII;
-		$this->ftp->SetType($type);
-
 		$temp = wp_tempnam( $file );

 		if ( ! $temphandle = fopen($temp, 'w+') )
 			return false;

+		mbstring_binary_safe_encoding();
+
 		if ( ! $this->ftp->fget($temphandle, $file) ) {
 			fclose($temphandle);
 			unlink($temp);
-			return ''; //Blank document, File does exist, It's just blank.
+
+			reset_mbstring_encoding();
+
+			return ''; // Blank document, File does exist, It's just blank.
 		}

-		fseek($temphandle, 0); //Skip back to the start of the file being written to
+		reset_mbstring_encoding();
+
+		fseek( $temphandle, 0 ); // Skip back to the start of the file being written to
 		$contents = '';

 		while ( ! feof($temphandle) )
@@ -122,14 +124,25 @@ class WP_Filesystem_ftpsockets extends WP_Filesystem_Base {
 			return false;
 		}

-		fwrite($temphandle, $contents);
-		fseek($temphandle, 0); //Skip back to the start of the file being written to
+		// The FTP class uses string functions internally during file download/upload
+		mbstring_binary_safe_encoding();

-		$type = $this->is_binary($contents) ? FTP_BINARY : FTP_ASCII;
-		$this->ftp->SetType($type);
+		$bytes_written = fwrite( $temphandle, $contents );
+		if ( false === $bytes_written || $bytes_written != strlen( $contents ) ) {
+			fclose( $temphandle );
+			unlink( $temp );
+
+			reset_mbstring_encoding();
+
+			return false;
+		}
+
+		fseek( $temphandle, 0 ); // Skip back to the start of the file being written to

 		$ret = $this->ftp->fput($file, $temphandle);

+		reset_mbstring_encoding();
+
 		fclose($temphandle);
 		unlink($temp);

@@ -174,10 +187,6 @@ class WP_Filesystem_ftpsockets extends WP_Filesystem_Base {
 		return $this->ftp->chmod($file, $mode);
 	}

-	function chown($file, $owner, $recursive = false ) {
-		return false;
-	}
-
 	function owner($file) {
 		$dir = $this->dirlist($file);
 		return $dir[$file]['owner'];
@@ -219,8 +228,10 @@ class WP_Filesystem_ftpsockets extends WP_Filesystem_Base {
 		return $this->ftp->mdel($file);
 	}

-	function exists($file) {
-		return $this->ftp->is_exists($file);
+	function exists( $file ) {
+		$list = $this->ftp->nlist( $file );
+		return !empty( $list ); //empty list = no file, so invert.
+		// return $this->ftp->is_exists($file); has issues with ABOR+426 responses on the ncFTPd server
 	}

 	function is_file($file) {
@@ -241,12 +252,10 @@ class WP_Filesystem_ftpsockets extends WP_Filesystem_Base {
 	}

 	function is_readable($file) {
-		//Get dir list, Check if the file is writable by the current user??
 		return true;
 	}

 	function is_writable($file) {
-		//Get dir list, Check if the file is writable by the current user??
 		return true;
 	}

@@ -295,9 +304,15 @@ class WP_Filesystem_ftpsockets extends WP_Filesystem_Base {
 			$limit_file = false;
 		}

+		mbstring_binary_safe_encoding();
+
 		$list = $this->ftp->dirlist($path);
-		if ( empty($list) && !$this->exists($path) )
+		if ( empty( $list ) && ! $this->exists( $path ) ) {
+
+			reset_mbstring_encoding();
+
 			return false;
+		}

 		$ret = array();
 		foreach ( $list as $struc ) {
@@ -324,6 +339,9 @@ class WP_Filesystem_ftpsockets extends WP_Filesystem_Base {

 			$ret[ $struc['name'] ] = $struc;
 		}
+
+		reset_mbstring_encoding();
+
 		return $ret;
 	}

--- a/wp-admin/includes/class-wp-filesystem-ssh2.php
+++ b/wp-admin/includes/class-wp-filesystem-ssh2.php
@@ -1,13 +1,6 @@
 <?php
 /**
- * WordPress SSH2 Filesystem.
- *
- * @package WordPress
- * @subpackage Filesystem
- */
-
-/**
- * WordPress Filesystem Class for implementing SSH2.
+ * WordPress Filesystem Class for implementing SSH2
 *
 * To use this class you must follow these steps for PHP 5.2.6+
 *
@@ -35,10 +28,10 @@
 *
 * Note: as of WordPress 2.8, This utilises the PHP5+ function 'stream_get_contents'
 *
- * @since 2.7
+ * @since 2.7.0
+ *
 * @package WordPress
 * @subpackage Filesystem
- * @uses WP_Filesystem_Base Extends class
 */
 class WP_Filesystem_SSH2 extends WP_Filesystem_Base {

@@ -150,7 +143,7 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 		return false;
 	}

-	function get_contents($file, $type = '', $resumepos = 0 ) {
+	function get_contents( $file ) {
 		$file = ltrim($file, '/');
 		return file_get_contents('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}
@@ -161,12 +154,14 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 	}

 	function put_contents($file, $contents, $mode = false ) {
-		$file = ltrim($file, '/');
-		$ret = file_put_contents('ssh2.sftp://' . $this->sftp_link . '/' . $file, $contents);
+		$ret = file_put_contents( 'ssh2.sftp://' . $this->sftp_link . '/' . ltrim( $file, '/' ), $contents );
+
+		if ( $ret !== strlen( $contents ) )
+			return false;

 		$this->chmod($file, $mode);

-		return false !== $ret;
+		return true;
 	}

 	function cwd() {
@@ -206,7 +201,17 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 		return $this->run_command(sprintf('chmod -R %o %s', $mode, escapeshellarg($file)), true);
 	}

-	function chown($file, $owner, $recursive = false ) {
+	/**
+	 * Change the ownership of a file / folder.
+	 *
+	 * @since Unknown
+	 *
+	 * @param string $file    Path to the file.
+	 * @param mixed  $owner   A user name or number.
+	 * @param bool $recursive Optional. If set True changes file owner recursivly. Defaults to False.
+	 * @return bool Returns true on success or false on failure.
+	 */
+	function chown( $file, $owner, $recursive = false ) {
 		if ( ! $this->exists($file) )
 			return false;
 		if ( ! $recursive || ! $this->is_dir($file) )
--- a/wp-admin/includes/class-wp-importer.php
+++ b/wp-admin/includes/class-wp-importer.php
@@ -179,11 +179,10 @@ class WP_Importer {
 	 */
 	function get_page( $url, $username = '', $password = '', $head = false ) {
 		// Increase the timeout
-		add_filter( 'http_request_timeout', array( &$this, 'bump_request_timeout' ) );
+		add_filter( 'http_request_timeout', array( $this, 'bump_request_timeout' ) );

 		$headers = array();
 		$args = array();
-		$args['reject_unsafe_urls'] = true;
 		if ( true === $head )
 			$args['method'] = 'HEAD';
 		if ( !empty( $username ) && !empty( $password ) )
@@ -191,7 +190,7 @@ class WP_Importer {

 		$args['headers'] = $headers;

-		return wp_remote_request( $url, $args );
+		return wp_safe_remote_request( $url, $args );
 	}

 	/**
--- a/wp-admin/includes/class-wp-list-table.php
+++ b/wp-admin/includes/class-wp-list-table.php
@@ -87,7 +87,7 @@ class WP_List_Table {

 		$this->screen = convert_to_screen( $args['screen'] );

-		add_filter( "manage_{$this->screen->id}_columns", array( &$this, 'get_columns' ), 0 );
+		add_filter( "manage_{$this->screen->id}_columns", array( $this, 'get_columns' ), 0 );

 		if ( !$args['plural'] )
 			$args['plural'] = $this->screen->base;
@@ -99,7 +99,7 @@ class WP_List_Table {

 		if ( $args['ajax'] ) {
 			// wp_enqueue_script( 'list-table' );
-			add_action( 'admin_footer', array( &$this, '_js_vars' ) );
+			add_action( 'admin_footer', array( $this, '_js_vars' ) );
 		}
 	}

@@ -340,7 +340,7 @@ class WP_List_Table {
 		if ( !$action_count )
 			return '';

-		$out = '<div class="' . ( $always_visible ? 'row-actions-visible' : 'row-actions' ) . '">';
+		$out = '<div class="' . ( $always_visible ? 'row-actions visible' : 'row-actions' ) . '">';
 		foreach ( $actions as $action => $link ) {
 			++$i;
 			( $i == $action_count ) ? $sep = '' : $sep = ' | ';
@@ -367,6 +367,16 @@ class WP_List_Table {
 			ORDER BY post_date DESC
 		", $post_type ) );

+		/**
+		 * Filter the months dropdown results.
+		 *
+		 * @since 3.7.0
+		 *
+		 * @param object $months    The months dropdown query results.
+		 * @param string $post_type The post type.
+		 */
+		$months = apply_filters( 'months_dropdown_results', $months, $post_type );
+
 		$month_count = count( $months );

 		if ( !$month_count || ( 1 == $month_count && 0 == $months[0]->month ) )
@@ -764,7 +774,7 @@ class WP_List_Table {
 ?>
 	<div class="tablenav <?php echo esc_attr( $which ); ?>">

-		<div class="alignleft actions">
+		<div class="alignleft actions bulkactions">
 			<?php $this->bulk_actions(); ?>
 		</div>
 <?php
@@ -857,7 +867,7 @@ class WP_List_Table {
 			}
 			elseif ( method_exists( $this, 'column_' . $column_name ) ) {
 				echo "<td $attributes>";
-				echo call_user_func( array( &$this, 'column_' . $column_name ), $item );
+				echo call_user_func( array( $this, 'column_' . $column_name ), $item );
 				echo "</td>";
 			}
 			else {
--- a/wp-admin/includes/class-wp-media-list-table.php
+++ b/wp-admin/includes/class-wp-media-list-table.php
@@ -301,11 +301,17 @@ foreach ( $columns as $column_name => $column_display_name ) {
 		break;

 	case 'parent':
-		if ( $post->post_parent > 0 && get_post( $post->post_parent ) ) {
+		if ( $post->post_parent > 0 )
+			$parent = get_post( $post->post_parent );
+		else
+			$parent = false;
+
+		if ( $parent ) {
 			$title = _draft_or_post_title( $post->post_parent );
+			$parent_type = get_post_type_object( $parent->post_type );
 ?>
 			<td <?php echo $attributes ?>><strong>
-				<?php if ( current_user_can( 'edit_post', $post->post_parent ) ) { ?>
+				<?php if ( current_user_can( 'edit_post', $post->post_parent ) && $parent_type->show_ui ) { ?>
 					<a href="<?php echo get_edit_post_link( $post->post_parent ); ?>">
 						<?php echo $title ?></a><?php
 				} else {
--- a/wp-admin/includes/class-wp-ms-sites-list-table.php
+++ b/wp-admin/includes/class-wp-ms-sites-list-table.php
@@ -214,8 +214,10 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 				switch ( $column_name ) {
 					case 'cb': ?>
 						<th scope="row" class="check-column">
+							<?php if ( ! is_main_site( $blog['blog_id'] ) ) : ?>
 							<label class="screen-reader-text" for="blog_<?php echo $blog['blog_id']; ?>"><?php printf( __( 'Select %s' ), $blogname ); ?></label>
 							<input type="checkbox" id="blog_<?php echo $blog['blog_id'] ?>" name="allblogs[]" value="<?php echo esc_attr( $blog['blog_id'] ) ?>" />
+							<?php endif; ?>
 						</th>
 					<?php
 					break;
--- a/wp-admin/includes/class-wp-ms-themes-list-table.php
+++ b/wp-admin/includes/class-wp-ms-themes-list-table.php
@@ -84,7 +84,7 @@ class WP_MS_Themes_List_Table extends WP_List_Table {

 		if ( $s ) {
 			$status = 'search';
-			$themes['search'] = array_filter( array_merge( $themes['all'], $themes['broken'] ), array( &$this, '_search_callback' ) );
+			$themes['search'] = array_filter( array_merge( $themes['all'], $themes['broken'] ), array( $this, '_search_callback' ) );
 		}

 		$totals = array();
@@ -108,7 +108,7 @@ class WP_MS_Themes_List_Table extends WP_List_Table {
 				if ( 'ASC' == $order )
 					$this->items = array_reverse( $this->items );
 			} else {
-				uasort( $this->items, array( &$this, '_order_callback' ) );
+				uasort( $this->items, array( $this, '_order_callback' ) );
 			}
 		}

@@ -284,8 +284,8 @@ class WP_MS_Themes_List_Table extends WP_List_Table {
 		if ( ! $allowed && current_user_can( 'delete_themes' ) && ! $this->is_site_themes && $stylesheet != get_option( 'stylesheet' ) && $stylesheet != get_option( 'template' ) )
 			$actions['delete'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=delete-selected&amp;checked[]=' . $theme_key . '&amp;theme_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'bulk-themes' ) ) . '" title="' . esc_attr__( 'Delete this theme' ) . '" class="delete">' . __( 'Delete' ) . '</a>';

-		$actions = apply_filters( 'theme_action_links', array_filter( $actions ), $stylesheet, $theme, $context );
-		$actions = apply_filters( "theme_action_links_$stylesheet", $actions, $stylesheet, $theme, $context );
+		$actions = apply_filters( 'theme_action_links', array_filter( $actions ), $theme, $context );
+		$actions = apply_filters( "theme_action_links_$stylesheet", $actions, $theme, $context );

 		$class = ! $allowed ? 'inactive' : 'active';
 		$checkbox_id = "checkbox_" . md5( $theme->get('Name') );
--- a/wp-admin/includes/class-wp-ms-users-list-table.php
+++ b/wp-admin/includes/class-wp-ms-users-list-table.php
@@ -201,7 +201,7 @@ class WP_MS_Users_List_Table extends WP_List_Table {
 					break;

 					case 'email':
-						echo "<td $attributes><a href='mailto:$user->user_email'>$user->user_email</a></td>";
+						echo "<td $attributes><a href='" . esc_url( "mailto:$user->user_email" ) . "'>$user->user_email</a></td>";
 					break;

 					case 'registered':
--- a/wp-admin/includes/class-wp-plugin-install-list-table.php
+++ b/wp-admin/includes/class-wp-plugin-install-list-table.php
@@ -37,7 +37,23 @@ class WP_Plugin_Install_List_Table extends WP_List_Table {

 		$nonmenu_tabs = array( 'plugin-information' ); //Valid actions to perform which do not have a Menu item.

+		/**
+		 * Filter the tabs shown on the Plugin Install screen.
+		 *
+		 * @since 2.7.0
+		 *
+		 * @param array $tabs The tabs shown on the Plugin Install screen. Defaults are 'dashboard', 'search',
+		 *                    'upload', 'featured', 'popular', 'new', and 'favorites'.
+		 */
 		$tabs = apply_filters( 'install_plugins_tabs', $tabs );
+
+		/**
+		 * Filter tabs not associated with a menu item on the Plugin Install screen.
+		 *
+		 * @since 2.7.0
+		 *
+		 * @param array $nonmenu_tabs The tabs that don't have a Menu item on the Plugin Install screen.
+		 */
 		$nonmenu_tabs = apply_filters( 'install_plugins_nonmenu_tabs', $nonmenu_tabs );

 		// If a non-valid menu tab has been selected, And it's not a non-menu action.
@@ -85,8 +101,22 @@ class WP_Plugin_Install_List_Table extends WP_List_Table {

 			default:
 				$args = false;
+				break;
 		}

+		/**
+		 * Filter API request arguments for each Plugin Install screen tab.
+		 *
+		 * The dynamic portion of the hook name, $tab, refers to the plugin install tabs.
+		 * Default tabs are 'dashboard', 'search', 'upload', 'featured', 'popular', 'new',
+		 * and 'favorites'.
+		 *
+		 * @since 3.7.0
+		 *
+		 * @param array|bool $args Plugin Install API arguments.
+		 */
+		$args = apply_filters( "install_plugins_table_api_args_$tab", $args );
+
 		if ( !$args )
 			return;

@@ -124,7 +154,13 @@ class WP_Plugin_Install_List_Table extends WP_List_Table {
 		if ( 'top' ==  $which ) { ?>
 			<div class="tablenav top">
 				<div class="alignleft actions">
-					<?php do_action( 'install_plugins_table_header' ); ?>
+					<?php
+					/**
+					 * Fires before the Plugin Install table header pagination is displayed.
+					 *
+					 * @since 2.7.0
+					 */
+					do_action( 'install_plugins_table_header' ); ?>
 				</div>
 				<?php $this->pagination( $which ); ?>
 				<br class="clear" />
@@ -218,6 +254,14 @@ class WP_Plugin_Install_List_Table extends WP_List_Table {
 				}
 			}

+			/**
+			 * Filter the install action links for a plugin.
+			 *
+			 * @since 2.7.0
+			 *
+			 * @param array $action_links An array of plugin action hyperlinks. Defaults are links to Details and Install Now.
+			 * @param array $plugin       The plugin currently being listed.
+			 */
 			$action_links = apply_filters( 'plugin_install_action_links', $action_links, $plugin );
 		?>
 		<tr>
--- a/wp-admin/includes/class-wp-plugins-list-table.php
+++ b/wp-admin/includes/class-wp-plugins-list-table.php
@@ -99,7 +99,7 @@ class WP_Plugins_List_Table extends WP_List_Table {

 		if ( $s ) {
 			$status = 'search';
-			$plugins['search'] = array_filter( $plugins['all'], array( &$this, '_search_callback' ) );
+			$plugins['search'] = array_filter( $plugins['all'], array( $this, '_search_callback' ) );
 		}

 		$totals = array();
@@ -121,7 +121,7 @@ class WP_Plugins_List_Table extends WP_List_Table {
 			$orderby = ucfirst( $orderby );
 			$order = strtoupper( $order );

-			uasort( $this->items, array( &$this, '_order_callback' ) );
+			uasort( $this->items, array( $this, '_order_callback' ) );
 		}

 		$plugins_per_page = $this->get_items_per_page( str_replace( '-', '_', $screen->id . '_per_page' ), 999 );
@@ -321,7 +321,7 @@ class WP_Plugins_List_Table extends WP_List_Table {
 			if ( true === ( $dropins[ $plugin_file ][1] ) ) { // Doesn't require a constant
 				$is_active = true;
 				$description = '<p><strong>' . $dropins[ $plugin_file ][0] . '</strong></p>';
-			} elseif ( constant( $dropins[ $plugin_file ][1] ) ) { // Constant is true
+			} elseif ( defined( $dropins[ $plugin_file ][1] ) && constant( $dropins[ $plugin_file ][1] ) ) { // Constant is true
 				$is_active = true;
 				$description = '<p><strong>' . $dropins[ $plugin_file ][0] . '</strong></p>';
 			} else {
--- a/wp-admin/includes/class-wp-posts-list-table.php
+++ b/wp-admin/includes/class-wp-posts-list-table.php
@@ -57,9 +57,10 @@ class WP_Posts_List_Table extends WP_List_Table {
 		$post_type_object = get_post_type_object( $post_type );

 		if ( !current_user_can( $post_type_object->cap->edit_others_posts ) ) {
+			$exclude_states = get_post_stati( array( 'show_in_admin_all_list' => false ) );
 			$this->user_posts_count = $wpdb->get_var( $wpdb->prepare( "
 				SELECT COUNT( 1 ) FROM $wpdb->posts
-				WHERE post_type = %s AND post_status NOT IN ( 'trash', 'auto-draft' )
+				WHERE post_type = %s AND post_status NOT IN ( '" . implode( "','", $exclude_states ) . "' )
 				AND post_author = %d
 			", $post_type, get_current_user_id() ) );

@@ -69,7 +70,7 @@ class WP_Posts_List_Table extends WP_List_Table {

 		if ( 'post' == $post_type && $sticky_posts = get_option( 'sticky_posts' ) ) {
 			$sticky_posts = implode( ', ', array_map( 'absint', (array) $sticky_posts ) );
-			$this->sticky_posts_count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT( 1 ) FROM $wpdb->posts WHERE post_type = %s AND post_status != 'trash' AND ID IN ($sticky_posts)", $post_type ) );
+			$this->sticky_posts_count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT( 1 ) FROM $wpdb->posts WHERE post_type = %s AND post_status NOT IN ('trash', 'auto-draft') AND ID IN ($sticky_posts)", $post_type ) );
 		}
 	}

@@ -417,12 +418,12 @@ class WP_Posts_List_Table extends WP_List_Table {
 	 *
 	 * @since 3.1.0 (Standalone function exists since 2.6.0)
 	 *
-	 * @param unknown_type $children_pages
-	 * @param unknown_type $count
-	 * @param unknown_type $parent
-	 * @param unknown_type $level
-	 * @param unknown_type $pagenum
-	 * @param unknown_type $per_page
+	 * @param array $children_pages
+	 * @param int $count
+	 * @param int $parent
+	 * @param int $level
+	 * @param int $pagenum
+	 * @param int $per_page
 	 */
 	function _page_rows( &$children_pages, &$count, $parent, $level, $pagenum, $per_page ) {

@@ -539,8 +540,10 @@ class WP_Posts_List_Table extends WP_List_Table {
 							$level++;
 							$find_main_page = (int) $parent->post_parent;

-							if ( !isset( $parent_name ) )
+							if ( !isset( $parent_name ) ) {
+								/** This filter is documented in wp-includes/post-template.php */
 								$parent_name = apply_filters( 'the_title', $parent->post_title, $parent->ID );
+							}
 						}
 					}
 				}
@@ -577,8 +580,9 @@ class WP_Posts_List_Table extends WP_List_Table {
 					echo '<div class="locked-info"><span class="locked-avatar">' . $locked_avatar . '</span> <span class="locked-text">' . $locked_text . "</span></div>\n";
 				}

-				if ( ! $this->hierarchical_display && 'excerpt' == $mode && current_user_can( 'read_post', $post->ID ) )
-						the_excerpt();
+				if ( ! $this->hierarchical_display && 'excerpt' == $mode && current_user_can( 'read_post', $post->ID ) ) {
+						echo esc_html( get_the_excerpt() );
+				}

 				$actions = array();
 				if ( $can_edit_post && 'trash' != $post->post_status ) {
@@ -829,7 +833,7 @@ class WP_Posts_List_Table extends WP_List_Table {
 	<?php if ( !$bulk ) echo $authors_dropdown;
 	endif; // post_type_supports author

-	if ( !$bulk ) :
+	if ( !$bulk && $can_publish ) :
 	?>

 			<div class="inline-edit-group">
@@ -1034,6 +1038,33 @@ class WP_Posts_List_Table extends WP_List_Table {
 	<?php endif; // 'post' && $can_publish && current_user_can( 'edit_others_cap' ) ?>

 			</div>
+
+	<?php
+
+	if ( $bulk && post_type_supports( $screen->post_type, 'post-formats' ) ) {
+		$all_post_formats = get_post_format_strings();
+
+		?>
+		<label class="alignleft" for="post_format">
+		<span class="title"><?php _ex( 'Format', 'post format' ); ?></span>
+		<select name="post_format">
+			<option value="-1"><?php _e( '&mdash; No Change &mdash;' ); ?></option>
+			<?php
+
+			foreach ( $all_post_formats as $slug => $format ) {
+				?>
+				<option value="<?php echo esc_attr( $slug ); ?>"><?php echo esc_html( $format ); ?></option>
+				<?php
+			}
+
+			?>
+		</select></label>
+	<?php
+
+	}
+
+	?>
+
 		</div></fieldset>

 	<?php
@@ -1057,6 +1088,9 @@ class WP_Posts_List_Table extends WP_List_Table {
 			} ?>
 			<input type="hidden" name="post_view" value="<?php echo esc_attr( $m ); ?>" />
 			<input type="hidden" name="screen" value="<?php echo esc_attr( $screen->id ); ?>" />
+			<?php if ( ! $bulk && ! post_type_supports( $screen->post_type, 'author' ) ) { ?>
+				<input type="hidden" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
+			<?php } ?>
 			<span class="error" style="display:none"></span>
 			<br class="clear" />
 		</p>
--- a/wp-admin/includes/class-wp-terms-list-table.php
+++ b/wp-admin/includes/class-wp-terms-list-table.php
@@ -259,7 +259,8 @@ class WP_Terms_List_Table extends WP_List_Table {
 		}
 		if ( current_user_can( $tax->cap->delete_terms ) && $tag->term_id != $default_term )
 			$actions['delete'] = "<a class='delete-tag' href='" . wp_nonce_url( "edit-tags.php?action=delete&amp;taxonomy=$taxonomy&amp;tag_ID=$tag->term_id", 'delete-tag_' . $tag->term_id ) . "'>" . __( 'Delete' ) . "</a>";
-		$actions['view'] = '<a href="' . get_term_link( $tag ) . '">' . __( 'View' ) . '</a>';
+		if ( $tax->public )
+			$actions['view'] = '<a href="' . get_term_link( $tag ) . '">' . __( 'View' ) . '</a>';

 		$actions = apply_filters( 'tag_row_actions', $actions, $tag );
 		$actions = apply_filters( "{$taxonomy}_row_actions", $actions, $tag );
--- a/wp-admin/includes/class-wp-theme-install-list-table.php
+++ b/wp-admin/includes/class-wp-theme-install-list-table.php
@@ -90,8 +90,11 @@ class WP_Theme_Install_List_Table extends WP_Themes_List_Table {

 			default:
 				$args = false;
+				break;
 		}

+		$args = apply_filters( 'install_themes_table_api_args_' . $tab, $args );
+
 		if ( ! $args )
 			return;

--- a/wp-admin/includes/class-wp-themes-list-table.php
+++ b/wp-admin/includes/class-wp-themes-list-table.php
@@ -114,6 +114,16 @@ class WP_Themes_List_Table extends WP_List_Table {
 		return array();
 	}

+	function display_rows_or_placeholder() {
+		if ( $this->has_items() ) {
+			$this->display_rows();
+		} else {
+			echo '<div class="no-items">';
+			$this->no_items();
+			echo '</div>';
+		}
+	}
+
 	function display_rows() {
 		$themes = $this->items;

@@ -149,6 +159,7 @@ class WP_Themes_List_Table extends WP_List_Table {
 					. "' );" . '">' . __( 'Delete' ) . '</a>';

 			$actions       = apply_filters( 'theme_action_links', $actions, $theme );
+			$actions       = apply_filters( "theme_action_links_$stylesheet", $actions, $theme );
 			$delete_action = isset( $actions['delete'] ) ? '<div class="delete-theme">' . $actions['delete'] . '</div>' : '';
 			unset( $actions['delete'] );

--- a/wp-admin/includes/class-wp-upgrader-skins.php
+++ b/wp-admin/includes/class-wp-upgrader-skins.php
@@ -0,0 +1,662 @@
+<?php
+/**
+ * The User Interface "Skins" for the WordPress File Upgrader
+ *
+ * @package WordPress
+ * @subpackage Upgrader
+ * @since 2.8.0
+ */
+
+/**
+ * Generic Skin for the WordPress Upgrader classes. This skin is designed to be extended for specific purposes.
+ *
+ * @package WordPress
+ * @subpackage Upgrader
+ * @since 2.8.0
+ */
+class WP_Upgrader_Skin {
+
+	var $upgrader;
+	var $done_header = false;
+	var $result = false;
+
+	function __construct($args = array()) {
+		$defaults = array( 'url' => '', 'nonce' => '', 'title' => '', 'context' => false );
+		$this->options = wp_parse_args($args, $defaults);
+	}
+
+	function set_upgrader(&$upgrader) {
+		if ( is_object($upgrader) )
+			$this->upgrader =& $upgrader;
+		$this->add_strings();
+	}
+
+	function add_strings() {
+	}
+
+	function set_result($result) {
+		$this->result = $result;
+	}
+
+	function request_filesystem_credentials($error = false) {
+		$url = $this->options['url'];
+		$context = $this->options['context'];
+		if ( !empty($this->options['nonce']) )
+			$url = wp_nonce_url($url, $this->options['nonce']);
+		return request_filesystem_credentials($url, '', $error, $context); //Possible to bring inline, Leaving as is for now.
+	}
+
+	function header() {
+		if ( $this->done_header )
+			return;
+		$this->done_header = true;
+		echo '<div class="wrap">';
+		screen_icon();
+		echo '<h2>' . $this->options['title'] . '</h2>';
+	}
+	function footer() {
+		echo '</div>';
+	}
+
+	function error($errors) {
+		if ( ! $this->done_header )
+			$this->header();
+		if ( is_string($errors) ) {
+			$this->feedback($errors);
+		} elseif ( is_wp_error($errors) && $errors->get_error_code() ) {
+			foreach ( $errors->get_error_messages() as $message ) {
+				if ( $errors->get_error_data() && is_string( $errors->get_error_data() ) )
+					$this->feedback($message . ' ' . esc_html( $errors->get_error_data() ) );
+				else
+					$this->feedback($message);
+			}
+		}
+	}
+
+	function feedback($string) {
+		if ( isset( $this->upgrader->strings[$string] ) )
+			$string = $this->upgrader->strings[$string];
+
+		if ( strpos($string, '%') !== false ) {
+			$args = func_get_args();
+			$args = array_splice($args, 1);
+			if ( $args ) {
+				$args = array_map( 'strip_tags', $args );
+				$args = array_map( 'esc_html', $args );
+				$string = vsprintf($string, $args);
+			}
+		}
+		if ( empty($string) )
+			return;
+		show_message($string);
+	}
+	function before() {}
+	function after() {}
+
+}
+
+/**
+ * Plugin Upgrader Skin for WordPress Plugin Upgrades.
+ *
+ * @package WordPress
+ * @subpackage Upgrader
+ * @since 2.8.0
+ */
+class Plugin_Upgrader_Skin extends WP_Upgrader_Skin {
+	var $plugin = '';
+	var $plugin_active = false;
+	var $plugin_network_active = false;
+
+	function __construct($args = array()) {
+		$defaults = array( 'url' => '', 'plugin' => '', 'nonce' => '', 'title' => __('Update Plugin') );
+		$args = wp_parse_args($args, $defaults);
+
+		$this->plugin = $args['plugin'];
+
+		$this->plugin_active = is_plugin_active( $this->plugin );
+		$this->plugin_network_active = is_plugin_active_for_network( $this->plugin );
+
+		parent::__construct($args);
+	}
+
+	function after() {
+		$this->plugin = $this->upgrader->plugin_info();
+		if ( !empty($this->plugin) && !is_wp_error($this->result) && $this->plugin_active ){
+			echo '<iframe style="border:0;overflow:hidden" width="100%" height="170px" src="' . wp_nonce_url('update.php?action=activate-plugin&networkwide=' . $this->plugin_network_active . '&plugin=' . urlencode( $this->plugin ), 'activate-plugin_' . $this->plugin) .'"></iframe>';
+		}
+
+		$update_actions =  array(
+			'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . urlencode( $this->plugin ), 'activate-plugin_' . $this->plugin) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin') . '</a>',
+			'plugins_page' => '<a href="' . self_admin_url('plugins.php') . '" title="' . esc_attr__('Go to plugins page') . '" target="_parent">' . __('Return to Plugins page') . '</a>'
+		);
+		if ( $this->plugin_active || ! $this->result || is_wp_error( $this->result ) || ! current_user_can( 'activate_plugins' ) )
+			unset( $update_actions['activate_plugin'] );
+
+		$update_actions = apply_filters('update_plugin_complete_actions', $update_actions, $this->plugin);
+		if ( ! empty($update_actions) )
+			$this->feedback(implode(' | ', (array)$update_actions));
+	}
+
+	function before() {
+		if ( $this->upgrader->show_before ) {
+			echo $this->upgrader->show_before;
+			$this->upgrader->show_before = '';
+		}
+	}
+}
+
+/**
+ * Plugin Upgrader Skin for WordPress Plugin Upgrades.
+ *
+ * @package WordPress
+ * @subpackage Upgrader
+ * @since 3.0.0
+ */
+class Bulk_Upgrader_Skin extends WP_Upgrader_Skin {
+	var $in_loop = false;
+	var $error = false;
+
+	function __construct($args = array()) {
+		$defaults = array( 'url' => '', 'nonce' => '' );
+		$args = wp_parse_args($args, $defaults);
+
+		parent::__construct($args);
+	}
+
+	function add_strings() {
+		$this->upgrader->strings['skin_upgrade_start'] = __('The update process is starting. This process may take a while on some hosts, so please be patient.');
+		$this->upgrader->strings['skin_update_failed_error'] = __('An error occurred while updating %1$s: <strong>%2$s</strong>');
+		$this->upgrader->strings['skin_update_failed'] = __('The update of %1$s failed.');
+		$this->upgrader->strings['skin_update_successful'] = __('%1$s updated successfully.').' <a onclick="%2$s" href="#" class="hide-if-no-js"><span>'.__('Show Details').'</span><span class="hidden">'.__('Hide Details').'</span>.</a>';
+		$this->upgrader->strings['skin_upgrade_end'] = __('All updates have been completed.');
+	}
+
+	function feedback($string) {
+		if ( isset( $this->upgrader->strings[$string] ) )
+			$string = $this->upgrader->strings[$string];
+
+		if ( strpos($string, '%') !== false ) {
+			$args = func_get_args();
+			$args = array_splice($args, 1);
+			if ( $args ) {
+				$args = array_map( 'strip_tags', $args );
+				$args = array_map( 'esc_html', $args );
+				$string = vsprintf($string, $args);
+			}
+		}
+		if ( empty($string) )
+			return;
+		if ( $this->in_loop )
+			echo "$string<br />\n";
+		else
+			echo "<p>$string</p>\n";
+	}
+
+	function header() {
+		// Nothing, This will be displayed within a iframe.
+	}
+
+	function footer() {
+		// Nothing, This will be displayed within a iframe.
+	}
+	function error($error) {
+		if ( is_string($error) && isset( $this->upgrader->strings[$error] ) )
+			$this->error = $this->upgrader->strings[$error];
+
+		if ( is_wp_error($error) ) {
+			foreach ( $error->get_error_messages() as $emessage ) {
+				if ( $error->get_error_data() && is_string( $error->get_error_data() ) )
+					$messages[] = $emessage . ' ' . esc_html( $error->get_error_data() );
+				else
+					$messages[] = $emessage;
+			}
+			$this->error = implode(', ', $messages);
+		}
+		echo '<script type="text/javascript">jQuery(\'.waiting-' . esc_js($this->upgrader->update_current) . '\').hide();</script>';
+	}
+
+	function bulk_header() {
+		$this->feedback('skin_upgrade_start');
+	}
+
+	function bulk_footer() {
+		$this->feedback('skin_upgrade_end');
+	}
+
+	function before($title = '') {
+		$this->in_loop = true;
+		printf( '<h4>' . $this->upgrader->strings['skin_before_update_header'] . ' <span class="spinner waiting-' . $this->upgrader->update_current . '"></span></h4>',  $title, $this->upgrader->update_current, $this->upgrader->update_count);
+		echo '<script type="text/javascript">jQuery(\'.waiting-' . esc_js($this->upgrader->update_current) . '\').css("display", "inline-block");</script>';
+		echo '<div class="update-messages hide-if-js" id="progress-' . esc_attr($this->upgrader->update_current) . '"><p>';
+		$this->flush_output();
+	}
+
+	function after($title = '') {
+		echo '</p></div>';
+		if ( $this->error || ! $this->result ) {
+			if ( $this->error )
+				echo '<div class="error"><p>' . sprintf($this->upgrader->strings['skin_update_failed_error'], $title, $this->error) . '</p></div>';
+			else
+				echo '<div class="error"><p>' . sprintf($this->upgrader->strings['skin_update_failed'], $title) . '</p></div>';
+
+			echo '<script type="text/javascript">jQuery(\'#progress-' . esc_js($this->upgrader->update_current) . '\').show();</script>';
+		}
+		if ( $this->result && ! is_wp_error( $this->result ) ) {
+			if ( ! $this->error )
+				echo '<div class="updated"><p>' . sprintf($this->upgrader->strings['skin_update_successful'], $title, 'jQuery(\'#progress-' . esc_js($this->upgrader->update_current) . '\').toggle();jQuery(\'span\', this).toggle(); return false;') . '</p></div>';
+			echo '<script type="text/javascript">jQuery(\'.waiting-' . esc_js($this->upgrader->update_current) . '\').hide();</script>';
+		}
+
+		$this->reset();
+		$this->flush_output();
+	}
+
+	function reset() {
+		$this->in_loop = false;
+		$this->error = false;
+	}
+
+	function flush_output() {
+		wp_ob_end_flush_all();
+		flush();
+	}
+}
+
+class Bulk_Plugin_Upgrader_Skin extends Bulk_Upgrader_Skin {
+	var $plugin_info = array(); // Plugin_Upgrader::bulk() will fill this in.
+
+	function __construct($args = array()) {
+		parent::__construct($args);
+	}
+
+	function add_strings() {
+		parent::add_strings();
+		$this->upgrader->strings['skin_before_update_header'] = __('Updating Plugin %1$s (%2$d/%3$d)');
+	}
+
+	function before($title = '') {
+		parent::before($this->plugin_info['Title']);
+	}
+
+	function after($title = '') {
+		parent::after($this->plugin_info['Title']);
+	}
+	function bulk_footer() {
+		parent::bulk_footer();
+		$update_actions =  array(
+			'plugins_page' => '<a href="' . self_admin_url('plugins.php') . '" title="' . esc_attr__('Go to plugins page') . '" target="_parent">' . __('Return to Plugins page') . '</a>',
+			'updates_page' => '<a href="' . self_admin_url('update-core.php') . '" title="' . esc_attr__('Go to WordPress Updates page') . '" target="_parent">' . __('Return to WordPress Updates') . '</a>'
+		);
+		if ( ! current_user_can( 'activate_plugins' ) )
+			unset( $update_actions['plugins_page'] );
+
+		$update_actions = apply_filters('update_bulk_plugins_complete_actions', $update_actions, $this->plugin_info);
+		if ( ! empty($update_actions) )
+			$this->feedback(implode(' | ', (array)$update_actions));
+	}
+}
+
+class Bulk_Theme_Upgrader_Skin extends Bulk_Upgrader_Skin {
+	var $theme_info = array(); // Theme_Upgrader::bulk() will fill this in.
+
+	function __construct($args = array()) {
+		parent::__construct($args);
+	}
+
+	function add_strings() {
+		parent::add_strings();
+		$this->upgrader->strings['skin_before_update_header'] = __('Updating Theme %1$s (%2$d/%3$d)');
+	}
+
+	function before($title = '') {
+		parent::before( $this->theme_info->display('Name') );
+	}
+
+	function after($title = '') {
+		parent::after( $this->theme_info->display('Name') );
+	}
+
+	function bulk_footer() {
+		parent::bulk_footer();
+		$update_actions =  array(
+			'themes_page' => '<a href="' . self_admin_url('themes.php') . '" title="' . esc_attr__('Go to themes page') . '" target="_parent">' . __('Return to Themes page') . '</a>',
+			'updates_page' => '<a href="' . self_admin_url('update-core.php') . '" title="' . esc_attr__('Go to WordPress Updates page') . '" target="_parent">' . __('Return to WordPress Updates') . '</a>'
+		);
+		if ( ! current_user_can( 'switch_themes' ) && ! current_user_can( 'edit_theme_options' ) )
+			unset( $update_actions['themes_page'] );
+
+		$update_actions = apply_filters('update_bulk_theme_complete_actions', $update_actions, $this->theme_info );
+		if ( ! empty($update_actions) )
+			$this->feedback(implode(' | ', (array)$update_actions));
+	}
+}
+
+/**
+ * Plugin Installer Skin for WordPress Plugin Installer.
+ *
+ * @package WordPress
+ * @subpackage Upgrader
+ * @since 2.8.0
+ */
+class Plugin_Installer_Skin extends WP_Upgrader_Skin {
+	var $api;
+	var $type;
+
+	function __construct($args = array()) {
+		$defaults = array( 'type' => 'web', 'url' => '', 'plugin' => '', 'nonce' => '', 'title' => '' );
+		$args = wp_parse_args($args, $defaults);
+
+		$this->type = $args['type'];
+		$this->api = isset($args['api']) ? $args['api'] : array();
+
+		parent::__construct($args);
+	}
+
+	function before() {
+		if ( !empty($this->api) )
+			$this->upgrader->strings['process_success'] = sprintf( __('Successfully installed the plugin <strong>%s %s</strong>.'), $this->api->name, $this->api->version);
+	}
+
+	function after() {
+
+		$plugin_file = $this->upgrader->plugin_info();
+
+		$install_actions = array();
+
+		$from = isset($_GET['from']) ? wp_unslash( $_GET['from'] ) : 'plugins';
+
+		if ( 'import' == $from )
+			$install_actions['activate_plugin'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;from=import&amp;plugin=' . urlencode( $plugin_file ), 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin &amp; Run Importer') . '</a>';
+		else
+			$install_actions['activate_plugin'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . urlencode( $plugin_file ), 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin') . '</a>';
+
+		if ( is_multisite() && current_user_can( 'manage_network_plugins' ) ) {
+			$install_actions['network_activate'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;networkwide=1&amp;plugin=' . urlencode( $plugin_file ), 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin for all sites in this network') . '" target="_parent">' . __('Network Activate') . '</a>';
+			unset( $install_actions['activate_plugin'] );
+		}
+
+		if ( 'import' == $from )
+			$install_actions['importers_page'] = '<a href="' . admin_url('import.php') . '" title="' . esc_attr__('Return to Importers') . '" target="_parent">' . __('Return to Importers') . '</a>';
+		else if ( $this->type == 'web' )
+			$install_actions['plugins_page'] = '<a href="' . self_admin_url('plugin-install.php') . '" title="' . esc_attr__('Return to Plugin Installer') . '" target="_parent">' . __('Return to Plugin Installer') . '</a>';
+		else
+			$install_actions['plugins_page'] = '<a href="' . self_admin_url('plugins.php') . '" title="' . esc_attr__('Return to Plugins page') . '" target="_parent">' . __('Return to Plugins page') . '</a>';
+
+		if ( ! $this->result || is_wp_error($this->result) ) {
+			unset( $install_actions['activate_plugin'], $install_actions['network_activate'] );
+		} elseif ( ! current_user_can( 'activate_plugins' ) ) {
+			unset( $install_actions['activate_plugin'] );
+		}
+
+		$install_actions = apply_filters('install_plugin_complete_actions', $install_actions, $this->api, $plugin_file);
+		if ( ! empty($install_actions) )
+			$this->feedback(implode(' | ', (array)$install_actions));
+	}
+}
+
+/**
+ * Theme Installer Skin for the WordPress Theme Installer.
+ *
+ * @package WordPress
+ * @subpackage Upgrader
+ * @since 2.8.0
+ */
+class Theme_Installer_Skin extends WP_Upgrader_Skin {
+	var $api;
+	var $type;
+
+	function __construct($args = array()) {
+		$defaults = array( 'type' => 'web', 'url' => '', 'theme' => '', 'nonce' => '', 'title' => '' );
+		$args = wp_parse_args($args, $defaults);
+
+		$this->type = $args['type'];
+		$this->api = isset($args['api']) ? $args['api'] : array();
+
+		parent::__construct($args);
+	}
+
+	function before() {
+		if ( !empty($this->api) )
+			$this->upgrader->strings['process_success'] = sprintf( $this->upgrader->strings['process_success_specific'], $this->api->name, $this->api->version);
+	}
+
+	function after() {
+		if ( empty($this->upgrader->result['destination_name']) )
+			return;
+
+		$theme_info = $this->upgrader->theme_info();
+		if ( empty( $theme_info ) )
+			return;
+
+		$name       = $theme_info->display('Name');
+		$stylesheet = $this->upgrader->result['destination_name'];
+		$template   = $theme_info->get_template();
+
+		$preview_link = add_query_arg( array(
+			'preview'    => 1,
+			'template'   => urlencode( $template ),
+			'stylesheet' => urlencode( $stylesheet ),
+		), trailingslashit( home_url() ) );
+
+		$activate_link = add_query_arg( array(
+			'action'     => 'activate',
+			'template'   => urlencode( $template ),
+			'stylesheet' => urlencode( $stylesheet ),
+		), admin_url('themes.php') );
+		$activate_link = wp_nonce_url( $activate_link, 'switch-theme_' . $stylesheet );
+
+		$install_actions = array();
+		$install_actions['preview']  = '<a href="' . esc_url( $preview_link ) . '" class="hide-if-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Preview') . '</a>';
+		$install_actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="hide-if-no-customize load-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Live Preview') . '</a>';
+		$install_actions['activate'] = '<a href="' . esc_url( $activate_link ) . '" class="activatelink" title="' . esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>';
+
+		if ( is_network_admin() && current_user_can( 'manage_network_themes' ) )
+			$install_actions['network_enable'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=enable&amp;theme=' . urlencode( $stylesheet ), 'enable-theme_' . $stylesheet ) ) . '" title="' . esc_attr__( 'Enable this theme for all sites in this network' ) . '" target="_parent">' . __( 'Network Enable' ) . '</a>';
+
+		if ( $this->type == 'web' )
+			$install_actions['themes_page'] = '<a href="' . self_admin_url('theme-install.php') . '" title="' . esc_attr__('Return to Theme Installer') . '" target="_parent">' . __('Return to Theme Installer') . '</a>';
+		elseif ( current_user_can( 'switch_themes' ) || current_user_can( 'edit_theme_options' ) )
+			$install_actions['themes_page'] = '<a href="' . self_admin_url('themes.php') . '" title="' . esc_attr__('Themes page') . '" target="_parent">' . __('Return to Themes page') . '</a>';
+
+		if ( ! $this->result || is_wp_error($this->result) || is_network_admin() || ! current_user_can( 'switch_themes' ) )
+			unset( $install_actions['activate'], $install_actions['preview'] );
+
+		$install_actions = apply_filters('install_theme_complete_actions', $install_actions, $this->api, $stylesheet, $theme_info);
+		if ( ! empty($install_actions) )
+			$this->feedback(implode(' | ', (array)$install_actions));
+	}
+}
+
+/**
+ * Theme Upgrader Skin for WordPress Theme Upgrades.
+ *
+ * @package WordPress
+ * @subpackage Upgrader
+ * @since 2.8.0
+ */
+class Theme_Upgrader_Skin extends WP_Upgrader_Skin {
+	var $theme = '';
+
+	function __construct($args = array()) {
+		$defaults = array( 'url' => '', 'theme' => '', 'nonce' => '', 'title' => __('Update Theme') );
+		$args = wp_parse_args($args, $defaults);
+
+		$this->theme = $args['theme'];
+
+		parent::__construct($args);
+	}
+
+	function after() {
+
+		$update_actions = array();
+		if ( ! empty( $this->upgrader->result['destination_name'] ) && $theme_info = $this->upgrader->theme_info() ) {
+			$name       = $theme_info->display('Name');
+			$stylesheet = $this->upgrader->result['destination_name'];
+			$template   = $theme_info->get_template();
+
+			$preview_link = add_query_arg( array(
+				'preview'    => 1,
+				'template'   => urlencode( $template ),
+				'stylesheet' => urlencode( $stylesheet ),
+			), trailingslashit( home_url() ) );
+
+			$activate_link = add_query_arg( array(
+				'action'     => 'activate',
+				'template'   => urlencode( $template ),
+				'stylesheet' => urlencode( $stylesheet ),
+			), admin_url('themes.php') );
+			$activate_link = wp_nonce_url( $activate_link, 'switch-theme_' . $stylesheet );
+
+			if ( get_stylesheet() == $stylesheet ) {
+				if ( current_user_can( 'edit_theme_options' ) )
+					$update_actions['preview']  = '<a href="' . wp_customize_url( $stylesheet ) . '" class="hide-if-no-customize load-customize" title="' . esc_attr( sprintf( __('Customize &#8220;%s&#8221;'), $name ) ) . '">' . __('Customize') . '</a>';
+			} elseif ( current_user_can( 'switch_themes' ) ) {
+				$update_actions['preview']  = '<a href="' . esc_url( $preview_link ) . '" class="hide-if-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Preview') . '</a>';
+				$update_actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="hide-if-no-customize load-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Live Preview') . '</a>';
+				$update_actions['activate'] = '<a href="' . esc_url( $activate_link ) . '" class="activatelink" title="' . esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>';
+			}
+
+			if ( ! $this->result || is_wp_error( $this->result ) || is_network_admin() )
+				unset( $update_actions['preview'], $update_actions['activate'] );
+		}
+
+		$update_actions['themes_page'] = '<a href="' . self_admin_url('themes.php') . '" title="' . esc_attr__('Return to Themes page') . '" target="_parent">' . __('Return to Themes page') . '</a>';
+
+		$update_actions = apply_filters('update_theme_complete_actions', $update_actions, $this->theme);
+		if ( ! empty($update_actions) )
+			$this->feedback(implode(' | ', (array)$update_actions));
+	}
+}
+
+/**
+ * Translation Upgrader Skin for WordPress Translation Upgrades.
+ *
+ * @package WordPress
+ * @subpackage Upgrader
+ * @since 3.7.0
+ */
+class Language_Pack_Upgrader_Skin extends WP_Upgrader_Skin {
+	var $language_update = null;
+	var $done_header = false;
+	var $display_footer_actions = true;
+
+	function __construct( $args = array() ) {
+		$defaults = array( 'url' => '', 'nonce' => '', 'title' => __( 'Update Translations' ), 'skip_header_footer' => false );
+		$args = wp_parse_args( $args, $defaults );
+		if ( $args['skip_header_footer'] ) {
+			$this->done_header = true;
+			$this->display_footer_actions = false;
+		}
+		parent::__construct( $args );
+	}
+
+	function before() {
+		$name = $this->upgrader->get_name_for_update( $this->language_update );
+
+		echo '<div class="update-messages lp-show-latest">';
+
+		printf( '<h4>' . __( 'Updating translations for %1$s (%2$s)&#8230;' ) . '</h4>', $name, $this->language_update->language );
+	}
+
+	function error( $error ) {
+		echo '<div class="lp-error">';
+		parent::error( $error );
+		echo '</div>';
+	}
+
+	function after() {
+		echo '</div>';
+	}
+
+	function bulk_footer() {
+		$update_actions = array();
+		$update_actions['updates_page'] = '<a href="' . self_admin_url( 'update-core.php' ) . '" title="' . esc_attr__( 'Go to WordPress Updates page' ) . '" target="_parent">' . __( 'Return to WordPress Updates' ) . '</a>';
+		$update_actions = apply_filters( 'update_translations_complete_actions', $update_actions );
+
+		if ( $update_actions && $this->display_footer_actions )
+			$this->feedback( implode( ' | ', $update_actions ) );
+
+		parent::footer();
+	}
+}
+
+/**
+ * Upgrader Skin for Automatic WordPress Upgrades
+ *
+ * This skin is designed to be used when no output is intended, all output
+ * is captured and stored for the caller to process and log/email/discard.
+ *
+ * @package WordPress
+ * @subpackage Upgrader
+ * @since 3.7.0
+ */
+class Automatic_Upgrader_Skin extends WP_Upgrader_Skin {
+	protected $messages = array();
+
+	function request_filesystem_credentials( $error = false, $context = '' ) {
+		if ( $context )
+			$this->options['context'] = $context;
+		// TODO: fix up request_filesystem_credentials(), or split it, to allow us to request a no-output version
+		// This will output a credentials form in event of failure, We don't want that, so just hide with a buffer
+		ob_start();
+		$result = parent::request_filesystem_credentials( $error );
+		ob_end_clean();
+		return $result;
+	}
+
+	function get_upgrade_messages() {
+		return $this->messages;
+	}
+
+	function feedback( $data ) {
+		if ( is_wp_error( $data ) )
+			$string = $data->get_error_message();
+		else if ( is_array( $data ) )
+			return;
+		else
+			$string = $data;
+
+		if ( ! empty( $this->upgrader->strings[ $string ] ) )
+			$string = $this->upgrader->strings[ $string ];
+
+		if ( strpos( $string, '%' ) !== false ) {
+			$args = func_get_args();
+			$args = array_splice( $args, 1 );
+			if ( ! empty( $args ) )
+				$string = vsprintf( $string, $args );
+		}
+
+		$string = trim( $string );
+
+		// Only allow basic HTML in the messages, as it'll be used in emails/logs rather than direct browser output.
+		$string = wp_kses( $string, array(
+			'a' => array(
+				'href' => true
+			),
+			'br' => true,
+			'em' => true,
+			'strong' => true,
+		) );
+
+		if ( empty( $string ) )
+			return;
+
+		$this->messages[] = $string;
+	}
+
+	function header() {
+		ob_start();
+	}
+
+	function footer() {
+		$output = ob_get_contents();
+		if ( ! empty( $output ) )
+			$this->feedback( $output );
+		ob_end_clean();
+	}
+
+	function bulk_header() {}
+	function bulk_footer() {}
+	function before() {}
+	function after() {}
+}
--- a/wp-admin/includes/class-wp-upgrader.php
+++ b/wp-admin/includes/class-wp-upgrader.php
--- a/wp-admin/includes/class-wp-users-list-table.php
+++ b/wp-admin/includes/class-wp-users-list-table.php
@@ -294,7 +294,7 @@ class WP_Users_List_Table extends WP_List_Table {
 					$r .= "<td $attributes>$user_object->first_name $user_object->last_name</td>";
 					break;
 				case 'email':
-					$r .= "<td $attributes><a href='mailto:$email' title='" . esc_attr( sprintf( __( 'E-mail: %s' ), $email ) ) . "'>$email</a></td>";
+					$r .= "<td $attributes><a href='" . esc_url( "mailto:$email" ) . "' title='" . esc_attr( sprintf( __( 'E-mail: %s' ), $email ) ) . "'>$email</a></td>";
 					break;
 				case 'role':
 					$r .= "<td $attributes>$role_name</td>";
--- a/wp-admin/includes/comment.php
+++ b/wp-admin/includes/comment.php
@@ -36,12 +36,18 @@ function edit_comment() {
 	if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) )
 		wp_die ( __( 'You are not allowed to edit comments on this post.' ) );

-	$_POST['comment_author'] = $_POST['newcomment_author'];
-	$_POST['comment_author_email'] = $_POST['newcomment_author_email'];
-	$_POST['comment_author_url'] = $_POST['newcomment_author_url'];
-	$_POST['comment_approved'] = $_POST['comment_status'];
-	$_POST['comment_content'] = $_POST['content'];
-	$_POST['comment_ID'] = (int) $_POST['comment_ID'];
+	if ( isset( $_POST['newcomment_author'] ) )
+		$_POST['comment_author'] = $_POST['newcomment_author'];
+	if ( isset( $_POST['newcomment_author_email'] ) )
+		$_POST['comment_author_email'] = $_POST['newcomment_author_email'];
+	if ( isset( $_POST['newcomment_author_url'] ) )
+		$_POST['comment_author_url'] = $_POST['newcomment_author_url'];
+	if ( isset( $_POST['comment_status'] ) )
+		$_POST['comment_approved'] = $_POST['comment_status'];
+	if ( isset( $_POST['content'] ) )
+		$_POST['comment_content'] = $_POST['content'];
+	if ( isset( $_POST['comment_ID'] ) )
+		$_POST['comment_ID'] = (int) $_POST['comment_ID'];

 	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
 		if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
@@ -83,7 +89,14 @@ function get_comment_to_edit( $id ) {
 	$comment->comment_post_ID = (int) $comment->comment_post_ID;

 	$comment->comment_content = format_to_edit( $comment->comment_content );
-	$comment->comment_content = apply_filters( 'comment_edit_pre', $comment->comment_content);
+	/**
+	 * Filter the comment content before editing.
+	 *
+	 * @since 2.0.0
+	 *
+	 * @param string $comment->comment_content Comment content.
+	 */
+	$comment->comment_content = apply_filters( 'comment_edit_pre', $comment->comment_content );

 	$comment->comment_author = format_to_edit( $comment->comment_author );
 	$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
@@ -148,7 +161,7 @@ function get_pending_comments_num( $post_id ) {
 */
 function floated_admin_avatar( $name ) {
 	global $comment;
-	$avatar = get_avatar( $comment, 32 );
+	$avatar = get_avatar( $comment, 32, 'mystery' );
 	return "$avatar $name";
 }

--- a/wp-admin/includes/dashboard.php
+++ b/wp-admin/includes/dashboard.php
@@ -142,11 +142,13 @@ function wp_dashboard_setup() {
 	if ( $update )
 		update_option( 'dashboard_widget_options', $widget_options );

+	/** This action is documented in wp-admin/edit-form-advanced.php */
 	do_action('do_meta_boxes', $screen->id, 'normal', '');
+	/** This action is documented in wp-admin/edit-form-advanced.php */
 	do_action('do_meta_boxes', $screen->id, 'side', '');
 }

-function wp_add_dashboard_widget( $widget_id, $widget_name, $callback, $control_callback = null ) {
+function wp_add_dashboard_widget( $widget_id, $widget_name, $callback, $control_callback = null, $callback_args = null ) {
 	$screen = get_current_screen();
 	global $wp_dashboard_control_callbacks;

@@ -177,7 +179,7 @@ function wp_add_dashboard_widget( $widget_id, $widget_name, $callback, $control_
 	if ( 'dashboard_browser_nag' === $widget_id )
 		$priority = 'high';

-	add_meta_box( $widget_id, $widget_name, $callback, $screen, $location, $priority );
+	add_meta_box( $widget_id, $widget_name, $callback, $screen, $location, $priority, $callback_args );
 }

 function _wp_dashboard_control_callback( $dashboard, $meta_box ) {
@@ -366,7 +368,7 @@ function wp_dashboard_right_now() {

 	if ( $theme->errors() ) {
 		if ( ! is_multisite() || is_super_admin() )
-			echo '<span class="error-message">' . __('ERROR: The themes directory is either empty or doesn&#8217;t exist. Please check your installation.') . '</span>';
+			echo '<span class="error-message">' . sprintf( __( 'ERROR: %s' ), $theme->errors()->get_error_message() ) . '</span>';
 	} elseif ( ! empty($wp_registered_sidebars) ) {
 		$sidebars_widgets = wp_get_sidebars_widgets();
 		$num_widgets = 0;
@@ -486,6 +488,10 @@ function wp_dashboard_quick_press() {
 		$_REQUEST = array(); // hack for get_default_post_to_edit()
 	}

+	if ( ! current_user_can( 'edit_posts' ) ) {
+		return;
+	}
+
 	/* Check if a new auto-draft (= no new post_ID) is needed or if the old can be used */
 	$last_post_id = (int) get_user_option( 'dashboard_quick_press_last_post_id' ); // Get the last post_ID
 	if ( $last_post_id ) {
@@ -656,7 +662,7 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
 	$GLOBALS['comment'] =& $comment;

 	$comment_post_url = get_edit_post_link( $comment->comment_post_ID );
-	$comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
+	$comment_post_title = _draft_or_post_title( $comment->comment_post_ID );
 	$comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
 	$comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';

@@ -710,7 +716,7 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
 		<div id="comment-<?php echo $comment->comment_ID; ?>" <?php comment_class( array( 'comment-item', wp_get_comment_status($comment->comment_ID) ) ); ?>>
 			<?php if ( !$comment->comment_type || 'comment' == $comment->comment_type ) : ?>

-			<?php echo get_avatar( $comment, 50 ); ?>
+			<?php echo get_avatar( $comment, 50, 'mystery' ); ?>

 			<div class="dashboard-comment-wrap">
 			<h4 class="comment-meta">
@@ -1095,6 +1101,7 @@ function wp_dashboard_rss_control( $widget_id, $form_inputs = array() ) {
 	if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget-rss'][$number]) ) {
 		$_POST['widget-rss'][$number] = wp_unslash( $_POST['widget-rss'][$number] );
 		$widget_options[$widget_id] = wp_widget_rss_process( $_POST['widget-rss'][$number] );
+		$widget_options[$widget_id]['number'] = $number;
 		// title is optional. If black, fill it if possible
 		if ( !$widget_options[$widget_id]['title'] && isset($_POST['widget-rss'][$number]['title']) ) {
 			$rss = fetch_feed($widget_options[$widget_id]['url']);
@@ -1225,7 +1232,7 @@ function wp_check_browser_version() {
 			'user-agent'	=> 'WordPress/' . $wp_version . '; ' . home_url()
 		);

-		$response = wp_remote_post( 'http://api.wordpress.org/core/browse-happy/1.0/', $options );
+		$response = wp_remote_post( 'http://api.wordpress.org/core/browse-happy/1.1/', $options );

 		if ( is_wp_error( $response ) || 200 != wp_remote_retrieve_response_code( $response ) )
 			return false;
@@ -1241,7 +1248,7 @@ function wp_check_browser_version() {
 		 *  'img_src' - string - An image representing the browser
 		 *  'img_src_ssl' - string - An image (over SSL) representing the browser
 		 */
-		$response = maybe_unserialize( wp_remote_retrieve_body( $response ) );
+		$response = json_decode( wp_remote_retrieve_body( $response ), true );

 		if ( ! is_array( $response ) )
 			return false;
--- a/wp-admin/includes/deprecated.php
+++ b/wp-admin/includes/deprecated.php
@@ -13,8 +13,8 @@
 */

 /**
- * @since 2.1
- * @deprecated 2.1
+ * @since 2.1.0
+ * @deprecated 2.1.0
 * @deprecated Use wp_editor().
 * @see wp_editor()
 */
@@ -27,8 +27,8 @@ function tinymce_include() {
 /**
 * Unused Admin function.
 *
- * @since 2.0
- * @deprecated 2.5
+ * @since 2.0.0
+ * @deprecated 2.5.0
 *
 */
 function documentation_link() {
@@ -106,6 +106,22 @@ function dropdown_link_categories( $default = 0 ) {
 	wp_link_category_checklist( $link_id );
 }

+/**
+ * Get the real filesystem path to a file to edit within the admin.
+ *
+ * @since 1.5.0
+ * @deprecated 2.9.0
+ * @uses WP_CONTENT_DIR Full filesystem path to the wp-content directory.
+ *
+ * @param string $file Filesystem path relative to the wp-content directory.
+ * @return string Full filesystem path to edit.
+ */
+function get_real_file_to_edit( $file ) {
+	_deprecated_function( __FUNCTION__, '2.9' );
+
+	return WP_CONTENT_DIR . $file;
+}
+
 /**
 * {@internal Missing Short Description}}
 *
@@ -207,7 +223,7 @@ function codepress_footer_js() {
 /**
 * Determine whether to use CodePress.
 *
- * @since 2.8
+ * @since 2.8.0
 * @deprecated 3.0.0
 **/
 function use_codepress() {
@@ -719,7 +735,7 @@ function wp_dashboard_quick_press_output() {

 /**
 * @since 2.7.0
- * @deprecated 3.3
+ * @deprecated 3.3.0
 * @deprecated Use wp_editor()
 * @see wp_editor()
 */
@@ -924,6 +940,7 @@ function get_allowed_themes() {
 * {@internal Missing Short Description}}
 *
 * @since 1.5.0
+ * @deprecated 3.4.0
 *
 * @return unknown
 */
@@ -947,6 +964,7 @@ function get_broken_themes() {
 * {@internal Missing Short Description}}
 *
 * @since 2.0.0
+ * @deprecated 3.4.0
 *
 * @return unknown
 */
@@ -1023,3 +1041,93 @@ function wp_create_thumbnail( $file, $max_side, $deprecated = '' ) {
 	_deprecated_function( __FUNCTION__, '3.5', 'image_resize()' );
 	return apply_filters( 'wp_create_thumbnail', image_resize( $file, $max_side, $max_side ) );
 }
+
+/**
+ * This was once used to display a metabox for the nav menu theme locations.
+ *
+ * Deprecated in favor of a 'Manage Locations' tab added to nav menus management screen.
+ *
+ * @since 3.0.0
+ * @deprecated 3.6.0
+ */
+function wp_nav_menu_locations_meta_box() {
+	_deprecated_function( __FUNCTION__, '3.6' );
+}
+
+/**
+ * This was once used to kick-off the Core Updater.
+ *
+ * Deprecated in favor of instantating a Core_Upgrader instance directly,
+ * and calling the 'upgrade' method.
+ *
+ * @since 2.7.0
+ * @deprecated 3.7.0
+ */
+function wp_update_core($current, $feedback = '') {
+	_deprecated_function( __FUNCTION__, '3.7', 'new Core_Upgrader();' );
+
+	if ( !empty($feedback) )
+		add_filter('update_feedback', $feedback);
+
+	include ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
+	$upgrader = new Core_Upgrader();
+	return $upgrader->upgrade($current);
+
+}
+
+/**
+ * This was once used to kick-off the Plugin Updater.
+ *
+ * Deprecated in favor of instantating a Plugin_Upgrader instance directly,
+ * and calling the 'upgrade' method.
+ * Unused since 2.8.0.
+ *
+ * @since 2.5.0
+ * @deprecated 3.7.0
+ */
+function wp_update_plugin($plugin, $feedback = '') {
+	_deprecated_function( __FUNCTION__, '3.7', 'new Plugin_Upgrader();' );
+
+	if ( !empty($feedback) )
+		add_filter('update_feedback', $feedback);
+
+	include ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
+	$upgrader = new Plugin_Upgrader();
+	return $upgrader->upgrade($plugin);
+}
+
+/**
+ * This was once used to kick-off the Plugin Updater.
+ *
+ * Deprecated in favor of instantating a Plugin_Upgrader instance directly,
+ * and calling the 'upgrade' method.
+ * Unused since 2.8.0.
+ *
+ * @since 2.7.0
+ * @deprecated 3.7.0
+ */
+function wp_update_theme($theme, $feedback = '') {
+	_deprecated_function( __FUNCTION__, '3.7', 'new Theme_Upgrader();' );
+
+	if ( !empty($feedback) )
+		add_filter('update_feedback', $feedback);
+
+	include ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
+	$upgrader = new Theme_Upgrader();
+	return $upgrader->upgrade($theme);
+}
+
+/**
+ * This was once used to display attachment links. Now it is deprecated and stubbed.
+ *
+ * {@internal Missing Short Description}}
+ *
+ * @since 2.0.0
+ * @deprecated 3.7.0
+ *
+ * @param unknown_type $id
+ * @return unknown
+ */
+function the_attachment_links( $id = false ) {
+	_deprecated_function( __FUNCTION__, '3.7' );
+}
--- a/wp-admin/includes/export.php
+++ b/wp-admin/includes/export.php
@@ -367,10 +367,11 @@ function export_wp( $args = array() ) {
 		$is_sticky = is_sticky( $post->ID ) ? 1 : 0;
 ?>
 	<item>
+		<?php /** This filter is documented in wp-includes/feed.php */ ?>
 		<title><?php echo apply_filters( 'the_title_rss', $post->post_title ); ?></title>
 		<link><?php the_permalink_rss() ?></link>
 		<pubDate><?php echo mysql2date( 'D, d M Y H:i:s +0000', get_post_time( 'Y-m-d H:i:s', true ), false ); ?></pubDate>
-		<dc:creator><?php echo get_the_author_meta( 'login' ); ?></dc:creator>
+		<dc:creator><?php echo wxr_cdata( get_the_author_meta( 'login' ) ); ?></dc:creator>
 		<guid isPermaLink="false"><?php the_guid(); ?></guid>
 		<description></description>
 		<content:encoded><?php echo wxr_cdata( apply_filters( 'the_content_export', $post->post_content ) ); ?></content:encoded>
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -93,30 +93,6 @@ function get_home_path() {
 	return str_replace( '\\', '/', $home_path );
 }

-/**
- * Get the real file system path to a file to edit within the admin
- *
- * If the $file is index.php or .htaccess this function will assume it is relative
- * to the install root, otherwise it is assumed the file is relative to the wp-content
- * directory
- *
- * @since 1.5.0
- *
- * @uses get_home_path
- * @uses WP_CONTENT_DIR full filesystem path to the wp-content directory
- * @param string $file filesystem path relative to the WordPress install directory or to the wp-content directory
- * @return string full file system path to edit
- */
-function get_real_file_to_edit( $file ) {
-	if ('index.php' == $file || '.htaccess' == $file ) {
-		$real_file = get_home_path() . $file;
-	} else {
-		$real_file = WP_CONTENT_DIR . $file;
-	}
-
-	return $real_file;
-}
-
 /**
 * Returns a listing of all files in the specified folder and all subdirectories up to 100 levels deep.
 * The depth of the recursiveness can be controlled by the $levels param.
@@ -497,7 +473,7 @@ function download_url( $url, $timeout = 300 ) {
 	if ( ! $tmpfname )
 		return new WP_Error('http_no_file', __('Could not create Temporary file.'));

-	$response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname, 'reject_unsafe_urls' => true ) );
+	$response = wp_safe_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) );

 	if ( is_wp_error( $response ) ) {
 		unlink( $tmpfname );
@@ -509,9 +485,43 @@ function download_url( $url, $timeout = 300 ) {
 		return new WP_Error( 'http_404', trim( wp_remote_retrieve_response_message( $response ) ) );
 	}

+	$content_md5 = wp_remote_retrieve_header( $response, 'content-md5' );
+	if ( $content_md5 ) {
+		$md5_check = verify_file_md5( $tmpfname, $content_md5 );
+		if ( is_wp_error( $md5_check ) ) {
+			unlink( $tmpfname );
+			return $md5_check;
+		}
+	}
+
 	return $tmpfname;
 }

+/**
+ * Calculates and compares the MD5 of a file to it's expected value.
+ *
+ * @since 3.7.0
+ *
+ * @param string $filename The filename to check the MD5 of.
+ * @param string $expected_md5 The expected MD5 of the file, either a base64 encoded raw md5, or a hex-encoded md5
+ * @return bool|object WP_Error on failure, true on success, false when the MD5 format is unknown/unexpected
+ */
+function verify_file_md5( $filename, $expected_md5 ) {
+	if ( 32 == strlen( $expected_md5 ) )
+		$expected_raw_md5 = pack( 'H*', $expected_md5 );
+	elseif ( 24 == strlen( $expected_md5 ) )
+		$expected_raw_md5 = base64_decode( $expected_md5 );
+	else
+		return false; // unknown format
+
+	$file_md5 = md5_file( $filename, true );
+
+	if ( $file_md5 === $expected_raw_md5 )
+		return true;
+
+	return new WP_Error( 'md5_mismatch', sprintf( __( 'The checksum of the file (%1$s) does not match the expected checksum value (%2$s).' ), bin2hex( $file_md5 ), bin2hex( $expected_raw_md5 ) ) );
+}
+
 /**
 * Unzips a specified ZIP file to a location on the Filesystem via the WordPress Filesystem Abstraction.
 * Assumes that WP_Filesystem() has already been called and set up. Does not extract a root-level __MACOSX directory, if present.
@@ -586,24 +596,38 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) {

 	$z = new ZipArchive();

-	// PHP4-compat - php4 classes can't contain constants
-	$zopen = $z->open($file, /* ZIPARCHIVE::CHECKCONS */ 4);
+	$zopen = $z->open( $file, ZIPARCHIVE::CHECKCONS );
 	if ( true !== $zopen )
-		return new WP_Error('incompatible_archive', __('Incompatible Archive.'));
+		return new WP_Error( 'incompatible_archive', __( 'Incompatible Archive.' ), array( 'ziparchive_error' => $zopen ) );
+
+	$uncompressed_size = 0;

 	for ( $i = 0; $i < $z->numFiles; $i++ ) {
 		if ( ! $info = $z->statIndex($i) )
-			return new WP_Error('stat_failed', __('Could not retrieve file from archive.'));
+			return new WP_Error( 'stat_failed_ziparchive', __( 'Could not retrieve file from archive.' ) );

 		if ( '__MACOSX/' === substr($info['name'], 0, 9) ) // Skip the OS X-created __MACOSX directory
 			continue;

+		$uncompressed_size += $info['size'];
+
 		if ( '/' == substr($info['name'], -1) ) // directory
 			$needed_dirs[] = $to . untrailingslashit($info['name']);
 		else
 			$needed_dirs[] = $to . untrailingslashit(dirname($info['name']));
 	}

+	/*
+	 * disk_free_space() could return false. Assume that any falsey value is an error.
+	 * A disk that has zero free bytes has bigger problems.
+	 * Require we have enough space to unzip the file and copy its contents, with a 10% buffer.
+	 */
+	if ( defined( 'DOING_CRON' ) && DOING_CRON ) {
+		$available_space = @disk_free_space( WP_CONTENT_DIR );
+		if ( $available_space && ( $uncompressed_size * 2.1 ) > $available_space )
+			return new WP_Error( 'disk_full_unzip_file', __( 'Could not copy files. You may have run out of disk space.' ), compact( 'uncompressed_size', 'available_space' ) );
+	}
+
 	$needed_dirs = array_unique($needed_dirs);
 	foreach ( $needed_dirs as $dir ) {
 		// Check the parent folders of the folders all exist within the creation array.
@@ -623,13 +647,13 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) {
 	// Create those directories if need be:
 	foreach ( $needed_dirs as $_dir ) {
 		if ( ! $wp_filesystem->mkdir($_dir, FS_CHMOD_DIR) && ! $wp_filesystem->is_dir($_dir) ) // Only check to see if the Dir exists upon creation failure. Less I/O this way.
-			return new WP_Error('mkdir_failed', __('Could not create directory.'), $_dir);
+			return new WP_Error( 'mkdir_failed_ziparchive', __( 'Could not create directory.' ), substr( $_dir, strlen( $to ) ) );
 	}
 	unset($needed_dirs);

 	for ( $i = 0; $i < $z->numFiles; $i++ ) {
 		if ( ! $info = $z->statIndex($i) )
-			return new WP_Error('stat_failed', __('Could not retrieve file from archive.'));
+			return new WP_Error( 'stat_failed_ziparchive', __( 'Could not retrieve file from archive.' ) );

 		if ( '/' == substr($info['name'], -1) ) // directory
 			continue;
@@ -639,10 +663,10 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) {

 		$contents = $z->getFromIndex($i);
 		if ( false === $contents )
-			return new WP_Error('extract_failed', __('Could not extract file from archive.'), $info['name']);
+			return new WP_Error( 'extract_failed_ziparchive', __( 'Could not extract file from archive.' ), $info['name'] );

 		if ( ! $wp_filesystem->put_contents( $to . $info['name'], $contents, FS_CHMOD_FILE) )
-			return new WP_Error('copy_failed', __('Could not copy file.'), $to . $info['name']);
+			return new WP_Error( 'copy_failed_ziparchive', __( 'Could not copy file.' ), $info['name'] );
 	}

 	$z->close();
@@ -666,11 +690,7 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) {
 function _unzip_file_pclzip($file, $to, $needed_dirs = array()) {
 	global $wp_filesystem;

-	// See #15789 - PclZip uses string functions on binary data, If it's overloaded with Multibyte safe functions the results are incorrect.
-	if ( ini_get('mbstring.func_overload') && function_exists('mb_internal_encoding') ) {
-		$previous_encoding = mb_internal_encoding();
-		mb_internal_encoding('ISO-8859-1');
-	}
+	mbstring_binary_safe_encoding();

 	require_once(ABSPATH . 'wp-admin/includes/class-pclzip.php');

@@ -678,24 +698,38 @@ function _unzip_file_pclzip($file, $to, $needed_dirs = array()) {

 	$archive_files = $archive->extract(PCLZIP_OPT_EXTRACT_AS_STRING);

-	if ( isset($previous_encoding) )
-		mb_internal_encoding($previous_encoding);
+	reset_mbstring_encoding();

 	// Is the archive valid?
 	if ( !is_array($archive_files) )
 		return new WP_Error('incompatible_archive', __('Incompatible Archive.'), $archive->errorInfo(true));

 	if ( 0 == count($archive_files) )
-		return new WP_Error('empty_archive', __('Empty archive.'));
+		return new WP_Error( 'empty_archive_pclzip', __( 'Empty archive.' ) );
+
+	$uncompressed_size = 0;

 	// Determine any children directories needed (From within the archive)
 	foreach ( $archive_files as $file ) {
 		if ( '__MACOSX/' === substr($file['filename'], 0, 9) ) // Skip the OS X-created __MACOSX directory
 			continue;

+		$uncompressed_size += $file['size'];
+
 		$needed_dirs[] = $to . untrailingslashit( $file['folder'] ? $file['filename'] : dirname($file['filename']) );
 	}

+	/*
+	 * disk_free_space() could return false. Assume that any falsey value is an error.
+	 * A disk that has zero free bytes has bigger problems.
+	 * Require we have enough space to unzip the file and copy its contents, with a 10% buffer.
+	 */
+	if ( defined( 'DOING_CRON' ) && DOING_CRON ) {
+		$available_space = @disk_free_space( WP_CONTENT_DIR );
+		if ( $available_space && ( $uncompressed_size * 2.1 ) > $available_space )
+			return new WP_Error( 'disk_full_unzip_file', __( 'Could not copy files. You may have run out of disk space.' ), compact( 'uncompressed_size', 'available_space' ) );
+	}
+
 	$needed_dirs = array_unique($needed_dirs);
 	foreach ( $needed_dirs as $dir ) {
 		// Check the parent folders of the folders all exist within the creation array.
@@ -714,8 +748,9 @@ function _unzip_file_pclzip($file, $to, $needed_dirs = array()) {

 	// Create those directories if need be:
 	foreach ( $needed_dirs as $_dir ) {
-		if ( ! $wp_filesystem->mkdir($_dir, FS_CHMOD_DIR) && ! $wp_filesystem->is_dir($_dir) ) // Only check to see if the dir exists upon creation failure. Less I/O this way.
-			return new WP_Error('mkdir_failed', __('Could not create directory.'), $_dir);
+		// Only check to see if the dir exists upon creation failure. Less I/O this way.
+		if ( ! $wp_filesystem->mkdir( $_dir, FS_CHMOD_DIR ) && ! $wp_filesystem->is_dir( $_dir ) )
+			return new WP_Error( 'mkdir_failed_pclzip', __( 'Could not create directory.' ), substr( $_dir, strlen( $to ) ) );
 	}
 	unset($needed_dirs);

@@ -728,7 +763,7 @@ function _unzip_file_pclzip($file, $to, $needed_dirs = array()) {
 			continue;

 		if ( ! $wp_filesystem->put_contents( $to . $file['filename'], $file['content'], FS_CHMOD_FILE) )
-			return new WP_Error('copy_failed', __('Could not copy file.'), $to . $file['filename']);
+			return new WP_Error( 'copy_failed_pclzip', __( 'Could not copy file.' ), $file['filename'] );
 	}
 	return true;
 }
@@ -752,31 +787,31 @@ function copy_dir($from, $to, $skip_list = array() ) {
 	$from = trailingslashit($from);
 	$to = trailingslashit($to);

-	$skip_regex = '';
-	foreach ( (array)$skip_list as $key => $skip_file )
-		$skip_regex .= preg_quote($skip_file, '!') . '|';
-
-	if ( !empty($skip_regex) )
-		$skip_regex = '!(' . rtrim($skip_regex, '|') . ')$!i';
-
 	foreach ( (array) $dirlist as $filename => $fileinfo ) {
-		if ( !empty($skip_regex) )
-			if ( preg_match($skip_regex, $from . $filename) )
-				continue;
+		if ( in_array( $filename, $skip_list ) )
+			continue;

 		if ( 'f' == $fileinfo['type'] ) {
 			if ( ! $wp_filesystem->copy($from . $filename, $to . $filename, true, FS_CHMOD_FILE) ) {
 				// If copy failed, chmod file to 0644 and try again.
-				$wp_filesystem->chmod($to . $filename, 0644);
+				$wp_filesystem->chmod( $to . $filename, FS_CHMOD_FILE );
 				if ( ! $wp_filesystem->copy($from . $filename, $to . $filename, true, FS_CHMOD_FILE) )
-					return new WP_Error('copy_failed', __('Could not copy file.'), $to . $filename);
+					return new WP_Error( 'copy_failed_copy_dir', __( 'Could not copy file.' ), $to . $filename );
 			}
 		} elseif ( 'd' == $fileinfo['type'] ) {
 			if ( !$wp_filesystem->is_dir($to . $filename) ) {
 				if ( !$wp_filesystem->mkdir($to . $filename, FS_CHMOD_DIR) )
-					return new WP_Error('mkdir_failed', __('Could not create directory.'), $to . $filename);
+					return new WP_Error( 'mkdir_failed_copy_dir', __( 'Could not create directory.' ), $to . $filename );
 			}
-			$result = copy_dir($from . $filename, $to . $filename, $skip_list);
+
+			// generate the $sub_skip_list for the subdirectory as a sub-set of the existing $skip_list
+			$sub_skip_list = array();
+			foreach ( $skip_list as $skip_item ) {
+				if ( 0 === strpos( $skip_item, $filename . '/' ) )
+					$sub_skip_list[] = preg_replace( '!^' . preg_quote( $filename, '!' ) . '/!i', '', $skip_item );
+			}
+
+			$result = copy_dir($from . $filename, $to . $filename, $sub_skip_list);
 			if ( is_wp_error($result) )
 				return $result;
 		}
@@ -831,9 +866,9 @@ function WP_Filesystem( $args = false, $context = false ) {

 	// Set the permission constants if not already set.
 	if ( ! defined('FS_CHMOD_DIR') )
-		define('FS_CHMOD_DIR', 0755 );
+		define('FS_CHMOD_DIR', ( fileperms( ABSPATH ) & 0777 | 0755 ) );
 	if ( ! defined('FS_CHMOD_FILE') )
-		define('FS_CHMOD_FILE', 0644 );
+		define('FS_CHMOD_FILE', ( fileperms( ABSPATH . 'index.php' ) & 0777 | 0644 ) );

 	return true;
 }
@@ -860,6 +895,11 @@ function get_filesystem_method($args = array(), $context = false) {
 	if ( ! $method && function_exists('getmyuid') && function_exists('fileowner') ){
 		if ( !$context )
 			$context = WP_CONTENT_DIR;
+
+		// If the directory doesn't exist (wp-content/languages) then use the parent directory as we'll create it.
+		if ( WP_LANG_DIR == $context && ! is_dir( $context ) )
+			$context = dirname( $context );
+
 		$context = trailingslashit($context);
 		$temp_file_name = $context . 'temp-write-test-' . time();
 		$temp_handle = @fopen($temp_file_name, 'w');
@@ -990,9 +1030,8 @@ jQuery(function($){
 -->
 </script>
 <form action="<?php echo esc_url( $form_post ) ?>" method="post">
-<div class="wrap">
-<?php screen_icon(); ?>
-<h2><?php _e('Connection Information') ?></h2>
+<div>
+<h3><?php _e('Connection Information') ?></h3>
 <p><?php
 	$label_user = __('Username');
 	$label_pass = __('Password');
@@ -1025,7 +1064,8 @@ jQuery(function($){

 <tr valign="top">
 <th scope="row"><label for="password"><?php echo $label_pass; ?></label></th>
-<td><input name="password" type="password" id="password" value="<?php if ( defined('FTP_PASS') ) echo '*****'; ?>"<?php disabled( defined('FTP_PASS') ); ?> size="40" /></td>
+<td><div><input name="password" type="password" id="password" value="<?php if ( defined('FTP_PASS') ) echo '*****'; ?>"<?php disabled( defined('FTP_PASS') ); ?> size="40" /></div>
+<div><em><?php if ( ! defined('FTP_PASS') ) _e( 'This password will not be stored on the server.' ); ?></em></div></td>
 </tr>

 <?php if ( isset($types['ssh']) ) : ?>
--- a/wp-admin/includes/image-edit.php
+++ b/wp-admin/includes/image-edit.php
@@ -467,8 +467,8 @@ function stream_preview_image( $post_id ) {
 	$h = $size['height'];

 	$ratio = _image_get_preview_ratio( $w, $h );
-	$w2 = $w * $ratio;
-	$h2 = $h * $ratio;
+	$w2 = max ( 1, $w * $ratio );
+	$h2 = max ( 1, $h * $ratio );

 	if ( is_wp_error( $img->resize( $w2, $h2 ) ) )
 		return false;
@@ -499,6 +499,7 @@ function wp_restore_image($post_id) {
 			if ( defined('IMAGE_EDIT_OVERWRITE') && IMAGE_EDIT_OVERWRITE ) {
 				// delete only if it's edited image
 				if ( preg_match('/-e[0-9]{13}\./', $parts['basename']) ) {
+					/** This filter is documented in wp-admin/custom-header.php */
 					$delpath = apply_filters('wp_delete_file', $file);
 					@unlink($delpath);
 				}
@@ -522,6 +523,7 @@ function wp_restore_image($post_id) {
 				if ( defined('IMAGE_EDIT_OVERWRITE') && IMAGE_EDIT_OVERWRITE ) {
 					// delete only if it's edited image
 					if ( preg_match('/-e[0-9]{13}-/', $meta['sizes'][$default_size]['file']) ) {
+						/** This filter is documented in wp-admin/custom-header.php */
 						$delpath = apply_filters( 'wp_delete_file', path_join($parts['dirname'], $meta['sizes'][$default_size]['file']) );
 						@unlink($delpath);
 					}
@@ -722,6 +724,7 @@ function wp_save_image( $post_id ) {
 	}

 	if ( $delete ) {
+		/** This filter is documented in wp-admin/custom-header.php */
 		$delpath = apply_filters('wp_delete_file', $new_path);
 		@unlink( $delpath );
 	}
--- a/wp-admin/includes/image.php
+++ b/wp-admin/includes/image.php
@@ -314,6 +314,12 @@ function wp_read_image_metadata( $file ) {
 			$meta[ $key ] = utf8_encode( $meta[ $key ] );
 	}

+	foreach ( $meta as &$value ) {
+		if ( is_string( $value ) ) {
+			$value = wp_kses_post( $value );
+		}
+	}
+
 	return apply_filters( 'wp_read_image_metadata', $meta, $file, $sourceImageType );

 }
--- a/wp-admin/includes/import.php
+++ b/wp-admin/includes/import.php
@@ -108,10 +108,10 @@ function wp_get_popular_importers() {
 	$popular_importers = get_site_transient( 'popular_importers_' . $locale );

 	if ( ! $popular_importers ) {
-		$url = add_query_arg( 'locale', get_locale(), 'http://api.wordpress.org/core/importers/1.0/' );
+		$url = add_query_arg( 'locale', get_locale(), 'http://api.wordpress.org/core/importers/1.1/' );
 		$options = array( 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url() );
 		$response = wp_remote_get( $url, $options );
-		$popular_importers = maybe_unserialize( wp_remote_retrieve_body( $response ) );
+		$popular_importers = json_decode( wp_remote_retrieve_body( $response ), true );

 		if ( is_array( $popular_importers ) )
 			set_site_transient( 'popular_importers_' . $locale, $popular_importers, 2 * DAY_IN_SECONDS );
--- a/wp-admin/includes/list-table.php
+++ b/wp-admin/includes/list-table.php
@@ -95,7 +95,7 @@ class _WP_List_Table_Compat extends WP_List_Table {

 		if ( !empty( $columns ) ) {
 			$this->_columns = $columns;
-			add_filter( 'manage_' . $screen->id . '_columns', array( &$this, 'get_columns' ), 0 );
+			add_filter( 'manage_' . $screen->id . '_columns', array( $this, 'get_columns' ), 0 );
 		}
 	}

--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -221,7 +221,7 @@ function media_handle_upload($file_id, $post_id, $post_data = array(), $override
 	$url = $file['url'];
 	$type = $file['type'];
 	$file = $file['file'];
-	$title = $name;
+	$title = sanitize_text_field( $name );
 	$content = '';

 	if ( preg_match( '#^audio#', $type ) ) {
@@ -914,18 +914,19 @@ function media_post_single_attachment_fields_to_edit( $form_fields, $post ) {
 * @param array $attachment {@internal $attachment not used}}
 * @return array
 */
-function image_attachment_fields_to_save($post, $attachment) {
-	if ( substr($post['post_mime_type'], 0, 5) == 'image' ) {
-		if ( strlen(trim($post['post_title'])) == 0 ) {
-			$post['post_title'] = preg_replace('/\.\w+$/', '', basename($post['guid']));
-			$post['errors']['post_title']['errors'][] = __('Empty Title filled from filename.');
+function image_attachment_fields_to_save( $post, $attachment ) {
+	if ( substr( $post['post_mime_type'], 0, 5 ) == 'image' ) {
+		if ( strlen( trim( $post['post_title'] ) ) == 0 ) {
+			$attachment_url = ( isset( $post['attachment_url'] ) ) ? $post['attachment_url'] : $post['guid'];
+			$post['post_title'] = preg_replace( '/\.\w+$/', '', wp_basename( $attachment_url ) );
+			$post['errors']['post_title']['errors'][] = __( 'Empty Title filled from filename.' );
 		}
 	}

 	return $post;
 }

-add_filter('attachment_fields_to_save', 'image_attachment_fields_to_save', 10, 2);
+add_filter( 'attachment_fields_to_save', 'image_attachment_fields_to_save', 10, 2 );

 /**
 * {@internal Missing Short Description}}
@@ -1499,7 +1500,7 @@ function media_upload_header() {
 * @param unknown_type $errors
 */
 function media_upload_form( $errors = null ) {
-	global $type, $tab, $pagenow, $is_IE, $is_opera;
+	global $type, $tab, $is_IE, $is_opera;

 	if ( ! _device_can_upload() ) {
 		echo '<p>' . sprintf( __('The web browser on your device cannot be used to upload files. You may be able to use the <a href="%s">native app for your device</a> instead.'), 'http://wordpress.org/mobile/' ) . '</p>';
@@ -1557,7 +1558,7 @@ $post_params = array(
 $post_params = apply_filters( 'upload_post_params', $post_params ); // hook change! old name: 'swfupload_post_params'

 $plupload_init = array(
-	'runtimes' => 'html5,silverlight,flash,html4',
+	'runtimes' => 'html5,silverlight,html4',
 	'browse_button' => 'plupload-browse-button',
 	'container' => 'plupload-upload-ui',
 	'drop_element' => 'drag-drop-area',
@@ -2077,17 +2078,18 @@ $arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmon
 $arc_result = $wpdb->get_results( $arc_query );

 $month_count = count($arc_result);
+$selected_month = isset( $_GET['m'] ) ? $_GET['m'] : 0;

 if ( $month_count && !( 1 == $month_count && 0 == $arc_result[0]->mmonth ) ) { ?>
 <select name='m'>
-<option<?php selected( @$_GET['m'], 0 ); ?> value='0'><?php _e('Show all dates'); ?></option>
+<option<?php selected( $selected_month, 0 ); ?> value='0'><?php _e('Show all dates'); ?></option>
 <?php
 foreach ($arc_result as $arc_row) {
 	if ( $arc_row->yyear == 0 )
 		continue;
 	$arc_row->mmonth = zeroise( $arc_row->mmonth, 2 );

-	if ( isset($_GET['m']) && ( $arc_row->yyear . $arc_row->mmonth == $_GET['m'] ) )
+	if ( $arc_row->yyear . $arc_row->mmonth == $selected_month )
 		$default = ' selected="selected"';
 	else
 		$default = '';
@@ -2432,14 +2434,14 @@ function attachment_submitbox_metadata() {

 	$att_url = wp_get_attachment_url( $post->ID );
 ?>
-	<div class="misc-pub-section">
+	<div class="misc-pub-section misc-pub-attachment">
 			<label for="attachment_url"><?php _e( 'File URL:' ); ?></label>
 			<input type="text" class="widefat urlfield" readonly="readonly" name="attachment_url" value="<?php echo esc_attr($att_url); ?>" />
 	</div>
-	<div class="misc-pub-section">
+	<div class="misc-pub-section misc-pub-filename">
 		<?php _e( 'File name:' ); ?> <strong><?php echo $filename; ?></strong>
 	</div>
-	<div class="misc-pub-section">
+	<div class="misc-pub-section misc-pub-filetype">
 		<?php _e( 'File type:' ); ?> <strong><?php
 			if ( preg_match( '/^.*?\.(\w+)$/', get_attached_file( $post->ID ), $matches ) )
 				echo esc_html( strtoupper( $matches[1] ) );
@@ -2448,19 +2450,51 @@ function attachment_submitbox_metadata() {
 		?></strong>
 	</div>

-<?php
-	if ( preg_match( '#^audio|video#', $post->post_mime_type ) ):
+	<?php
+		$file  = get_attached_file( $post->ID );
+		$file_size = false;

-		$fields = array(
-			'mime_type' => __( 'Mime-type:' ),
-			'year' => __( 'Year:' ),
-			'genre' => __( 'Genre:' ),
+		if ( isset( $meta['filesize'] ) )
+			$file_size = $meta['filesize'];
+		elseif ( file_exists( $file ) )
+			$file_size = filesize( $file );
+
+		if ( ! empty( $file_size ) ) : ?>
+			<div class="misc-pub-section misc-pub-filesize">
+				<?php _e( 'File size:' ); ?> <strong><?php echo size_format( $file_size ); ?></strong>
+			</div>
+			<?php
+		endif;
+
+	if ( preg_match( '#^(audio|video)#', $post->post_mime_type ) ):
+
+		/**
+		 * Audio and video metadata fields to be shown in the publish meta box.
+		 *
+		 * The key for each item in the array should correspond to an attachment
+		 * metadata key, and the value should be the desired label.
+		 *
+		 * @since  3.7.0
+		 *
+		 * @param array $fields {
+		 *     An array of the attachment metadata keys and labels.
+		 *
+		 *     @type string 'mime_type'        Label to be shown before the field mime_type.
+		 *     @type string 'year'             Label to be shown before the field year.
+		 *     @type string 'genre'            Label to be shown before the field genre.
+		 *     @type string 'length_formatted' Label to be shown before the field length_formatted.
+		 * }
+		 */
+		$fields = apply_filters( 'media_submitbox_misc_sections', array(
+			'mime_type'        => __( 'Mime-type:' ),
+			'year'             => __( 'Year:' ),
+			'genre'            => __( 'Genre:' ),
 			'length_formatted' => __( 'Length:' ),
-		);
+		) );

 		foreach ( $fields as $key => $label ):
 			if ( ! empty( $meta[$key] ) ) : ?>
-		<div class="misc-pub-section">
+		<div class="misc-pub-section misc-pub-mime-meta misc-pub-<?php echo sanitize_html_class( $key ); ?>">
 			<?php echo $label ?> <strong><?php echo esc_html( $meta[$key] ); ?></strong>
 		</div>
 	<?php
@@ -2468,7 +2502,7 @@ function attachment_submitbox_metadata() {
 		endforeach;

 		if ( ! empty( $meta['bitrate'] ) ) : ?>
-		<div class="misc-pub-section">
+		<div class="misc-pub-section misc-pub-bitrate">
 			<?php _e( 'Bitrate:' ); ?> <strong><?php
 				echo round( $meta['bitrate'] / 1000 ), 'kb/s';

@@ -2480,14 +2514,29 @@ function attachment_submitbox_metadata() {
 	<?php
 		endif;

-		$audio_fields = array(
+		/**
+		 * Audio attachment metadata fields to be shown in the publish meta box.
+		 *
+		 * The key for each item in the array should correspond to an attachment
+		 * metadata key, and the value should be the desired label.
+		 *
+		 * @since  3.7.0
+		 *
+		 * @param array $fields {
+		 *     An array of the attachment metadata keys and labels.
+		 *
+		 *     @type string 'dataformat' Label to be shown before the field dataformat.
+		 *     @type string 'codec'      Label to be shown before the field codec.
+		 * }
+		 */
+		$audio_fields = apply_filters( 'audio_submitbox_misc_sections', array(
 			'dataformat' => __( 'Audio Format:' ),
-			'codec' => __( 'Audio Codec:' )
-		);
+			'codec'      => __( 'Audio Codec:' )
+		) );

 		foreach ( $audio_fields as $key => $label ):
 			if ( ! empty( $meta['audio'][$key] ) ) : ?>
-		<div class="misc-pub-section">
+		<div class="misc-pub-section misc-pub-audio misc-pub-<?php echo sanitize_html_class( $key ); ?>">
 			<?php echo $label; ?> <strong><?php echo esc_html( $meta['audio'][$key] ); ?></strong>
 		</div>
 	<?php
@@ -2497,7 +2546,7 @@ function attachment_submitbox_metadata() {
 	endif;

 	if ( $media_dims ) : ?>
-	<div class="misc-pub-section">
+	<div class="misc-pub-section misc-pub-dimensions">
 		<?php _e( 'Dimensions:' ); ?> <strong><?php echo $media_dims; ?></strong>
 	</div>
 <?php
@@ -2532,7 +2581,7 @@ function wp_add_id3_tag_data( &$metadata, $data ) {
 		if ( ! empty( $data[$version]['comments'] ) ) {
 			foreach ( $data[$version]['comments'] as $key => $list ) {
 				if ( ! empty( $list ) ) {
-					$metadata[$key] = reset( $list );
+					$metadata[$key] = wp_kses_post( reset( $list ) );
 					// fix bug in byte stream analysis
 					if ( 'terms_of_use' === $key && 0 === strpos( $metadata[$key], 'yright notice.' ) )
 						$metadata[$key] = 'Cop' . $metadata[$key];
--- a/wp-admin/includes/meta-boxes.php
+++ b/wp-admin/includes/meta-boxes.php
@@ -55,7 +55,7 @@ if ( 'publish' == $post->post_status ) {

 <div id="misc-publishing-actions">

-<div class="misc-pub-section"><label for="post_status"><?php _e('Status:') ?></label>
+<div class="misc-pub-section misc-pub-post-status"><label for="post_status"><?php _e('Status:') ?></label>
 <span id="post-status-display">
 <?php
 switch ( $post->post_status ) {
@@ -105,7 +105,7 @@ switch ( $post->post_status ) {
 <?php } ?>
 </div><!-- .misc-pub-section -->

-<div class="misc-pub-section" id="visibility">
+<div class="misc-pub-section misc-pub-visibility" id="visibility">
 <?php _e('Visibility:'); ?> <span id="post-visibility-display"><?php

 if ( 'private' == $post->post_status ) {
@@ -138,7 +138,7 @@ echo esc_html( $visibility_trans ); ?></span>
 <span id="sticky-span"><input id="sticky" name="sticky" type="checkbox" value="sticky" <?php checked( is_sticky( $post->ID ) ); ?> /> <label for="sticky" class="selectit"><?php _e( 'Stick this post to the front page' ); ?></label><br /></span>
 <?php endif; ?>
 <input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
-<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>" /><br /></span>
+<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>"  maxlength="20" /><br /></span>
 <input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />

 <p>
@@ -174,7 +174,7 @@ if ( 0 != $post->ID ) {
 if ( ! empty( $args['args']['revisions_count'] ) ) :
 	$revisions_to_keep = wp_revisions_to_keep( $post );
 ?>
-<div class="misc-pub-section num-revisions">
+<div class="misc-pub-section misc-pub-revisions">
 <?php
 	if ( $revisions_to_keep > 0 && $revisions_to_keep <= $args['args']['revisions_count'] ) {
 		echo '<span title="' . esc_attr( sprintf( __( 'Your site is configured to keep only the last %s revisions.' ),
@@ -182,7 +182,7 @@ if ( ! empty( $args['args']['revisions_count'] ) ) :
 		printf( __( 'Revisions: %s' ), '<b>' . number_format_i18n( $args['args']['revisions_count'] ) . '+</b>' );
 		echo '</span>';
 	} else {
-		printf( 'Revisions: %s', '<b>' . number_format_i18n( $args['args']['revisions_count'] ) . '</b>' );
+		printf( __( 'Revisions: %s' ), '<b>' . number_format_i18n( $args['args']['revisions_count'] ) . '</b>' );
 	}
 ?>
 	<a class="hide-if-no-js" href="<?php echo esc_url( get_edit_post_link( $args['args']['revision_id'] ) ); ?>"><?php _ex( 'Browse', 'revisions' ); ?></a>
@@ -190,7 +190,7 @@ if ( ! empty( $args['args']['revisions_count'] ) ) :
 <?php endif;

 if ( $can_publish ) : // Contributors don't get to choose the date of publish ?>
-<div class="misc-pub-section curtime">
+<div class="misc-pub-section curtime misc-pub-curtime">
 	<span id="timestamp">
 	<?php printf($stamp, $date); ?></span>
 	<a href="#edit_timestamp" class="edit-timestamp hide-if-no-js"><?php _e('Edit') ?></a>
@@ -278,7 +278,7 @@ function attachment_submit_meta_box( $post ) {
 	$stamp = __('Uploaded on: <b>%1$s</b>');
 	$date = date_i18n( $datef, strtotime( $post->post_date ) );
 	?>
-	<div class="misc-pub-section curtime">
+	<div class="misc-pub-section curtime misc-pub-curtime">
 		<span id="timestamp"><?php printf($stamp, $date); ?></span>
 	</div><!-- .misc-pub-section -->

@@ -506,7 +506,7 @@ foreach ( $metadata as $key => $value ) {
 		unset( $metadata[ $key ] );
 }
 list_meta( $metadata );
-meta_form(); ?>
+meta_form( $post ); ?>
 </div>
 <p><?php _e('Custom fields can be used to add extra metadata to a post that you can <a href="http://codex.wordpress.org/Using_Custom_Fields" target="_blank">use in your theme</a>.'); ?></p>
 <?php
@@ -702,7 +702,7 @@ function link_submit_meta_box($link) {
 </div>

 <div id="misc-publishing-actions">
-<div class="misc-pub-section">
+<div class="misc-pub-section misc-pub-private">
 	<label for="link_private" class="selectit"><input id="link_private" name="link_visible" type="checkbox" value="N" <?php checked($link->link_visible, 'N'); ?> /> <?php _e('Keep this link private') ?></label>
 </div>
 </div>
@@ -962,11 +962,11 @@ function link_advanced_meta_box($link) {
 <table class="links-table" cellpadding="0">
 	<tr>
 		<th scope="row"><label for="link_image"><?php _e('Image Address') ?></label></th>
-		<td><input type="text" name="link_image" class="code" id="link_image" value="<?php echo ( isset( $link->link_image ) ? esc_attr($link->link_image) : ''); ?>" /></td>
+		<td><input type="text" name="link_image" class="code" id="link_image" maxlength="255" value="<?php echo ( isset( $link->link_image ) ? esc_attr($link->link_image) : ''); ?>" /></td>
 	</tr>
 	<tr>
 		<th scope="row"><label for="rss_uri"><?php _e('RSS Address') ?></label></th>
-		<td><input name="link_rss" class="code" type="text" id="rss_uri" value="<?php echo ( isset( $link->link_rss ) ? esc_attr($link->link_rss) : ''); ?>" /></td>
+		<td><input name="link_rss" class="code" type="text" id="rss_uri" maxlength="255" value="<?php echo ( isset( $link->link_rss ) ? esc_attr($link->link_rss) : ''); ?>" /></td>
 	</tr>
 	<tr>
 		<th scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th>
--- a/wp-admin/includes/misc.php
+++ b/wp-admin/includes/misc.php
@@ -7,17 +7,50 @@
 */

 /**
- * {@internal Missing Short Description}}
+ * Returns whether the server is running Apache with the mod_rewrite module loaded.
 *
 * @since 2.0.0
 *
- * @return unknown
+ * @return bool
 */
 function got_mod_rewrite() {
 	$got_rewrite = apache_mod_loaded('mod_rewrite', true);
+
+	/**
+	 * Filter whether Apache and mod_rewrite are present.
+	 *
+	 * This filter was previously used to force URL rewriting for other servers,
+	 * like nginx. Use the got_url_rewrite filter in got_url_rewrite() instead.
+	 *
+	 * @see got_url_rewrite()
+	 *
+	 * @since 2.5.0
+	 * @param bool $got_rewrite Whether Apache and mod_rewrite are present.
+	 */
 	return apply_filters('got_rewrite', $got_rewrite);
 }

+/**
+ * Returns whether the server supports URL rewriting.
+ *
+ * Detects Apache's mod_rewrite, IIS 7.0+ permalink support, and nginx.
+ *
+ * @since 3.7.0
+ *
+ * @return bool Whether the server supports URL rewriting.
+ */
+function got_url_rewrite() {
+	$got_url_rewrite = ( got_mod_rewrite() || $GLOBALS['is_nginx'] || iis7_supports_permalinks() );
+
+	/**
+	 * Filter whether URL rewriting is available.
+	 *
+	 * @since 3.7.0
+	 * @param bool $got_url_rewrite Whether URL rewriting is available.
+	 */
+	return apply_filters( 'got_url_rewrite', $got_url_rewrite );
+}
+
 /**
 * {@internal Missing Short Description}}
 *
@@ -263,7 +296,7 @@ function wp_reset_vars( $vars ) {
 */
 function show_message($message) {
 	if ( is_wp_error($message) ){
-		if ( $message->get_error_data() )
+		if ( $message->get_error_data() && is_string( $message->get_error_data() ) )
 			$message = $message->get_error_message() . ': ' . $message->get_error_data();
 		else
 			$message = $message->get_error_message();
--- a/wp-admin/includes/ms.php
+++ b/wp-admin/includes/ms.php
@@ -61,7 +61,14 @@ function wpmu_delete_blog( $blog_id, $drop = false ) {
 	}

 	$blog = get_blog_details( $blog_id );
-
+	/**
+	 * Fires before a blog is deleted.
+	 *
+	 * @since MU
+	 *
+	 * @param int  $blog_id The blog ID.
+	 * @param bool $drop    True if blog's table should be dropped. Default is false.
+	 */
 	do_action( 'delete_blog', $blog_id, $drop );

 	$users = get_users( array( 'blog_id' => $blog_id, 'fields' => 'ids' ) );
@@ -80,7 +87,16 @@ function wpmu_delete_blog( $blog_id, $drop = false ) {
 		$drop = false;

 	if ( $drop ) {
-		$drop_tables = apply_filters( 'wpmu_drop_tables', $wpdb->tables( 'blog' ), $blog_id );
+		$tables = $wpdb->tables( 'blog' );
+		/**
+		 * Filter the tables to drop when the blog is deleted.
+		 *
+		 * @since MU
+		 *
+		 * @param array $tables  The blog tables to be dropped.
+		 * @param int   $blog_id The ID of the blog to drop tables for.
+		 */
+		$drop_tables = apply_filters( 'wpmu_drop_tables', $tables, $blog_id );

 		foreach ( (array) $drop_tables as $table ) {
 			$wpdb->query( "DROP TABLE IF EXISTS `$table`" );
@@ -89,6 +105,14 @@ function wpmu_delete_blog( $blog_id, $drop = false ) {
 		$wpdb->delete( $wpdb->blogs, array( 'blog_id' => $blog_id ) );

 		$uploads = wp_upload_dir();
+		/**
+		 * Filter the upload base directory to delete when the blog is deleted.
+		 *
+		 * @since MU
+		 *
+		 * @param string $uploads['basedir'] Uploads path without subdirectory. @see wp_upload_dir()
+		 * @param int    $blog_id            The blog ID.
+		 */
 		$dir = apply_filters( 'wpmu_delete_blog_upload_dir', $uploads['basedir'], $blog_id );
 		$dir = rtrim( $dir, DIRECTORY_SEPARATOR );
 		$top_dir = $dir;
@@ -137,7 +161,13 @@ function wpmu_delete_user( $id ) {

 	if ( !$user->exists() )
 		return false;
-
+	/**
+	 * Fires before a user is deleted from the network.
+	 *
+	 * @since MU
+	 *
+	 * @param int $id ID of the user about to be deleted from the network.
+	 */
 	do_action( 'wpmu_delete_user', $id );

 	$blogs = get_blogs_of_user( $id );
@@ -172,7 +202,13 @@ function wpmu_delete_user( $id ) {

 	clean_user_cache( $user );

-	// allow for commit transaction
+	/**
+	 * Fires after the user is deleted from the network.
+	 *
+	 * @since 2.8.0
+	 *
+	 * @param int $id ID of the user that was deleted from the network.
+	 */
 	do_action( 'deleted_user', $id );

 	return true;
@@ -190,7 +226,7 @@ function update_option_new_admin_email( $old_value, $value ) {
 	);
 	update_option( 'adminhash', $new_admin_email );

-	$content = apply_filters( 'new_admin_email_content', __( "Dear user,
+	$email_text = __( 'Dear user,

 You recently requested to have the administration email address on
 your site changed.
@@ -204,7 +240,23 @@ This email has been sent to ###EMAIL###

 Regards,
 All at ###SITENAME###
-###SITEURL### "), $new_admin_email );
+###SITEURL###' );
+
+	/**
+	 * Filter the email text sent when the site admin email is changed.
+	 *
+	 * The following strings have a special meaning and will get replaced dynamically:
+	 * ###ADMIN_URL### The link to click on to confirm the email change. Required otherwise this functunalty is will break.
+	 * ###EMAIL###     The new email.
+	 * ###SITENAME###  The name of the site.
+	 * ###SITEURL###   The URL to the site.
+	 *
+	 * @since MU
+	 *
+	 * @param string $email_text      Text in the email.
+	 * @param string $new_admin_email New admin email that the current administration email was changed to.
+	 */
+	$content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email );

 	$content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'options.php?adminhash='.$hash ) ), $content );
 	$content = str_replace( '###EMAIL###', $value, $content );
@@ -244,7 +296,7 @@ function send_confirmation_on_profile_email() {
 				);
 		update_option( $current_user->ID . '_new_email', $new_user_email );

-		$content = apply_filters( 'new_user_email_content', __( "Dear user,
+		$email_text = __( 'Dear user,

 You recently requested to have the email address on your account changed.
 If this is correct, please click on the following link to change it:
@@ -257,7 +309,23 @@ This email has been sent to ###EMAIL###

 Regards,
 All at ###SITENAME###
-###SITEURL###" ), $new_user_email );
+###SITEURL###' );
+
+		/**
+		 * Filter the email text sent when a user changes emails.
+		 *
+		 * The following strings have a special meaning and will get replaced dynamically:
+		 * ###ADMIN_URL### The link to click on to confirm the email change. Required otherwise this functunalty is will break.
+		 * ###EMAIL### The new email.
+		 * ###SITENAME### The name of the site.
+		 * ###SITEURL### The URL to the site.
+		 *
+		 * @since MU
+		 *
+		 * @param string $email_text     Text in the email.
+		 * @param string $new_user_email New user email that the current user has changed to.
+		 */
+		$content = apply_filters( 'new_user_email_content', $email_text, $new_user_email );

 		$content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail='.$hash ) ), $content );
 		$content = str_replace( '###EMAIL###', $_POST['email'], $content);
@@ -371,16 +439,31 @@ function update_user_status( $id, $pref, $value, $deprecated = null ) {
 	if ( null !== $deprecated )
 		_deprecated_argument( __FUNCTION__, '3.1' );

-	$wpdb->update( $wpdb->users, array( $pref => $value ), array( 'ID' => $id ) );
+	$wpdb->update( $wpdb->users, array( sanitize_key( $pref ) => $value ), array( 'ID' => $id ) );

 	$user = new WP_User( $id );
 	clean_user_cache( $user );

 	if ( $pref == 'spam' ) {
-		if ( $value == 1 )
+		if ( $value == 1 ) {
+			/**
+			 * Fires after the user is marked as a SPAM user.
+			 *
+			 * @since 3.0.0
+			 *
+			 * @param int $id ID of the user marked as SPAM.
+			 */
 			do_action( 'make_spam_user', $id );
-		else
+		} else {
+			/**
+			 * Fires after the user is marked as a HAM user. Opposite of SPAM.
+			 *
+			 * @since 3.0.0
+			 *
+			 * @param int $id ID of the user marked as HAM.
+			 */
 			do_action( 'make_ham_user', $id );
+		}
 	}

 	return $value;
@@ -411,6 +494,15 @@ function format_code_lang( $code = '' ) {
 		'sg' => 'Sango', 'sa' => 'Sanskrit', 'sr' => 'Serbian', 'hr' => 'Croatian', 'si' => 'Sinhala; Sinhalese', 'sk' => 'Slovak', 'sl' => 'Slovenian', 'se' => 'Northern Sami', 'sm' => 'Samoan', 'sn' => 'Shona', 'sd' => 'Sindhi', 'so' => 'Somali', 'st' => 'Sotho, Southern', 'es' => 'Spanish; Castilian', 'sc' => 'Sardinian', 'ss' => 'Swati', 'su' => 'Sundanese', 'sw' => 'Swahili',
 		'sv' => 'Swedish', 'ty' => 'Tahitian', 'ta' => 'Tamil', 'tt' => 'Tatar', 'te' => 'Telugu', 'tg' => 'Tajik', 'tl' => 'Tagalog', 'th' => 'Thai', 'bo' => 'Tibetan', 'ti' => 'Tigrinya', 'to' => 'Tonga (Tonga Islands)', 'tn' => 'Tswana', 'ts' => 'Tsonga', 'tk' => 'Turkmen', 'tr' => 'Turkish', 'tw' => 'Twi', 'ug' => 'Uighur; Uyghur', 'uk' => 'Ukrainian', 'ur' => 'Urdu', 'uz' => 'Uzbek',
 		've' => 'Venda', 'vi' => 'Vietnamese', 'vo' => 'Volapük', 'cy' => 'Welsh','wa' => 'Walloon','wo' => 'Wolof', 'xh' => 'Xhosa', 'yi' => 'Yiddish', 'yo' => 'Yoruba', 'za' => 'Zhuang; Chuang', 'zu' => 'Zulu' );
+
+	/**
+	 * Filter the language codes.
+	 *
+	 * @since MU
+	 *
+	 * @param array  $lang_codes Key/value pair of language codes where key is the short version.
+	 * @param string $code       A two-letter designation of the language.
+	 */
 	$lang_codes = apply_filters( 'lang_codes', $lang_codes, $code );
 	return strtr( $code, $lang_codes );
 }
@@ -498,31 +590,19 @@ function mu_dropdown_languages( $lang_files = array(), $current = '' ) {

 	// Order by name
 	uksort( $output, 'strnatcasecmp' );
-
+	/**
+	 * Filter the languages available in the dropdown.
+	 *
+	 * @since MU
+	 *
+	 * @param array $output     HTML output of the dropdown.
+	 * @param array $lang_files Available language files.
+	 * @param string $current   The current language code.
+	 */
 	$output = apply_filters( 'mu_dropdown_languages', $output, $lang_files, $current );
 	echo implode( "\n\t", $output );
 }

-/* Warn the admin if SECRET SALT information is missing from wp-config.php */
-function secret_salt_warning() {
-	if ( !is_super_admin() )
-		return;
-	$secret_keys = array( 'AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT' );
-	$out = '';
-	foreach( $secret_keys as $key ) {
-		if ( ! defined( $key ) )
-			$out .= "define( '$key', '" . esc_html( wp_generate_password( 64, true, true ) ) . "' );<br />";
-	}
-	if ( $out != '' ) {
-		$msg  = __( 'Warning! WordPress encrypts user cookies, but you must add the following lines to <strong>wp-config.php</strong> for it to be more secure.' );
-		$msg .= '<br/>' . __( "Before the line <code>/* That's all, stop editing! Happy blogging. */</code> please add this code:" );
-		$msg .= "<br/><br/><code>$out</code>";
-
-		echo "<div class='update-nag'>$msg</div>";
-	}
-}
-add_action( 'network_admin_notices', 'secret_salt_warning' );
-
 function site_admin_notice() {
 	global $wp_db_version;
 	if ( !is_super_admin() )
@@ -595,7 +675,11 @@ function choose_primary_blog() {
 	<?php if ( in_array( get_site_option( 'registration' ), array( 'all', 'blog' ) ) ) : ?>
 		<tr>
 			<th scope="row" colspan="2" class="th-full">
-				<a href="<?php echo apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) ); ?>"><?php _e( 'Create a New Site' ); ?></a>
+				<?php
+				$signup_url = network_site_url( 'wp-signup.php' );
+				/** This filter is documented in wp-login.php */
+				?>
+				<a href="<?php echo apply_filters( 'wp_signup_location', $signup_url ); ?>"><?php _e( 'Create a New Site' ); ?></a>
 			</th>
 		</tr>
 	<?php endif; ?>
@@ -604,18 +688,25 @@ function choose_primary_blog() {
 }

 /**
- * Grants super admin privileges.
+ * Grants Super Admin privileges.
 *
 * @since 3.0.0
- * @param int $user_id
+ * @param int $user_id ID of the user to be granted Super Admin privileges.
 */
 function grant_super_admin( $user_id ) {
 	global $super_admins;

 	// If global super_admins override is defined, there is nothing to do here.
-	if ( isset($super_admins) )
+	if ( isset( $super_admins ) )
 		return false;

+	/**
+	 * Fires before the user is granted Super Admin privileges.
+	 *
+	 * @since 3.0.0
+	 *
+	 * @param int $user_id ID of the user that is about to be granted Super Admin privileges.
+	 */
 	do_action( 'grant_super_admin', $user_id );

 	// Directly fetch site_admins instead of using get_super_admins()
@@ -625,6 +716,14 @@ function grant_super_admin( $user_id ) {
 	if ( $user && ! in_array( $user->user_login, $super_admins ) ) {
 		$super_admins[] = $user->user_login;
 		update_site_option( 'site_admins' , $super_admins );
+
+		/**
+		 * Fires after the user is granted Super Admin privileges.
+		 *
+		 * @since 3.0.0
+		 *
+		 * @param int $user_id ID of the user that was granted Super Admin privileges.
+		 */
 		do_action( 'granted_super_admin', $user_id );
 		return true;
 	}
@@ -632,18 +731,25 @@ function grant_super_admin( $user_id ) {
 }

 /**
- * Revokes super admin privileges.
+ * Revokes Super Admin privileges.
 *
 * @since 3.0.0
- * @param int $user_id
+ * @param int $user_id ID of the user Super Admin privileges to be revoked from.
 */
 function revoke_super_admin( $user_id ) {
 	global $super_admins;

 	// If global super_admins override is defined, there is nothing to do here.
-	if ( isset($super_admins) )
+	if ( isset( $super_admins ) )
 		return false;

+	/**
+	 * Fires before the user's Super Admin privileges are revoked.
+	 *
+	 * @since 3.0.0
+	 *
+	 * @param int $user_id ID of the user Super Admin privileges are being revoked from.
+	 */
 	do_action( 'revoke_super_admin', $user_id );

 	// Directly fetch site_admins instead of using get_super_admins()
@@ -654,6 +760,14 @@ function revoke_super_admin( $user_id ) {
 		if ( false !== ( $key = array_search( $user->user_login, $super_admins ) ) ) {
 			unset( $super_admins[$key] );
 			update_site_option( 'site_admins', $super_admins );
+
+			/**
+			 * Fires after the user's Super Admin privileges are revoked.
+			 *
+			 * @since 3.0.0
+			 *
+			 * @param int $user_id ID of the user Super Admin privileges were revoked from.
+			 */
 			do_action( 'revoked_super_admin', $user_id );
 			return true;
 		}
@@ -667,16 +781,24 @@ function revoke_super_admin( $user_id ) {
 * By default editing of network is restricted to the Network Admin for that site_id this allows for this to be overridden
 *
 * @since 3.1.0
- * @param integer $site_id The network/site id to check.
+ * @param integer $site_id The network/site ID to check.
 */
 function can_edit_network( $site_id ) {
 	global $wpdb;

-	if ($site_id == $wpdb->siteid )
+	if ( $site_id == $wpdb->siteid )
 		$result = true;
 	else
 		$result = false;

+	/**
+	 * Filter whether this network can be edited from this page.
+	 *
+	 * @since 3.1.0
+	 *
+	 * @param bool $result  Whether the network can be edited from this page.
+	 * @param int  $site_id The network/site ID to check.
+	 */
 	return apply_filters( 'can_edit_network', $result, $site_id );
 }

--- a/wp-admin/includes/nav-menu.php
+++ b/wp-admin/includes/nav-menu.php
@@ -9,36 +9,47 @@
 */
 class Walker_Nav_Menu_Edit extends Walker_Nav_Menu {
 	/**
+	 * Starts the list before the elements are added.
+	 *
 	 * @see Walker_Nav_Menu::start_lvl()
+	 *
 	 * @since 3.0.0
 	 *
 	 * @param string $output Passed by reference.
+	 * @param int    $depth  Depth of menu item. Used for padding.
+	 * @param array  $args   Not used.
 	 */
 	function start_lvl( &$output, $depth = 0, $args = array() ) {}

 	/**
+	 * Ends the list of after the elements are added.
+	 *
 	 * @see Walker_Nav_Menu::end_lvl()
+	 *
 	 * @since 3.0.0
 	 *
 	 * @param string $output Passed by reference.
+	 * @param int    $depth  Depth of menu item. Used for padding.
+	 * @param array  $args   Not used.
 	 */
 	function end_lvl( &$output, $depth = 0, $args = array() ) {}

 	/**
-	 * @see Walker::start_el()
+	 * Start the element output.
+	 *
+	 * @see Walker_Nav_Menu::start_el()
 	 * @since 3.0.0
 	 *
 	 * @param string $output Passed by reference. Used to append additional content.
-	 * @param object $item Menu item data object.
-	 * @param int $depth Depth of menu item. Used for padding.
-	 * @param object $args
+	 * @param object $item   Menu item data object.
+	 * @param int    $depth  Depth of menu item. Used for padding.
+	 * @param array  $args   Not used.
+	 * @param int    $id     Not used.
 	 */
 	function start_el( &$output, $item, $depth = 0, $args = array(), $id = 0 ) {
 		global $_wp_nav_menu_max_depth;
 		$_wp_nav_menu_max_depth = $depth > $_wp_nav_menu_max_depth ? $depth : $_wp_nav_menu_max_depth;

-		$indent = ( $depth ) ? str_repeat( "\t", $depth ) : '';
-
 		ob_start();
 		$item_id = esc_attr( $item->ID );
 		$removed_args = array(
@@ -57,7 +68,7 @@ class Walker_Nav_Menu_Edit extends Walker_Nav_Menu {
 				$original_title = false;
 		} elseif ( 'post_type' == $item->type ) {
 			$original_object = get_post( $item->object_id );
-			$original_title = $original_object->post_title;
+			$original_title = get_the_title( $original_object->ID );
 		}

 		$classes = array(
@@ -214,7 +225,8 @@ class Walker_Nav_Menu_Edit extends Walker_Nav_Menu {
 		<?php
 		$output .= ob_get_clean();
 	}
-}
+
+} // Walker_Nav_Menu_Edit

 /**
 * Create HTML list of nav menu input items.
@@ -230,24 +242,50 @@ class Walker_Nav_Menu_Checklist extends Walker_Nav_Menu {
 		}
 	}

+	/**
+	 * Starts the list before the elements are added.
+	 *
+	 * @see Walker_Nav_Menu::start_lvl()
+	 *
+	 * @since 3.0.0
+	 *
+	 * @param string $output Passed by reference. Used to append additional content.
+	 * @param int    $depth  Depth of page. Used for padding.
+	 * @param array  $args   Not used.
+	 */
 	function start_lvl( &$output, $depth = 0, $args = array() ) {
 		$indent = str_repeat( "\t", $depth );
 		$output .= "\n$indent<ul class='children'>\n";
 	}

+	/**
+	 * Ends the list of after the elements are added.
+	 *
+	 * @see Walker_Nav_Menu::end_lvl()
+	 *
+	 * @since 3.0.0
+	 *
+	 * @param string $output Passed by reference. Used to append additional content.
+	 * @param int    $depth  Depth of page. Used for padding.
+	 * @param array  $args   Not used.
+	 */
 	function end_lvl( &$output, $depth = 0, $args = array() ) {
 		$indent = str_repeat( "\t", $depth );
 		$output .= "\n$indent</ul>";
 	}

 	/**
-	 * @see Walker::start_el()
+	 * Start the element output.
+	 *
+	 * @see Walker_Nav_Menu::start_el()
+	 *
 	 * @since 3.0.0
 	 *
 	 * @param string $output Passed by reference. Used to append additional content.
-	 * @param object $item Menu item data object.
-	 * @param int $depth Depth of menu item. Used for padding.
-	 * @param object $args
+	 * @param object $item   Menu item data object.
+	 * @param int    $depth  Depth of menu item. Used for padding.
+	 * @param array  $args   Not used.
+	 * @param int    $id     Not used.
 	 */
 	function start_el( &$output, $item, $depth = 0, $args = array(), $id = 0 ) {
 		global $_nav_menu_placeholder;
@@ -261,15 +299,23 @@ class Walker_Nav_Menu_Checklist extends Walker_Nav_Menu {
 		$output .= $indent . '<li>';
 		$output .= '<label class="menu-item-title">';
 		$output .= '<input type="checkbox" class="menu-item-checkbox';
-		if ( property_exists( $item, 'front_or_home' ) && $item->front_or_home ) {
-			$title = sprintf( _x( 'Home: %s', 'nav menu front page title' ), $item->post_title );
+
+		if ( ! empty( $item->front_or_home ) )
 			$output .= ' add-to-top';
-		} elseif ( property_exists( $item, 'label' ) ) {
-			$title = $item->label;
-		}
+
 		$output .= '" name="menu-item[' . $possible_object_id . '][menu-item-object-id]" value="'. esc_attr( $item->object_id ) .'" /> ';
+
+		if ( ! empty( $item->label ) ) {
+			$title = $item->label;
+		} elseif ( isset( $item->post_type ) ) {
+			/** This filter is documented in wp-includes/post-template.php */
+			$title = apply_filters( 'the_title', $item->post_title, $item->ID );
+			if ( ! empty( $item->front_or_home ) && _x( 'Home', 'nav menu home label' ) !== $title )
+				$title = sprintf( _x( 'Home: %s', 'nav menu front page title' ), $title );
+		}
+
 		$output .= isset( $title ) ? esc_html( $title ) : esc_html( $item->title );
-		$output .= '</label>';
+ 		$output .= '</label>';

 		// Menu item hidden fields
 		$output .= '<input type="hidden" class="menu-item-db-id" name="menu-item[' . $possible_object_id . '][menu-item-db-id]" value="' . $possible_db_id . '" />';
@@ -283,7 +329,8 @@ class Walker_Nav_Menu_Checklist extends Walker_Nav_Menu {
 		$output .= '<input type="hidden" class="menu-item-classes" name="menu-item[' . $possible_object_id . '][menu-item-classes]" value="'. esc_attr( implode( ' ', $item->classes ) ) .'" />';
 		$output .= '<input type="hidden" class="menu-item-xfn" name="menu-item[' . $possible_object_id . '][menu-item-xfn]" value="'. esc_attr( $item->xfn ) .'" />';
 	}
-}
+
+} // Walker_Nav_Menu_Checklist

 /**
 * Prints the appropriate response to a menu quick search.
@@ -486,51 +533,6 @@ function wp_nav_menu_taxonomy_meta_boxes() {
 	}
 }

-/**
- * Displays a metabox for the nav menu theme locations.
- *
- * @since 3.0.0
- */
-function wp_nav_menu_locations_meta_box() {
-	global $nav_menu_selected_id;
-
-	if ( ! current_theme_supports( 'menus' ) ) {
-		// We must only support widgets. Leave a message and bail.
-		echo '<p class="howto">' . __('The current theme does not natively support menus, but you can use the &#8220;Custom Menu&#8221; widget to add any menus you create here to the theme&#8217;s sidebar.') . '</p>';
-		return;
-	}
-
-	$locations = get_registered_nav_menus();
-	$menus = wp_get_nav_menus();
-	$menu_locations = get_nav_menu_locations();
-	$num_locations = count( array_keys($locations) );
-
-	echo '<p class="howto">' . _n( 'Select a menu to use within your theme.', 'Select the menus you will use in your theme.', $num_locations ) . '</p>';
-
-	foreach ( $locations as $location => $description ) {
-		?>
-		<p>
-			<label class="howto" for="locations-<?php echo $location; ?>">
-				<span><?php echo $description; ?></span>
-				<select name="menu-locations[<?php echo $location; ?>]" id="locations-<?php echo $location; ?>">
-					<option value="0"></option>
-					<?php foreach ( $menus as $menu ) : ?>
-					<option<?php selected( isset( $menu_locations[ $location ] ) && $menu_locations[ $location ] == $menu->term_id ); ?>
-						value="<?php echo $menu->term_id; ?>"><?php echo wp_html_excerpt( $menu->name, 40, '&hellip;' ); ?></option>
-					<?php endforeach; ?>
-				</select>
-			</label>
-		</p>
-	<?php
-	}
-	?>
-	<p class="button-controls">
-		<?php submit_button( __( 'Save' ), 'primary right', 'nav-menu-locations', false, wp_nav_menu_disabled_check( $nav_menu_selected_id ) ); ?>
-		<span class="spinner"></span>
-	</p>
-	<?php
-}
-
 /**
 * Check whether to disable the Menu Locations meta box submit button
 *
--- a/wp-admin/includes/plugin-install.php
+++ b/wp-admin/includes/plugin-install.php
@@ -34,14 +34,50 @@ function plugins_api($action, $args = null) {
 	if ( !isset($args->per_page) )
 		$args->per_page = 24;

-	// Allows a plugin to override the WordPress.org API entirely.
-	// Use the filter 'plugins_api_result' to merely add results.
-	// Please ensure that a object is returned from the following filters.
-	$args = apply_filters('plugins_api_args', $args, $action);
-	$res = apply_filters('plugins_api', false, $action, $args);
+	/**
+	 * Override the Plugin Install API arguments.
+	 *
+	 * Please ensure that an object is returned.
+	 *
+	 * @since 2.7.0
+	 *
+	 * @param object $args   Plugin API arguments.
+	 * @param string $action The type of information being requested from the Plugin Install API.
+	 */
+	$args = apply_filters( 'plugins_api_args', $args, $action );
+
+	/**
+	 * Allows a plugin to override the WordPress.org Plugin Install API entirely.
+	 *
+	 * Please ensure that an object is returned.
+	 *
+	 * @since 2.7.0
+	 *
+	 * @param bool|object         The result object. Default is false.
+	 * @param string      $action The type of information being requested from the Plugin Install API.
+	 * @param object      $args   Plugin API arguments.
+	 */
+	$res = apply_filters( 'plugins_api', false, $action, $args );

 	if ( false === $res ) {
-		$request = wp_remote_post('http://api.wordpress.org/plugins/info/1.0/', array( 'timeout' => 15, 'body' => array('action' => $action, 'request' => serialize($args))) );
+		$url = $http_url = 'http://api.wordpress.org/plugins/info/1.0/';
+		if ( $ssl = wp_http_supports( array( 'ssl' ) ) )
+			$url = set_url_scheme( $url, 'https' );
+
+		$args = array(
+			'timeout' => 15,
+			'body' => array(
+				'action' => $action,
+				'request' => serialize( $args )
+			)
+		);
+		$request = wp_remote_post( $url, $args );
+
+		if ( $ssl && is_wp_error( $request ) ) {
+			trigger_error( __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server&#8217;s configuration. If you continue to have problems, please try the <a href="http://wordpress.org/support/">support forums</a>.' ) . ' ' . '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)', headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE );
+			$request = wp_remote_post( $http_url, $args );
+		}
+
 		if ( is_wp_error($request) ) {
 			$res = new WP_Error('plugins_api_failed', __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server&#8217;s configuration. If you continue to have problems, please try the <a href="http://wordpress.org/support/">support forums</a>.' ), $request->get_error_message() );
 		} else {
@@ -53,7 +89,16 @@ function plugins_api($action, $args = null) {
 		$res->external = true;
 	}

-	return apply_filters('plugins_api_result', $res, $action, $args);
+	/**
+	 * Filter the Plugin Install API response results.
+	 *
+	 * @since 2.7.0
+	 *
+	 * @param object|WP_Error $res    Response object or WP_Error.
+	 * @param string          $action The type of information being requested from the Plugin Install API.
+	 * @param object          $args   Plugin API arguments.
+	 */
+	return apply_filters( 'plugins_api_result', $res, $action, $args );
 }

 /**
@@ -265,7 +310,7 @@ function install_plugin_install_status($api, $loop = false) {
 function install_plugin_information() {
 	global $tab;

-	$api = plugins_api('plugin_information', array('slug' => wp_unslash( $_REQUEST['plugin'] ) ));
+	$api = plugins_api( 'plugin_information', array( 'slug' => wp_unslash( $_REQUEST['plugin'] ), 'is_ssl' => is_ssl() ) );

 	if ( is_wp_error($api) )
 		wp_die($api);
@@ -296,9 +341,11 @@ function install_plugin_information() {
 			$api->$key = wp_kses( $api->$key, $plugins_allowedtags );
 	}

-	$section = isset($_REQUEST['section']) ? wp_unslash( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
-	if ( empty($section) || ! isset($api->sections[ $section ]) )
-		$section = array_shift( $section_titles = array_keys((array)$api->sections) );
+	$section = isset( $_REQUEST['section'] ) ? wp_unslash( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
+	if ( empty( $section ) || ! isset( $api->sections[ $section ] ) ) {
+		$section_titles = array_keys( (array) $api->sections );
+		$section = array_shift( $section_titles );
+	}

 	iframe_header( __('Plugin Install') );
 	echo "<div id='$tab-header'>\n";
--- a/wp-admin/includes/plugin.php
+++ b/wp-admin/includes/plugin.php
@@ -114,6 +114,9 @@ function get_plugin_data( $plugin_file, $markup = true, $translate = true ) {
 */
 function _get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup = true, $translate = true ) {

+	// Sanitize the plugin filename to a WP_PLUGIN_DIR relative path
+	$plugin_file = plugin_basename( $plugin_file );
+
 	// Translate fields
 	if ( $translate ) {
 		if ( $textdomain = $plugin_data['TextDomain'] ) {
@@ -537,7 +540,28 @@ function activate_plugin( $plugin, $redirect = '', $network_wide = false, $silen
 		include_once(WP_PLUGIN_DIR . '/' . $plugin);

 		if ( ! $silent ) {
+			/**
+			 * Fires before a plugin is activated in activate_plugin() when the $silent parameter is false.
+			 *
+			 * @since 2.9.0
+			 *
+			 * @param string $plugin       Plugin path to main plugin file with plugin data.
+			 * @param bool   $network_wide Whether to enable the plugin for all sites in the network
+			 *                             or just the current site. Multisite only. Default is false.
+			 */
 			do_action( 'activate_plugin', $plugin, $network_wide );
+
+			/**
+			 * Fires before a plugin is activated in activate_plugin() when the $silent parameter is false.
+			 *
+			 * The action concatenates the 'activate_' prefix with the $plugin value passed to
+			 * activate_plugin() to create a dynamically-named action.
+			 *
+			 * @since 2.0.0
+			 *
+			 * @param bool $network_wide Whether to enable the plugin for all sites in the network
+			 *                           or just the current site. Multisite only. Default is false.
+			 */
 			do_action( 'activate_' . $plugin, $network_wide );
 		}

@@ -551,6 +575,15 @@ function activate_plugin( $plugin, $redirect = '', $network_wide = false, $silen
 		}

 		if ( ! $silent ) {
+			/**
+			 * Fires after a plugin has been activated in activate_plugin() when the $silent parameter is false.
+			 *
+			 * @since 2.9.0
+			 *
+			 * @param string $plugin       Plugin path to main plugin file with plugin data.
+			 * @param bool   $network_wide Whether to enable the plugin for all sites in the network
+			 *                             or just the current site. Multisite only. Default is false.
+			 */
 			do_action( 'activated_plugin', $plugin, $network_wide );
 		}

@@ -591,6 +624,16 @@ function deactivate_plugins( $plugins, $silent = false, $network_wide = null ) {
 		$network_deactivating = false !== $network_wide && is_plugin_active_for_network( $plugin );

 		if ( ! $silent )
+			/**
+			 * Fires for each plugin being deactivated in deactivate_plugins(), before deactivation
+			 * and when the $silent parameter is false.
+			 *
+			 * @since 2.9.0
+			 *
+			 * @param string $plugin               Plugin path to main plugin file with plugin data.
+			 * @param bool   $network_deactivating Whether the plugin is deactivated for all sites in the network
+			 *                                     or just the current site. Multisite only. Default is false.
+			 */
 			do_action( 'deactivate_plugin', $plugin, $network_deactivating );

 		if ( false !== $network_wide ) {
@@ -611,7 +654,30 @@ function deactivate_plugins( $plugins, $silent = false, $network_wide = null ) {
 		}

 		if ( ! $silent ) {
+			/**
+			 * Fires for each plugin being deactivated in deactivate_plugins(), after deactivation
+			 * and when the $silent parameter is false.
+			 *
+			 * The action concatenates the 'deactivate_' prefix with the plugin's basename
+			 * to create a dynamically-named action.
+			 *
+			 * @since 2.0.0
+			 *
+			 * @param bool $network_deactivating Whether the plugin is deactivated for all sites in the network
+			 *                                   or just the current site. Multisite only. Default is false.
+			 */
 			do_action( 'deactivate_' . $plugin, $network_deactivating );
+
+			/**
+			 * Fires for each plugin being deactivated in deactivate_plugins(), after deactivation
+			 * and when the $silent parameter is false.
+			 *
+			 * @since 2.9.0
+			 *
+			 * @param string $plugin               Plugin path to main plugin file with plugin data.
+			 * @param bool   $network_deactivating Whether the plugin is deactivated for all sites in the network
+			 *                                     or just the current site. Multisite only. Default is false.
+			 */
 			do_action( 'deactivated_plugin', $plugin, $network_deactivating );
 		}
 	}
@@ -862,6 +928,15 @@ function uninstall_plugin($plugin) {
 		include WP_PLUGIN_DIR . '/' . $file;

 		add_action( 'uninstall_' . $file, $callable );
+
+		/**
+		 * Fires in uninstall_plugin() once the plugin has been uninstalled.
+		 *
+		 * The action concatenates the 'uninstall_' prefix with the basename of the
+		 * plugin passed to {@see uninstall_plugin()} to create a dynamically-named action.
+		 *
+		 * @since 2.7.0
+		 */
 		do_action( 'uninstall_' . $file );
 	}
 }
@@ -1761,3 +1836,16 @@ function settings_fields($option_group) {
 	echo '<input type="hidden" name="action" value="update" />';
 	wp_nonce_field("$option_group-options");
 }
+
+/**
+ * Clears the Plugins cache used by get_plugins() and by default, the Plugin Update cache.
+ *
+ * @since 3.7.0
+ *
+ * @param bool $clear_update_cache Whether to clear the Plugin updates cache
+ */
+function wp_clean_plugins_cache( $clear_update_cache = true ) {
+	if ( $clear_update_cache )
+		delete_site_transient( 'update_plugins' );
+	wp_cache_delete( 'plugins', 'plugins' );
+}
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -52,8 +52,7 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 	if ( isset($post_data['trackback_url']) )
 		$post_data['to_ping'] = $post_data['trackback_url'];

-	if ( !isset($post_data['user_ID']) )
-		$post_data['user_ID'] = $GLOBALS['user_ID'];
+	$post_data['user_ID'] = get_current_user_id();

 	if (!empty ( $post_data['post_author_override'] ) ) {
 		$post_data['post_author'] = (int) $post_data['post_author_override'];
@@ -101,6 +100,10 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 		$post_id = false;
 	$previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false;

+	if ( isset( $post_data['post_status'] ) && 'private' == $post_data['post_status'] && ! current_user_can( $ptype->cap->publish_posts ) ) {
+		$post_data['post_status'] = $previous_status ? $previous_status : 'pending';
+	}
+
 	$published_statuses = array( 'publish', 'future' );

 	// Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published.
@@ -112,6 +115,10 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 	if ( ! isset($post_data['post_status']) )
 		$post_data['post_status'] = $previous_status;

+	if ( isset( $post_data['post_password'] ) && ! current_user_can( $ptype->cap->publish_posts ) ) {
+		unset( $post_data['post_password'] );
+	}
+
 	if (!isset( $post_data['comment_status'] ))
 		$post_data['comment_status'] = 'closed';

@@ -147,6 +154,13 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 		$post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] );
 	}

+	if ( isset( $post_data['post_category'] ) ) {
+		$category_object = get_taxonomy( 'category' );
+		if ( ! current_user_can( $category_object->cap->assign_terms ) ) {
+			unset( $post_data['post_category'] );
+		}
+	}
+
 	return $post_data;
 }

@@ -159,6 +173,7 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
 * @return int Post ID.
 */
 function edit_post( $post_data = null ) {
+	global $wpdb;

 	if ( empty($post_data) )
 		$post_data = &$_POST;
@@ -171,6 +186,14 @@ function edit_post( $post_data = null ) {
 	$post_data['post_type'] = $post->post_type;
 	$post_data['post_mime_type'] = $post->post_mime_type;

+	if ( ! empty( $post_data['post_status'] ) ) {
+		$post_data['post_status'] = sanitize_key( $post_data['post_status'] );
+
+		if ( 'inherit' == $post_data['post_status'] ) {
+			unset( $post_data['post_status'] );
+		}
+	}
+
 	$ptype = get_post_type_object($post_data['post_type']);
 	if ( !current_user_can( 'edit_post', $post_ID ) ) {
 		if ( 'page' == $post_data['post_type'] )
@@ -179,11 +202,13 @@ function edit_post( $post_data = null ) {
 			wp_die( __('You are not allowed to edit this post.' ));
 	}

-	$post_data = _wp_translate_postdata( true, $post_data );
-	if ( is_wp_error($post_data) )
-		wp_die( $post_data->get_error_message() );
-	if ( ( empty( $post_data['action'] ) || 'autosave' != $post_data['action'] ) && 'auto-draft' == $post_data['post_status'] ) {
-		$post_data['post_status'] = 'draft';
+	if ( post_type_supports( $ptype->name, 'revisions' ) ) {
+		$revisions = wp_get_post_revisions( $post_ID, array( 'order' => 'ASC', 'posts_per_page' => 1 ) );
+		$revision = current( $revisions );
+
+		// Check if the revisions have been upgraded
+		if ( $revisions && _wp_get_post_revision_version( $revision ) < 1 )
+			_wp_upgrade_revisions_of_post( $post, wp_get_post_revisions( $post_ID ) );
 	}

 	if ( isset($post_data['visibility']) ) {
@@ -202,6 +227,14 @@ function edit_post( $post_data = null ) {
 		}
 	}

+	$post_data = _wp_translate_postdata( true, $post_data );
+	if ( is_wp_error($post_data) )
+		wp_die( $post_data->get_error_message() );
+
+	if ( ( empty( $post_data['action'] ) || 'autosave' != $post_data['action'] ) && 'auto-draft' == $post_data['post_status'] ) {
+		$post_data['post_status'] = 'draft';
+	}
+
 	// Post Formats
 	if ( isset( $post_data['post_format'] ) )
 		set_post_format( $post_ID, $post_data['post_format'] );
@@ -262,14 +295,27 @@ function edit_post( $post_data = null ) {
 		}

 		$attachment_data = isset( $post_data['attachments'][ $post_ID ] ) ? $post_data['attachments'][ $post_ID ] : array();
+		/** This filter is documented in wp-admin/includes/media.php */
 		$post_data = apply_filters( 'attachment_fields_to_save', $post_data, $attachment_data );
 	}

 	add_meta( $post_ID );

-	update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
+	update_post_meta( $post_ID, '_edit_last', get_current_user_id() );

-	wp_update_post( $post_data );
+	$success = wp_update_post( $post_data );
+	// If the save failed, see if we can sanity check the main fields and try again
+	if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) {
+		$fields = array( 'post_title', 'post_content', 'post_excerpt' );
+
+		foreach( $fields as $field ) {
+			if ( isset( $post_data[ $field ] ) ) {
+				$post_data[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $post_data[ $field ] );
+			}
+		}
+
+		wp_update_post( $post_data );
+	}

 	// Now that we have an ID we can fix any attachment anchor hrefs
 	_fix_attachment_links( $post_ID );
@@ -323,9 +369,23 @@ function bulk_edit_posts( $post_data = null ) {
 	}
 	unset($post_data['_status']);

+	if ( ! empty( $post_data['post_status'] ) ) {
+		$post_data['post_status'] = sanitize_key( $post_data['post_status'] );
+
+		if ( 'inherit' == $post_data['post_status'] ) {
+			unset( $post_data['post_status'] );
+		}
+	}
+
 	$post_IDs = array_map( 'intval', (array) $post_data['post'] );

-	$reset = array( 'post_author', 'post_status', 'post_password', 'post_parent', 'page_template', 'comment_status', 'ping_status', 'keep_private', 'tax_input', 'post_category', 'sticky' );
+	$reset = array(
+		'post_author', 'post_status', 'post_password',
+		'post_parent', 'page_template', 'comment_status',
+		'ping_status', 'keep_private', 'tax_input',
+		'post_category', 'sticky', 'post_format',
+	);
+
 	foreach ( $reset as $field ) {
 		if ( isset($post_data[$field]) && ( '' == $post_data[$field] || -1 == $post_data[$field] ) )
 			unset($post_data[$field]);
@@ -371,7 +431,12 @@ function bulk_edit_posts( $post_data = null ) {
 	}

 	$updated = $skipped = $locked = array();
+	$shared_post_data = $post_data;
+
 	foreach ( $post_IDs as $post_ID ) {
+		// Start with fresh post data with each iteration.
+		$post_data = $shared_post_data;
+
 		$post_type_object = get_post_type_object( get_post_type( $post_ID ) );

 		if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( 'edit_post', $post_ID ) ) {
@@ -407,10 +472,25 @@ function bulk_edit_posts( $post_data = null ) {
 			unset( $post_data['tax_input']['category'] );
 		}

+		$post_data['post_type'] = $post->post_type;
 		$post_data['post_mime_type'] = $post->post_mime_type;
 		$post_data['guid'] = $post->guid;

+		foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) {
+			if ( ! isset( $post_data[ $field ] ) ) {
+				$post_data[ $field ] = $post->$field;
+			}
+		}
+
 		$post_data['ID'] = $post_ID;
+		$post_data['post_ID'] = $post_ID;
+
+		$post_data = _wp_translate_postdata( true, $post_data );
+		if ( is_wp_error( $post_data ) ) {
+			$skipped[] = $post_ID;
+			continue;
+		}
+
 		$updated[] = wp_update_post( $post_data );

 		if ( isset( $post_data['sticky'] ) && current_user_can( $ptype->cap->edit_others_posts ) ) {
@@ -419,6 +499,9 @@ function bulk_edit_posts( $post_data = null ) {
 			else
 				unstick_post( $post_ID );
 		}
+
+		if ( isset( $post_data['post_format'] ) )
+			set_post_format( $post_ID, $post_data['post_format'] );
 	}

 	return array( 'updated' => $updated, 'skipped' => $skipped, 'locked' => $locked );
@@ -530,8 +613,6 @@ function post_exists($title, $content = '', $date = '') {
 * @return unknown
 */
 function wp_write_post() {
-	global $user_ID;
-
 	if ( isset($_POST['post_type']) )
 		$ptype = get_post_type_object($_POST['post_type']);
 	else
@@ -553,10 +634,6 @@ function wp_write_post() {
 	if ( isset( $_POST['post_ID'] ) )
 		return edit_post();

-	$translated = _wp_translate_postdata( false );
-	if ( is_wp_error($translated) )
-		return $translated;
-
 	if ( isset($_POST['visibility']) ) {
 		switch ( $_POST['visibility'] ) {
 			case 'public' :
@@ -573,6 +650,10 @@ function wp_write_post() {
 		}
 	}

+	$translated = _wp_translate_postdata( false );
+	if ( is_wp_error($translated) )
+		return $translated;
+
 	// Create the post.
 	$post_ID = wp_insert_post( $_POST );
 	if ( is_wp_error( $post_ID ) )
@@ -742,15 +823,15 @@ function update_meta( $meta_id, $meta_key, $meta_value ) {
 * @since 2.3.0
 * @access private
 *
- * @param unknown_type $post_ID
- * @return unknown
+ * @param int|object $post Post ID or post object.
+ * @return void|int|WP_Error Void if nothing fixed. 0 or WP_Error on update failure. The post ID on update success.
 */
-function _fix_attachment_links( $post_ID ) {
-	$post = get_post( $post_ID, ARRAY_A );
+function _fix_attachment_links( $post ) {
+	$post = get_post( $post, ARRAY_A );
 	$content = $post['post_content'];

-	// quick sanity check, don't run if no pretty permalinks or post is not published
-	if ( !get_option('permalink_structure') || $post['post_status'] != 'publish' )
+	// Don't run if no pretty permalinks or post is not published, scheduled, or privately published.
+	if ( ! get_option( 'permalink_structure' ) || ! in_array( $post['post_status'], array( 'publish', 'future', 'private' ) ) )
 		return;

 	// Short if there aren't any links or no '?attachment_id=' strings (strpos cannot be zero)
@@ -996,9 +1077,9 @@ function postbox_classes( $id, $page ) {
 * @return array With two entries of type string
 */
 function get_sample_permalink($id, $title = null, $name = null) {
-	$post = get_post($id);
-	if ( !$post->ID )
-		return array('', '');
+	$post = get_post( $id );
+	if ( ! $post )
+		return array( '', '' );

 	$ptype = get_post_type_object($post->post_type);

@@ -1058,8 +1139,9 @@ function get_sample_permalink($id, $title = null, $name = null) {
 * @return string The HTML of the sample permalink slug editor.
 */
 function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
-	global $wpdb;
-	$post = get_post($id);
+	$post = get_post( $id );
+	if ( ! $post )
+		return '';

 	list($permalink, $post_name) = get_sample_permalink($post->ID, $new_title, $new_slug);

@@ -1072,11 +1154,11 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
 	}

 	if ( false === strpos($permalink, '%postname%') && false === strpos($permalink, '%pagename%') ) {
-		$return = '<strong>' . __('Permalink:') . "</strong>\n" . '<span id="sample-permalink" tabindex="-1">' . $permalink . "</span>\n";
+		$return = '<strong>' . __('Permalink:') . "</strong>\n" . '<span id="sample-permalink" tabindex="-1">' . esc_html( $permalink ) . "</span>\n";
 		if ( '' == get_option( 'permalink_structure' ) && current_user_can( 'manage_options' ) && !( 'page' == get_option('show_on_front') && $id == get_option('page_on_front') ) )
 			$return .= '<span id="change-permalinks"><a href="options-permalink.php" class="button button-small" target="_blank">' . __('Change Permalinks') . "</a></span>\n";
 		if ( isset( $view_post ) )
-			$return .= "<span id='view-post-btn'><a href='$permalink' class='button button-small'>$view_post</a></span>\n";
+			$return .= "<span id='view-post-btn'><a href='" . esc_url( $permalink ) . "' class='button button-small'>$view_post</a></span>\n";

 		$return = apply_filters('get_sample_permalink_html', $return, $id, $new_title, $new_slug);

@@ -1097,16 +1179,16 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
 		}
 	}

-	$post_name_html = '<span id="editable-post-name" title="' . $title . '">' . $post_name_abridged . '</span>';
-	$display_link = str_replace(array('%pagename%','%postname%'), $post_name_html, $permalink);
+	$post_name_html = '<span id="editable-post-name" title="' . $title . '">' . esc_html( $post_name_abridged ) . '</span>';
+	$display_link = str_replace(array('%pagename%','%postname%'), $post_name_html, esc_html( $permalink ) );
 	$view_link = str_replace(array('%pagename%','%postname%'), $post_name, $permalink);
 	$return =  '<strong>' . __('Permalink:') . "</strong>\n";
 	$return .= '<span id="sample-permalink" tabindex="-1">' . $display_link . "</span>\n";
 	$return .= '&lrm;'; // Fix bi-directional text display defect in RTL languages.
 	$return .= '<span id="edit-slug-buttons"><a href="#post_name" class="edit-slug button button-small hide-if-no-js" onclick="editPermalink(' . $id . '); return false;">' . __('Edit') . "</a></span>\n";
-	$return .= '<span id="editable-post-name-full">' . $post_name . "</span>\n";
+	$return .= '<span id="editable-post-name-full">' . esc_html( $post_name ) . "</span>\n";
 	if ( isset($view_post) )
-		$return .= "<span id='view-post-btn'><a href='$view_link' class='button button-small'>$view_post</a></span>\n";
+		$return .= "<span id='view-post-btn'><a href='" . esc_url( $view_link ) . "' class='button button-small'>$view_post</a></span>\n";

 	$return = apply_filters('get_sample_permalink_html', $return, $id, $new_title, $new_slug);

@@ -1207,8 +1289,15 @@ function _admin_notice_post_locked() {
 	if ( ! $post = get_post() )
 		return;

-	if ( ( $user_id = wp_check_post_lock( $post->ID ) ) && ( $user = get_userdata( $user_id ) ) ) {
-		$locked = apply_filters( 'show_post_locked_dialog', true, $post, $user );
+	$user = null;
+	if (  $user_id = wp_check_post_lock( $post->ID ) )
+		$user = get_userdata( $user_id );
+
+	if ( $user ) {
+		if ( ! apply_filters( 'show_post_locked_dialog', true, $post, $user ) )
+			return;
+
+		$locked = true;
 	} else {
 		$locked = false;
 	}
@@ -1254,8 +1343,14 @@ function _admin_notice_post_locked() {
 		?>
 		<div class="post-locked-message">
 		<div class="post-locked-avatar"><?php echo get_avatar( $user->ID, 64 ); ?></div>
-		<p class="currently-editing wp-tab-first" tabindex="0"><?php esc_html_e( sprintf( __( 'This content is currently locked. If you take over, %s will be blocked from continuing to edit.' ), $user->display_name ) ); ?></p>
-		<?php do_action( 'post_lock_text', $post ); ?>
+		<p class="currently-editing wp-tab-first" tabindex="0">
+		<?php
+			_e( 'This content is currently locked.' );
+			if ( $override )
+				printf( ' ' . __( 'If you take over, %s will be blocked from continuing to edit.' ), esc_html( $user->display_name ) );
+		?>
+		</p>
+		<?php do_action( 'post_locked_dialog', $post ); ?>
 		<p>
 		<a class="button" href="<?php echo esc_url( $sendback ); ?>"><?php echo $sendback_text; ?></a>
 		<?php if ( $preview_link ) { ?>
@@ -1266,7 +1361,7 @@ function _admin_notice_post_locked() {
 		// Allow plugins to prevent some users overriding the post lock
 		if ( $override ) {
 			?>
-			<a class="button button-primary wp-tab-last" href="<?php echo esc_url( add_query_arg( 'get-post-lock', '1', get_edit_post_link( $post->ID, 'url' ) ) ); ?>"><?php _e('Take over'); ?></a>
+			<a class="button button-primary wp-tab-last" href="<?php echo esc_url( add_query_arg( 'get-post-lock', '1', wp_nonce_url( get_edit_post_link( $post->ID, 'url' ), 'lock-post_' . $post->ID ) ) ); ?>"><?php _e('Take over'); ?></a>
 			<?php
 		}

@@ -1283,7 +1378,7 @@ function _admin_notice_post_locked() {
 			<span class="locked-saving hidden"><img src="images/wpspin_light-2x.gif" width="16" height="16" /> <?php _e('Saving revision...'); ?></span>
 			<span class="locked-saved hidden"><?php _e('Your latest changes were saved as a revision.'); ?></span>
 			</p>
-			<?php do_action( 'post_lock_text', $post ); ?>
+			<?php do_action( 'post_lock_lost_dialog', $post ); ?>
 			<p><a class="button button-primary wp-tab-last" href="<?php echo esc_url( $sendback ); ?>"><?php echo $sendback_text; ?></a></p>
 		</div>
 		<?php
@@ -1320,14 +1415,29 @@ function wp_create_post_autosave( $post_id ) {
 		$new_autosave['ID'] = $old_autosave->ID;
 		$new_autosave['post_author'] = $post_author;

+		// If the new autosave is the same content as the post, delete the old autosave.
+		$post = get_post( $post_id );
+		$autosave_is_different = false;
+		foreach ( array_keys( _wp_post_revision_fields() ) as $field ) {
+			if ( normalize_whitespace( $new_autosave[ $field ] ) != normalize_whitespace( $post->$field ) ) {
+				$autosave_is_different = true;
+				break;
+			}
+		}
+
+		if ( ! $autosave_is_different ) {
+			wp_delete_post_revision( $old_autosave->ID );
+			return;
+		}
+
 		return wp_update_post( $new_autosave );
 	}

 	// _wp_put_post_revision() expects unescaped.
-	$_POST = wp_unslash($_POST);
+	$post_data = wp_unslash( $_POST );

 	// Otherwise create the new autosave as a special post revision
-	return _wp_put_post_revision( $_POST, true );
+	return _wp_put_post_revision( $post_data, true );
 }

 /**
--- a/wp-admin/includes/revision.php
+++ b/wp-admin/includes/revision.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * WordPress Administration Revisions API.
+ * WordPress Administration Revisions API
 *
 * @package WordPress
 * @subpackage Administration
@@ -11,12 +11,12 @@
 *
 * @since 3.6.0
 *
- * @param object $post The post object.
- * @param int $compare_from The revision id to compare from.
- * @param int $compare_to The revision id to come to.
+ * @param object|int $post         The post object. Also accepts a post ID.
+ * @param int        $compare_from The revision ID to compare from.
+ * @param int        $compare_to   The revision ID to come to.
 *
 * @return array|bool Associative array of a post's revisioned fields and their diffs.
- * 	Or, false on failure.
+ *                    Or, false on failure.
 */
 function wp_get_revision_ui_diff( $post, $compare_from, $compare_to ) {
 	if ( ! $post = get_post( $post ) )
@@ -55,8 +55,23 @@ function wp_get_revision_ui_diff( $post, $compare_from, $compare_to ) {
 	$return = array();

 	foreach ( _wp_post_revision_fields() as $field => $name ) {
-		$content_from = $compare_from ? apply_filters( "_wp_post_revision_field_$field", $compare_from->$field, $field, $compare_from, 'left' ) : '';
-		$content_to = apply_filters( "_wp_post_revision_field_$field", $compare_to->$field, $field, $compare_to, 'right' );
+		/**
+		 * Contextually filter a post revision field.
+		 *
+		 * The dynamic portion of the hook name, $field, corresponds to each of the post
+		 * fields of the revision object being iterated over in a foreach statement.
+		 *
+		 * @since 3.6.0
+		 *
+		 * @param string  $compare_from->$field The current revision field to compare to or from.
+		 * @param string  $field                The current revision field.
+		 * @param WP_Post $compare_from         The revision post object to compare to or from.
+		 * @param string  null                  The context of whether the current revision is the old or the new one. Values are 'to' or 'from'.
+		 */
+		$content_from = $compare_from ? apply_filters( "_wp_post_revision_field_$field", $compare_from->$field, $field, $compare_from, 'from' ) : '';
+
+		/** This filter is documented in wp-admin/includes/revision.php */
+		$content_to = apply_filters( "_wp_post_revision_field_$field", $compare_to->$field, $field, $compare_to, 'to' );

 		$diff = wp_text_diff( $content_from, $content_to, array( 'show_split_view' => true ) );

@@ -85,9 +100,9 @@ function wp_get_revision_ui_diff( $post, $compare_from, $compare_to ) {
 *
 * @since 3.6.0
 *
- * @param object $post The post object.
- * @param int $selected_revision_id The selected revision id.
- * @param int $from (optional) The revision id to compare from.
+ * @param object|int $post                 The post object. Also accepts a post ID.
+ * @param int        $selected_revision_id The selected revision ID.
+ * @param int        $from                 Optional. The revision ID to compare from.
 *
 * @return array An associative array of revision data and related settings.
 */
@@ -179,8 +194,13 @@ function wp_prepare_revisions_for_js( $post, $selected_revision_id, $from = null
 	// Now, grab the initial diff
 	$compare_two_mode = is_numeric( $from );
 	if ( ! $compare_two_mode ) {
-		$from = array_keys( array_slice( $revisions, array_search( $selected_revision_id, array_keys( $revisions ) ) - 1, 1, true ) );
-		$from = $from[0];
+		$found = array_search( $selected_revision_id, array_keys( $revisions ) );
+		if ( $found ) {
+			$from = array_keys( array_slice( $revisions, $found - 1, 1, true ) );
+			$from = reset( $from );
+		} else {
+			$from = 0;
+		}
 	}

 	$from = absint( $from );
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@@ -230,7 +230,7 @@ CREATE TABLE $wpdb->posts (
  registered datetime NOT NULL default '0000-00-00 00:00:00',
  last_updated datetime NOT NULL default '0000-00-00 00:00:00',
  public tinyint(2) NOT NULL default '1',
-  archived enum('0','1') NOT NULL default '0',
+  archived tinyint(2) NOT NULL default '0',
  mature tinyint(2) NOT NULL default '0',
  spam tinyint(2) NOT NULL default '0',
  deleted tinyint(2) NOT NULL default '0',
@@ -272,6 +272,7 @@ CREATE TABLE $wpdb->sitemeta (
  KEY site_id (site_id)
 ) $charset_collate;
 CREATE TABLE $wpdb->signups (
+  signup_id bigint(20) NOT NULL auto_increment,
  domain varchar(200) NOT NULL default '',
  path varchar(100) NOT NULL default '',
  title longtext NOT NULL,
@@ -282,8 +283,11 @@ CREATE TABLE $wpdb->signups (
  active tinyint(1) NOT NULL default '0',
  activation_key varchar(50) NOT NULL default '',
  meta longtext,
+  PRIMARY KEY  (signup_id),
  KEY activation_key (activation_key),
-  KEY domain (domain)
+  KEY user_email (user_email),
+  KEY user_login_email (user_login,user_email),
+  KEY domain_path (domain,path)
 ) $charset_collate;";

 	switch ( $scope ) {
@@ -542,6 +546,24 @@ function populate_options() {

 	// delete obsolete magpie stuff
 	$wpdb->query("DELETE FROM $wpdb->options WHERE option_name REGEXP '^rss_[0-9a-f]{32}(_ts)?$'");
+
+	// Deletes all expired transients.
+	// The multi-table delete syntax is used to delete the transient record from table a,
+	// and the corresponding transient_timeout record from table b.
+	$time = time();
+	$wpdb->query("DELETE a, b FROM $wpdb->options a, $wpdb->options b WHERE
+	        a.option_name LIKE '\_transient\_%' AND
+	        a.option_name NOT LIKE '\_transient\_timeout\_%' AND
+	        b.option_name = CONCAT( '_transient_timeout_', SUBSTRING( a.option_name, 12 ) )
+	        AND b.option_value < $time");
+
+	if ( is_main_site() && is_main_network() ) {
+		$wpdb->query("DELETE a, b FROM $wpdb->options a, $wpdb->options b WHERE
+			a.option_name LIKE '\_site\_transient\_%' AND
+			a.option_name NOT LIKE '\_site\_transient\_timeout\_%' AND
+			b.option_name = CONCAT( '_site_transient_timeout_', SUBSTRING( a.option_name, 17 ) )
+			AND b.option_value < $time");
+    }
 }

 /**
@@ -918,6 +940,16 @@ We hope you enjoy your new site. Thanks!
 	if ( ! $subdomain_install )
 		$sitemeta['illegal_names'][] = 'blog';

+	/**
+	 * Filter meta for a network on creation.
+	 *
+	 * @since 3.7.0
+	 *
+	 * @param array $sitemeta Associative of meta keys and values to be inserted.
+	 * @param int $network_id Network ID being created.
+	 */
+	$sitemeta = apply_filters( 'populate_network_meta', $sitemeta, $network_id );
+
 	$insert = '';
 	foreach ( $sitemeta as $meta_key => $meta_value ) {
 		if ( is_array( $meta_value ) )
@@ -936,7 +968,7 @@ We hope you enjoy your new site. Thanks!
 		$current_site->domain = $domain;
 		$current_site->path = $path;
 		$current_site->site_name = ucfirst( $domain );
-		$wpdb->insert( $wpdb->blogs, array( 'site_id' => $network_id, 'domain' => $domain, 'path' => $path, 'registered' => current_time( 'mysql' ) ) );
+		$wpdb->insert( $wpdb->blogs, array( 'site_id' => $network_id, 'blog_id' => 1, 'domain' => $domain, 'path' => $path, 'registered' => current_time( 'mysql' ) ) );
 		$current_site->blog_id = $blog_id = $wpdb->insert_id;
 		update_user_meta( $site_user->ID, 'source_domain', $domain );
 		update_user_meta( $site_user->ID, 'primary_blog', $blog_id );
@@ -947,9 +979,10 @@ We hope you enjoy your new site. Thanks!
 			$wp_rewrite->set_permalink_structure( '/blog/%year%/%monthnum%/%day%/%postname%/' );

 		flush_rewrite_rules();
-	}

-	if ( $subdomain_install ) {
+		if ( ! $subdomain_install )
+			return true;
+
 		$vhost_ok = false;
 		$errstr = '';
 		$hostname = substr( md5( time() ), 0, 6 ) . '.' . $domain; // Very random hostname!
--- a/wp-admin/includes/screen.php
+++ b/wp-admin/includes/screen.php
@@ -901,7 +901,8 @@ final class WP_Screen {

 		switch ( $this->id ) {
 			case 'widgets':
-				$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off">' . __('Disable accessibility mode') . "</a></p>\n";
+				$nonce = wp_create_nonce( 'widgets-access' );
+				$this->_screen_settings = '<p><a id="access-on" href="widgets.php?widgets-access=on&_wpnonce=' . urlencode( $nonce ) . '">' . __('Enable accessibility mode') . '</a><a id="access-off" href="widgets.php?widgets-access=off&_wpnonce=' . urlencode( $nonce ) . '">' . __('Disable accessibility mode') . "</a></p>\n";
 				break;
 			default:
 				$this->_screen_settings = '';
--- a/wp-admin/includes/taxonomy.php
+++ b/wp-admin/includes/taxonomy.php
@@ -34,7 +34,8 @@ function category_exists($cat_name, $parent = 0) {
 * @return unknown
 */
 function get_category_to_edit( $id ) {
-	$category = get_category( $id, OBJECT, 'edit' );
+	$category = get_term( $id, 'category', OBJECT, 'edit' );
+	_make_cat_compat( $category );
 	return $category;
 }

@@ -155,7 +156,8 @@ function wp_update_category($catarr) {
 		return false;

 	// First, get all of the original fields
-	$category = get_category($cat_ID, ARRAY_A);
+	$category = get_term( $cat_ID, 'category', ARRAY_A );
+	_make_cat_compat( $category );

 	// Escape data pulled from DB.
 	$category = wp_slash($category);
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -24,16 +24,51 @@ class Walker_Category_Checklist extends Walker {
 	var $tree_type = 'category';
 	var $db_fields = array ('parent' => 'parent', 'id' => 'term_id'); //TODO: decouple this

+	/**
+	 * Starts the list before the elements are added.
+	 *
+	 * @see Walker:start_lvl()
+	 *
+	 * @since 2.5.1
+	 *
+	 * @param string $output Passed by reference. Used to append additional content.
+	 * @param int    $depth  Depth of category. Used for tab indentation.
+	 * @param array  $args   An array of arguments. @see wp_terms_checklist()
+	 */
 	function start_lvl( &$output, $depth = 0, $args = array() ) {
 		$indent = str_repeat("\t", $depth);
 		$output .= "$indent<ul class='children'>\n";
 	}

+	/**
+	 * Ends the list of after the elements are added.
+	 *
+	 * @see Walker::end_lvl()
+	 *
+	 * @since 2.5.1
+	 *
+	 * @param string $output Passed by reference. Used to append additional content.
+	 * @param int    $depth  Depth of category. Used for tab indentation.
+	 * @param array  $args   An array of arguments. @see wp_terms_checklist()
+	 */
 	function end_lvl( &$output, $depth = 0, $args = array() ) {
 		$indent = str_repeat("\t", $depth);
 		$output .= "$indent</ul>\n";
 	}

+	/**
+	 * Start the element output.
+	 *
+	 * @see Walker::start_el()
+	 *
+	 * @since 2.5.1
+	 *
+	 * @param string $output   Passed by reference. Used to append additional content.
+	 * @param object $category The current term object.
+	 * @param int    $depth    Depth of the term in reference to parents. Default 0.
+	 * @param array  $args     An array of arguments. @see wp_terms_checklist()
+	 * @param int    $id       ID of the current term.
+	 */
 	function start_el( &$output, $category, $depth = 0, $args = array(), $id = 0 ) {
 		extract($args);
 		if ( empty($taxonomy) )
@@ -48,6 +83,18 @@ class Walker_Category_Checklist extends Walker {
 		$output .= "\n<li id='{$taxonomy}-{$category->term_id}'$class>" . '<label class="selectit"><input value="' . $category->term_id . '" type="checkbox" name="'.$name.'[]" id="in-'.$taxonomy.'-' . $category->term_id . '"' . checked( in_array( $category->term_id, $selected_cats ), true, false ) . disabled( empty( $args['disabled'] ), false, false ) . ' /> ' . esc_html( apply_filters('the_category', $category->name )) . '</label>';
 	}

+	/**
+	 * Ends the element output, if needed.
+	 *
+	 * @see Walker::end_el()
+	 *
+	 * @since 2.5.1
+	 *
+	 * @param string $output   Passed by reference. Used to append additional content.
+	 * @param object $category The current term object.
+	 * @param int    $depth    Depth of the term in reference to parents. Default 0.
+	 * @param array  $args     An array of arguments. @see wp_terms_checklist()
+	 */
 	function end_el( &$output, $category, $depth = 0, $args = array() ) {
 		$output .= "</li>\n";
 	}
@@ -500,12 +547,15 @@ function _list_meta_row( $entry, &$count ) {
 }

 /**
- * {@internal Missing Short Description}}
+ * Prints the form in the Custom Fields meta box.
 *
 * @since 1.2.0
+ *
+ * @param WP_Post $post Optional. The post being edited.
 */
-function meta_form() {
+function meta_form( $post = null ) {
 	global $wpdb;
+	$post = get_post( $post );
 	$limit = (int) apply_filters( 'postmeta_form_limit', 30 );
 	$keys = $wpdb->get_col( "
 		SELECT meta_key
@@ -535,7 +585,7 @@ function meta_form() {
 <?php

 	foreach ( $keys as $key ) {
-		if ( is_protected_meta( $key, 'post' ) )
+		if ( is_protected_meta( $key, 'post' ) || ! current_user_can( 'add_post_meta', $post->ID, $key ) )
 			continue;
 		echo "\n<option value='" . esc_attr($key) . "'>" . esc_html($key) . "</option>";
 	}
@@ -695,57 +745,6 @@ function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) {
 	}
 }

-/**
- * {@internal Missing Short Description}}
- *
- * @since 2.0.0
- *
- * @param unknown_type $id
- * @return unknown
- */
-function the_attachment_links( $id = false ) {
-	$id = (int) $id;
-	$post = get_post( $id );
-
-	if ( $post->post_type != 'attachment' )
-		return false;
-
-	$icon = wp_get_attachment_image( $post->ID, 'thumbnail', true );
-	$attachment_data = wp_get_attachment_metadata( $id );
-	$thumb = isset( $attachment_data['thumb'] );
-?>
-<form id="the-attachment-links">
-<table>
-	<col />
-	<col class="widefat" />
-	<tr>
-		<th scope="row"><?php _e( 'URL' ) ?></th>
-		<td><textarea rows="1" cols="40" type="text" class="attachmentlinks" readonly="readonly"><?php echo esc_textarea( wp_get_attachment_url() ); ?></textarea></td>
-	</tr>
-<?php if ( $icon ) : ?>
-	<tr>
-		<th scope="row"><?php $thumb ? _e( 'Thumbnail linked to file' ) : _e( 'Image linked to file' ); ?></th>
-		<td><textarea rows="1" cols="40" type="text" class="attachmentlinks" readonly="readonly"><a href="<?php echo wp_get_attachment_url(); ?>"><?php echo $icon ?></a></textarea></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php $thumb ? _e( 'Thumbnail linked to page' ) : _e( 'Image linked to page' ); ?></th>
-		<td><textarea rows="1" cols="40" type="text" class="attachmentlinks" readonly="readonly"><a href="<?php echo get_attachment_link( $post->ID ) ?>" rel="attachment wp-att-<?php echo $post->ID; ?>"><?php echo $icon ?></a></textarea></td>
-	</tr>
-<?php else : ?>
-	<tr>
-		<th scope="row"><?php _e( 'Link to file' ) ?></th>
-		<td><textarea rows="1" cols="40" type="text" class="attachmentlinks" readonly="readonly"><a href="<?php echo wp_get_attachment_url(); ?>" class="attachmentlink"><?php echo basename( wp_get_attachment_url() ); ?></a></textarea></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e( 'Link to page' ) ?></th>
-		<td><textarea rows="1" cols="40" type="text" class="attachmentlinks" readonly="readonly"><a href="<?php echo get_attachment_link( $post->ID ) ?>" rel="attachment wp-att-<?php echo $post->ID ?>"><?php the_title(); ?></a></textarea></td>
-	</tr>
-<?php endif; ?>
-</table>
-</form>
-<?php
-}
-
 /**
 * Print out <option> html elements for role selectors
 *
@@ -757,7 +756,7 @@ function wp_dropdown_roles( $selected = false ) {
 	$p = '';
 	$r = '';

-	$editable_roles = get_editable_roles();
+	$editable_roles = array_reverse( get_editable_roles() );

 	foreach ( $editable_roles as $role => $details ) {
 		$name = translate_user_role($details['name'] );
@@ -1072,13 +1071,6 @@ function add_settings_section($id, $title, $callback, $page) {
 		$page = 'reading';
 	}

-	if ( !isset($wp_settings_sections) )
-		$wp_settings_sections = array();
-	if ( !isset($wp_settings_sections[$page]) )
-		$wp_settings_sections[$page] = array();
-	if ( !isset($wp_settings_sections[$page][$id]) )
-		$wp_settings_sections[$page][$id] = array();
-
 	$wp_settings_sections[$page][$id] = array('id' => $id, 'title' => $title, 'callback' => $callback);
 }

@@ -1117,13 +1109,6 @@ function add_settings_field($id, $title, $callback, $page, $section = 'default',
 		$page = 'reading';
 	}

-	if ( !isset($wp_settings_fields) )
-		$wp_settings_fields = array();
-	if ( !isset($wp_settings_fields[$page]) )
-		$wp_settings_fields[$page] = array();
-	if ( !isset($wp_settings_fields[$page][$section]) )
-		$wp_settings_fields[$page][$section] = array();
-
 	$wp_settings_fields[$page][$section][$id] = array('id' => $id, 'title' => $title, 'callback' => $callback, 'args' => $args);
 }

@@ -1143,7 +1128,7 @@ function add_settings_field($id, $title, $callback, $page, $section = 'default',
 function do_settings_sections( $page ) {
 	global $wp_settings_sections, $wp_settings_fields;

-	if ( ! isset( $wp_settings_sections ) || !isset( $wp_settings_sections[$page] ) )
+	if ( ! isset( $wp_settings_sections[$page] ) )
 		return;

 	foreach ( (array) $wp_settings_sections[$page] as $section ) {
@@ -1178,7 +1163,7 @@ function do_settings_sections( $page ) {
 function do_settings_fields($page, $section) {
 	global $wp_settings_fields;

-	if ( !isset($wp_settings_fields) || !isset($wp_settings_fields[$page]) || !isset($wp_settings_fields[$page][$section]) )
+	if ( ! isset( $wp_settings_fields[$page][$section] ) )
 		return;

 	foreach ( (array) $wp_settings_fields[$page][$section] as $field ) {
@@ -1219,9 +1204,6 @@ function do_settings_fields($page, $section) {
 function add_settings_error( $setting, $code, $message, $type = 'error' ) {
 	global $wp_settings_errors;

-	if ( !isset($wp_settings_errors) )
-		$wp_settings_errors = array();
-
 	$new_error = array(
 		'setting' => $setting,
 		'code' => $code,
@@ -1256,7 +1238,7 @@ function add_settings_error( $setting, $code, $message, $type = 'error' ) {
 function get_settings_errors( $setting = '', $sanitize = false ) {
 	global $wp_settings_errors;

-	// If $sanitize is true, manually re-run the sanitizisation for this option
+	// If $sanitize is true, manually re-run the sanitization for this option
 	// This allows the $sanitize_callback from register_setting() to run, adding
 	// any settings errors you want to show by default.
 	if ( $sanitize )
@@ -1391,7 +1373,7 @@ function _draft_or_post_title( $post = 0 ) {
 	$title = get_the_title( $post );
 	if ( empty( $title ) )
 		$title = __( '(no title)' );
-	return $title;
+	return esc_html( $title );
 }

 /**
@@ -1453,6 +1435,10 @@ do_action("admin_head-$hook_suffix");
 do_action('admin_head');

 $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) );
+
+if ( is_rtl() )
+	$admin_body_class .= ' rtl';
+
 ?>
 </head>
 <body<?php if ( isset($GLOBALS['body_id']) ) echo ' id="' . $GLOBALS['body_id'] . '"'; ?> class="wp-admin wp-core-ui no-js iframe <?php echo apply_filters( 'admin_body_class', '' ) . ' ' . $admin_body_class; ?>">
@@ -1734,7 +1720,8 @@ final class WP_Internal_Pointers {
 		$registered_pointers = array(
 			'index.php'    => 'wp330_toolbar',
 			'post-new.php' => 'wp350_media',
-			'post.php'     => 'wp350_media',
+			'post.php'     => array( 'wp350_media', 'wp360_revisions' ),
+			'edit.php'     => 'wp360_locks',
 			'themes.php'   => array( 'wp330_saving_widgets', 'wp340_customize_current_theme_link' ),
 			'appearance_page_custom-header' => 'wp340_choose_image_from_library',
 			'appearance_page_custom-background' => 'wp340_choose_image_from_library',
@@ -1810,7 +1797,7 @@ final class WP_Internal_Pointers {
 			});

 			setup = function() {
-				$('<?php echo $selector; ?>').pointer( options ).pointer('open');
+				$('<?php echo $selector; ?>').first().pointer( options ).pointer('open');
 			};

 			if ( options.position && options.position.defer_loading )
@@ -1900,13 +1887,36 @@ final class WP_Internal_Pointers {
 		) );
 	}

+	public static function pointer_wp360_revisions() {
+		$content  = '<h3>' . __( 'Compare Revisions' ) . '</h3>';
+		$content .= '<p>' . __( 'View, compare, and restore other versions of this content on the improved revisions screen.' ) . '</p>';
+
+		self::print_js( 'wp360_revisions', '.misc-pub-section.misc-pub-revisions', array(
+			'content' => $content,
+			'position' => array( 'edge' => is_rtl() ? 'left' : 'right', 'align' => 'center', 'my' => is_rtl() ? 'left' : 'right-14px' ),
+		) );
+	}
+
+	public static function pointer_wp360_locks() {
+		$content  = '<h3>' . __( 'Edit Lock' ) . '</h3>';
+		$content .= '<p>' . __( 'Someone else is editing this. No need to refresh; the lock will disappear when they&#8217;re done.' ) . '</p>';
+
+		if ( ! is_multi_author() )
+			return;
+
+		self::print_js( 'wp360_locks', 'tr.wp-locked .locked-indicator', array(
+			'content' => $content,
+			'position' => array( 'edge' => 'left', 'align' => 'left' ),
+		) );
+	}
+
 	/**
 	 * Prevents new users from seeing existing 'new feature' pointers.
 	 *
 	 * @since 3.3.0
 	 */
 	public static function dismiss_pointers_for_new_users( $user_id ) {
-		add_user_meta( $user_id, 'dismissed_wp_pointers', 'wp330_toolbar,wp330_saving_widgets,wp340_choose_image_from_library,wp340_customize_current_theme_link,wp350_media' );
+		add_user_meta( $user_id, 'dismissed_wp_pointers', 'wp330_toolbar,wp330_saving_widgets,wp340_choose_image_from_library,wp340_customize_current_theme_link,wp350_media,wp360_revisions,wp360_locks' );
 	}
 }

--- a/wp-admin/includes/theme.php
+++ b/wp-admin/includes/theme.php
@@ -282,7 +282,23 @@ function themes_api($action, $args = null) {
 	$res = apply_filters('themes_api', false, $action, $args); //NOTE: Allows a theme to completely override the builtin WordPress.org API.

 	if ( ! $res ) {
-		$request = wp_remote_post('http://api.wordpress.org/themes/info/1.0/', array( 'body' => array('action' => $action, 'request' => serialize($args))) );
+		$url = $http_url = 'http://api.wordpress.org/themes/info/1.0/';
+		if ( $ssl = wp_http_supports( array( 'ssl' ) ) )
+			$url = set_url_scheme( $url, 'https' );
+
+		$args = array(
+			'body' => array(
+				'action' => $action,
+				'request' => serialize( $args )
+			)
+		);
+		$request = wp_remote_post( $url, $args );
+
+		if ( $ssl && is_wp_error( $request ) ) {
+			trigger_error( __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server&#8217;s configuration. If you continue to have problems, please try the <a href="http://wordpress.org/support/">support forums</a>.' ) . ' ' . '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)', headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE );
+			$request = wp_remote_post( $http_url, $args );
+		}
+
 		if ( is_wp_error($request) ) {
 			$res = new WP_Error('themes_api_failed', __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server&#8217;s configuration. If you continue to have problems, please try the <a href="http://wordpress.org/support/">support forums</a>.' ), $request->get_error_message() );
 		} else {
--- a/wp-admin/includes/update-core.php
+++ b/wp-admin/includes/update-core.php
@@ -551,6 +551,17 @@ $_old_files = array(
 'wp-includes/js/tinymce/themes/advanced/skins/wp_theme/ui.css',
 // 3.5.2
 'wp-includes/js/swfupload/swfupload-all.js',
+// 3.6
+'wp-admin/js/revisions-js.php',
+'wp-admin/images/screenshots',
+'wp-admin/js/categories.js',
+'wp-admin/js/categories.min.js',
+'wp-admin/js/custom-fields.js',
+'wp-admin/js/custom-fields.min.js',
+// 3.7
+'wp-admin/js/cat.js',
+'wp-admin/js/cat.min.js',
+'wp-includes/js/tinymce/plugins/wpeditimage/js/editimage.min.js',
 );

 /**
@@ -651,11 +662,11 @@ function update_core($from, $to) {
 	$versions_file = trailingslashit( $wp_filesystem->wp_content_dir() ) . 'upgrade/version-current.php';
 	if ( ! $wp_filesystem->copy( $from . $distro . 'wp-includes/version.php', $versions_file ) ) {
 		 $wp_filesystem->delete( $from, true );
-		 return new WP_Error( 'copy_failed', __('Could not copy file.') );
+		 return new WP_Error( 'copy_failed_for_version_file', __( 'The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.' ), 'wp-includes/version.php' );
 	}

 	$wp_filesystem->chmod( $versions_file, FS_CHMOD_FILE );
-	require_once( WP_CONTENT_DIR . '/upgrade/version-current.php' );
+	require( WP_CONTENT_DIR . '/upgrade/version-current.php' );
 	$wp_filesystem->delete( $versions_file );

 	$php_version    = phpversion();
@@ -678,16 +689,104 @@ function update_core($from, $to) {
 	elseif ( !$mysql_compat )
 		return new WP_Error( 'mysql_not_compatible', sprintf( __('The update cannot be installed because WordPress %1$s requires MySQL version %2$s or higher. You are running version %3$s.'), $wp_version, $required_mysql_version, $mysql_version ) );

-	apply_filters('update_feedback', __('Installing the latest version&#8230;'));
+	apply_filters( 'update_feedback', __( 'Preparing to install the latest version&#8230;' ) );

+	// Don't copy wp-content, we'll deal with that below
+	$skip = array( 'wp-content' );
+	$check_is_writable = array();
+
+	// Check to see which files don't really need updating - only available for 3.7 and higher
+	if ( function_exists( 'get_core_checksums' ) ) {
+		// Find the local version of the working directory
+		$working_dir_local = WP_CONTENT_DIR . '/upgrade/' . basename( $from ) . $distro;
+
+		$checksums = get_core_checksums( $wp_version, isset( $wp_local_package ) ? $wp_local_package : 'en_US' );
+		if ( is_array( $checksums ) && isset( $checksums[ $wp_version ] ) )
+			$checksums = $checksums[ $wp_version ]; // Compat code for 3.7-beta2
+		if ( is_array( $checksums ) ) {
+			foreach( $checksums as $file => $checksum ) {
+				if ( 'wp-content' == substr( $file, 0, 10 ) )
+					continue;
+				if ( ! file_exists( ABSPATH . $file ) )
+					continue;
+				if ( ! file_exists( $working_dir_local . $file ) )
+					continue;
+				if ( md5_file( ABSPATH . $file ) === $checksum )
+					$skip[] = $file;
+				else
+					$check_is_writable[ $file ] = ABSPATH . $file;
+			}
+		}
+	}
+
+	// If we're using the direct method, we can predict write failures that are due to permissions.
+	if ( $check_is_writable && 'direct' === $wp_filesystem->method ) {
+		$files_writable = array_filter( $check_is_writable, array( $wp_filesystem, 'is_writable' ) );
+		if ( $files_writable !== $check_is_writable ) {
+			$files_not_writable = array_diff_key( $check_is_writable, $files_writable );
+			foreach ( $files_not_writable as $relative_file_not_writable => $file_not_writable ) {
+				// If the writable check failed, chmod file to 0644 and try again, same as copy_dir().
+				$wp_filesystem->chmod( $file_not_writable, FS_CHMOD_FILE );
+				if ( $wp_filesystem->is_writable( $file_not_writable ) )
+					unset( $files_not_writable[ $relative_file_not_writable ] );
+			}
+
+			// Store package-relative paths (the key) of non-writable files in the WP_Error object.
+			$error_data = version_compare( $old_wp_version, '3.7-beta2', '>' ) ? array_keys( $files_not_writable ) : '';
+
+			if ( $files_not_writable )
+				return new WP_Error( 'files_not_writable', __( 'The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.' ), implode( ', ', $error_data ) );
+		}
+	}
+
+	apply_filters( 'update_feedback', __( 'Enabling Maintenance mode&#8230;' ) );
 	// Create maintenance file to signal that we are upgrading
 	$maintenance_string = '<?php $upgrading = ' . time() . '; ?>';
 	$maintenance_file = $to . '.maintenance';
 	$wp_filesystem->delete($maintenance_file);
 	$wp_filesystem->put_contents($maintenance_file, $maintenance_string, FS_CHMOD_FILE);

+	apply_filters( 'update_feedback', __( 'Copying the required files&#8230;' ) );
 	// Copy new versions of WP files into place.
-	$result = _copy_dir($from . $distro, $to, array('wp-content') );
+	$result = _copy_dir( $from . $distro, $to, $skip );
+	if ( is_wp_error( $result ) )
+		$result = new WP_Error( $result->get_error_code(), $result->get_error_message(), substr( $result->get_error_data(), strlen( $to ) ) );
+
+	// Check to make sure everything copied correctly, ignoring the contents of wp-content
+	$skip = array( 'wp-content' );
+	$failed = array();
+	if ( isset( $checksums ) && is_array( $checksums ) ) {
+		foreach ( $checksums as $file => $checksum ) {
+			if ( 'wp-content' == substr( $file, 0, 10 ) )
+				continue;
+			if ( ! file_exists( $working_dir_local . $file ) )
+				continue;
+			if ( file_exists( ABSPATH . $file ) && md5_file( ABSPATH . $file ) == $checksum )
+				$skip[] = $file;
+			else
+				$failed[] = $file;
+		}
+	}
+
+	// Some files didn't copy properly
+	if ( ! empty( $failed ) ) {
+		$total_size = 0;
+		foreach ( $failed as $file ) {
+			if ( file_exists( $working_dir_local . $file ) )
+				$total_size += filesize( $working_dir_local . $file );
+		}
+
+		// If we don't have enough free space, it isn't worth trying again.
+		// Unlikely to be hit due to the check in unzip_file().
+		$available_space = @disk_free_space( ABSPATH );
+		if ( $available_space && $total_size >= $available_space ) {
+			$result = new WP_Error( 'disk_full', __( 'There is not enough free disk space to complete the update.' ) );
+		} else {
+			$result = _copy_dir( $from . $distro, $to, $skip );
+			if ( is_wp_error( $result ) )
+				$result = new WP_Error( $result->get_error_code() . '_retry', $result->get_error_message(), substr( $result->get_error_data(), strlen( $to ) ) );
+		}
+	}

 	// Custom Content Directory needs updating now.
 	// Copy Languages
@@ -704,11 +803,18 @@ function update_core($from, $to) {

 		if ( @is_dir($lang_dir) ) {
 			$wp_lang_dir = $wp_filesystem->find_folder($lang_dir);
-			if ( $wp_lang_dir )
+			if ( $wp_lang_dir ) {
 				$result = copy_dir($from . $distro . 'wp-content/languages/', $wp_lang_dir);
+				if ( is_wp_error( $result ) )
+					$result = new WP_Error( $result->get_error_code() . '_languages', $result->get_error_message(), substr( $result->get_error_data(), strlen( $wp_lang_dir ) ) );
+			}
 		}
 	}

+	apply_filters( 'update_feedback', __( 'Disabling Maintenance mode&#8230;' ) );
+	// Remove maintenance file, we're done with potential site-breaking changes
+	$wp_filesystem->delete( $maintenance_file );
+
 	// 3.5 -> 3.5+ - an empty twentytwelve directory was created upon upgrade to 3.5 for some users, preventing installation of Twenty Twelve.
 	if ( '3.5' == $old_wp_version ) {
 		if ( is_dir( WP_CONTENT_DIR . '/themes/twentytwelve' ) && ! file_exists( WP_CONTENT_DIR . '/themes/twentytwelve/style.css' )  ) {
@@ -742,15 +848,20 @@ function update_core($from, $to) {
 						continue;

 					if ( ! $wp_filesystem->copy($from . $distro . 'wp-content/' . $file, $dest . $filename, FS_CHMOD_FILE) )
-						$result = new WP_Error('copy_failed', __('Could not copy file.'), $dest . $filename);
+						$result = new WP_Error( "copy_failed_for_new_bundled_$type", __( 'Could not copy file.' ), $dest . $filename );
 				} else {
 					if ( ! $development_build && $wp_filesystem->is_dir( $dest . $filename ) )
 						continue;

 					$wp_filesystem->mkdir($dest . $filename, FS_CHMOD_DIR);
 					$_result = copy_dir( $from . $distro . 'wp-content/' . $file, $dest . $filename);
-					if ( is_wp_error($_result) ) //If a error occurs partway through this final step, keep the error flowing through, but keep process going.
-						$result = $_result;
+
+					// If a error occurs partway through this final step, keep the error flowing through, but keep process going.
+					if ( is_wp_error( $_result ) ) {
+						if ( ! is_wp_error( $result ) )
+							$result = new WP_Error;
+						$result->add( $_result->get_error_code() . "_$type", $_result->get_error_message(), substr( $_result->get_error_data(), strlen( $dest ) ) );
+					}
 				}
 			}
 		} //end foreach
@@ -758,7 +869,6 @@ function update_core($from, $to) {

 	// Handle $result error from the above blocks
 	if ( is_wp_error($result) ) {
-		$wp_filesystem->delete($maintenance_file);
 		$wp_filesystem->delete($from, true);
 		return $result;
 	}
@@ -771,11 +881,19 @@ function update_core($from, $to) {
 		$wp_filesystem->delete($old_file, true);
 	}

+	// Remove any Genericons example.html's from the filesystem
+	_upgrade_422_remove_genericons();
+
 	// Upgrade DB with separate request
 	apply_filters('update_feedback', __('Upgrading database&#8230;'));
 	$db_upgrade_url = admin_url('upgrade.php?step=upgrade_db');
 	wp_remote_post($db_upgrade_url, array('timeout' => 60));

+	// Clear the cache to prevent an update_option() from saving a stale db_version to the cache
+	wp_cache_flush();
+	// (Not all cache backends listen to 'flush')
+	wp_cache_delete( 'alloptions', 'options' );
+
 	// Remove working directory
 	$wp_filesystem->delete($from, true);

@@ -785,12 +903,13 @@ function update_core($from, $to) {
 	else
 		delete_option('update_core');

-	// Remove maintenance file, we're done.
-	$wp_filesystem->delete($maintenance_file);
-
 	// If we made it this far:
 	do_action( '_core_updated_successfully', $wp_version );

+	// Clear the option that blocks auto updates after failures, now that we've been successful.
+	if ( function_exists( 'delete_site_option' ) )
+		delete_site_option( 'auto_core_update_failed' );
+
 	return $wp_version;
 }

@@ -798,10 +917,12 @@ function update_core($from, $to) {
 * Copies a directory from one location to another via the WordPress Filesystem Abstraction.
 * Assumes that WP_Filesystem() has already been called and setup.
 *
- * This is a temporary function for the 3.1 -> 3.2 upgrade only and will be removed in 3.3
+ * This is a temporary function for the 3.1 -> 3.2 upgrade, as well as for those upgrading to
+ * 3.7+
 *
 * @ignore
 * @since 3.2.0
+ * @since 3.7.0 Updated not to use a regular expression for the skip list
 * @see copy_dir()
 *
 * @param string $from source directory
@@ -817,31 +938,31 @@ function _copy_dir($from, $to, $skip_list = array() ) {
 	$from = trailingslashit($from);
 	$to = trailingslashit($to);

-	$skip_regex = '';
-	foreach ( (array)$skip_list as $key => $skip_file )
-		$skip_regex .= preg_quote($skip_file, '!') . '|';
-
-	if ( !empty($skip_regex) )
-		$skip_regex = '!(' . rtrim($skip_regex, '|') . ')$!i';
-
 	foreach ( (array) $dirlist as $filename => $fileinfo ) {
-		if ( !empty($skip_regex) )
-			if ( preg_match($skip_regex, $from . $filename) )
-				continue;
+		if ( in_array( $filename, $skip_list ) )
+			continue;

 		if ( 'f' == $fileinfo['type'] ) {
 			if ( ! $wp_filesystem->copy($from . $filename, $to . $filename, true, FS_CHMOD_FILE) ) {
 				// If copy failed, chmod file to 0644 and try again.
-				$wp_filesystem->chmod($to . $filename, 0644);
+				$wp_filesystem->chmod( $to . $filename, FS_CHMOD_FILE );
 				if ( ! $wp_filesystem->copy($from . $filename, $to . $filename, true, FS_CHMOD_FILE) )
-					return new WP_Error('copy_failed', __('Could not copy file.'), $to . $filename);
+					return new WP_Error( 'copy_failed__copy_dir', __( 'Could not copy file.' ), $to . $filename );
 			}
 		} elseif ( 'd' == $fileinfo['type'] ) {
 			if ( !$wp_filesystem->is_dir($to . $filename) ) {
 				if ( !$wp_filesystem->mkdir($to . $filename, FS_CHMOD_DIR) )
-					return new WP_Error('mkdir_failed', __('Could not create directory.'), $to . $filename);
+					return new WP_Error( 'mkdir_failed__copy_dir', __( 'Could not create directory.' ), $to . $filename );
 			}
-			$result = _copy_dir($from . $filename, $to . $filename, $skip_list);
+
+			// generate the $sub_skip_list for the subdirectory as a sub-set of the existing $skip_list
+			$sub_skip_list = array();
+			foreach ( $skip_list as $skip_item ) {
+				if ( 0 === strpos( $skip_item, $filename . '/' ) )
+					$sub_skip_list[] = preg_replace( '!^' . preg_quote( $filename, '!' ) . '/!i', '', $skip_item );
+			}
+
+			$result = _copy_dir($from . $filename, $to . $filename, $sub_skip_list);
 			if ( is_wp_error($result) )
 				return $result;
 		}
@@ -863,7 +984,7 @@ function _redirect_to_about_wordpress( $new_version ) {
 	if ( version_compare( $wp_version, '3.4-RC1', '>=' ) )
 		return;

-	// Ensure we only run this on the update-core.php page. wp_update_core() could be called in other contexts.
+	// Ensure we only run this on the update-core.php page. The Core_Upgrader may be used in other contexts.
 	if ( 'update-core.php' != $pagenow )
 		return;

@@ -891,3 +1012,67 @@ window.location = 'about.php?updated';
 	exit();
 }
 add_action( '_core_updated_successfully', '_redirect_to_about_wordpress' );
+
+/**
+ * Cleans up Genericons example files.
+ *
+ * @since 4.2.2
+ */
+function _upgrade_422_remove_genericons() {
+	global $wp_theme_directories, $wp_filesystem;
+
+	// A list of the affected files using the filesystem absolute paths.
+	$affected_files = array();
+
+	// Themes
+	foreach ( $wp_theme_directories as $directory ) {
+		$affected_theme_files = _upgrade_422_find_genericons_files_in_folder( $directory );
+		$affected_files       = array_merge( $affected_files, $affected_theme_files );
+	}
+
+	// Plugins
+	$affected_plugin_files = _upgrade_422_find_genericons_files_in_folder( WP_PLUGIN_DIR );
+	$affected_files        = array_merge( $affected_files, $affected_plugin_files );
+
+	foreach ( $affected_files as $file ) {
+		$gen_dir = $wp_filesystem->find_folder( trailingslashit( dirname( $file ) ) );
+		if ( empty( $gen_dir ) ) {
+			continue;
+		}
+
+		// The path when the file is accessed via WP_Filesystem may differ in the case of FTP
+		$remote_file = $gen_dir . basename( $file );
+
+		if ( ! $wp_filesystem->exists( $remote_file ) ) {
+			continue;
+		}
+
+		if ( ! $wp_filesystem->delete( $remote_file, false, 'f' ) ) {
+			$wp_filesystem->put_contents( $remote_file, '' );
+		}
+	}
+}
+
+/**
+ * Recursively find Genericons example files in a given folder.
+ *
+ * @ignore
+ * @since 4.2.2
+ *
+ * @param string $directory Directory path. Expects trailingslashed.
+ * @return array
+ */
+function _upgrade_422_find_genericons_files_in_folder( $directory ) {
+	$directory = trailingslashit( $directory );
+	$files     = array();
+
+	if ( file_exists( "{$directory}example.html" ) && false !== strpos( file_get_contents( "{$directory}example.html" ), '<title>Genericons</title>' ) ) {
+		$files[] = "{$directory}example.html";
+	}
+
+	foreach ( glob( $directory . '*', GLOB_ONLYDIR ) as $dir ) {
+		$files = array_merge( $files, _upgrade_422_find_genericons_files_in_folder( $dir ) );
+	}
+
+	return $files;
+}
--- a/wp-admin/includes/update.php
+++ b/wp-admin/includes/update.php
@@ -6,8 +6,6 @@
 * @subpackage Administration
 */

-// The admin side of our 1.1 update system
-
 /**
 * Selects the first update version from the update_core option
 *
@@ -15,10 +13,10 @@
 */
 function get_preferred_from_update_core() {
 	$updates = get_core_updates();
-	if ( !is_array( $updates ) )
+	if ( ! is_array( $updates ) )
 		return false;
 	if ( empty( $updates ) )
-		return (object)array('response' => 'latest');
+		return (object) array( 'response' => 'latest' );
 	return $updates[0];
 }

@@ -30,51 +28,133 @@ function get_preferred_from_update_core() {
 * @return array Array of the update objects
 */
 function get_core_updates( $options = array() ) {
-	$options = array_merge( array('available' => true, 'dismissed' => false ), $options );
+	$options = array_merge( array( 'available' => true, 'dismissed' => false ), $options );
 	$dismissed = get_site_option( 'dismissed_update_core' );
-	if ( !is_array( $dismissed ) ) $dismissed = array();
+
+	if ( ! is_array( $dismissed ) )
+		$dismissed = array();
+
 	$from_api = get_site_transient( 'update_core' );
-	if ( empty($from_api) )
+
+	if ( ! isset( $from_api->updates ) || ! is_array( $from_api->updates ) )
 		return false;
-	if ( !isset( $from_api->updates ) || !is_array( $from_api->updates ) ) return false;
+
 	$updates = $from_api->updates;
-	if ( !is_array( $updates ) ) return false;
 	$result = array();
-	foreach($updates as $update) {
-		if ( array_key_exists( $update->current.'|'.$update->locale, $dismissed ) ) {
+	foreach ( $updates as $update ) {
+		if ( $update->response == 'autoupdate' )
+			continue;
+
+		if ( array_key_exists( $update->current . '|' . $update->locale, $dismissed ) ) {
 			if ( $options['dismissed'] ) {
 				$update->dismissed = true;
-				$result[]= $update;
+				$result[] = $update;
 			}
 		} else {
 			if ( $options['available'] ) {
 				$update->dismissed = false;
-				$result[]= $update;
+				$result[] = $update;
 			}
 		}
 	}
 	return $result;
 }

+/**
+ * Gets the best available (and enabled) Auto-Update for WordPress Core.
+ *
+ * If there's 1.2.3 and 1.3 on offer, it'll choose 1.3 if the install allows it, else, 1.2.3
+ *
+ * @since 3.7.0
+ *
+ * @return bool|array False on failure, otherwise the core update offering.
+ */
+function find_core_auto_update() {
+	$updates = get_site_transient( 'update_core' );
+	if ( ! $updates || empty( $updates->updates ) )
+		return false;
+
+	include_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
+
+	$auto_update = false;
+	$upgrader = new WP_Automatic_Updater;
+	foreach ( $updates->updates as $update ) {
+		if ( 'autoupdate' != $update->response )
+			continue;
+
+		if ( ! $upgrader->should_update( 'core', $update, ABSPATH ) )
+			continue;
+
+		if ( ! $auto_update || version_compare( $update->current, $auto_update->current, '>' ) )
+			$auto_update = $update;
+	}
+	return $auto_update;
+}
+
+/**
+ * Gets and caches the checksums for the given version of WordPress.
+ *
+ * @since 3.7.0
+ *
+ * @param string $version Version string to query.
+ * @param string $locale  Locale to query.
+ * @return bool|array False on failure. An array of checksums on success.
+ */
+function get_core_checksums( $version, $locale ) {
+	$return = array();
+
+	$url = $http_url = 'http://api.wordpress.org/core/checksums/1.0/?' . http_build_query( compact( 'version', 'locale' ), null, '&' );
+
+	if ( $ssl = wp_http_supports( array( 'ssl' ) ) )
+		$url = set_url_scheme( $url, 'https' );
+
+	$options = array(
+		'timeout' => ( ( defined('DOING_CRON') && DOING_CRON ) ? 30 : 3 ),
+	);
+
+	$response = wp_remote_get( $url, $options );
+	if ( $ssl && is_wp_error( $response ) ) {
+		trigger_error( __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server&#8217;s configuration. If you continue to have problems, please try the <a href="http://wordpress.org/support/">support forums</a>.' ) . ' ' . '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)', headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE );
+		$response = wp_remote_get( $http_url, $options );
+	}
+
+	if ( is_wp_error( $response ) || 200 != wp_remote_retrieve_response_code( $response ) )
+		return false;
+
+	$body = trim( wp_remote_retrieve_body( $response ) );
+	$body = json_decode( $body, true );
+
+	if ( ! is_array( $body ) || ! isset( $body['checksums'] ) || ! is_array( $body['checksums'] ) )
+		return false;
+
+	return $body['checksums'];
+}
+
 function dismiss_core_update( $update ) {
 	$dismissed = get_site_option( 'dismissed_update_core' );
-	$dismissed[ $update->current.'|'.$update->locale ] = true;
+	$dismissed[ $update->current . '|' . $update->locale ] = true;
 	return update_site_option( 'dismissed_update_core', $dismissed );
 }

 function undismiss_core_update( $version, $locale ) {
 	$dismissed = get_site_option( 'dismissed_update_core' );
-	$key = $version.'|'.$locale;
-	if ( !isset( $dismissed[$key] ) ) return false;
+	$key = $version . '|' . $locale;
+
+	if ( ! isset( $dismissed[$key] ) )
+		return false;
+
 	unset( $dismissed[$key] );
 	return update_site_option( 'dismissed_update_core', $dismissed );
 }

 function find_core_update( $version, $locale ) {
 	$from_api = get_site_transient( 'update_core' );
-	if ( !is_array( $from_api->updates ) ) return false;
+
+	if ( ! isset( $from_api->updates ) || ! is_array( $from_api->updates ) )
+		return false;
+
 	$updates = $from_api->updates;
-	foreach($updates as $update) {
+	foreach ( $updates as $update ) {
 		if ( $update->current == $version && $update->locale == $locale )
 			return $update;
 	}
@@ -211,15 +291,6 @@ function wp_plugin_update_row( $file, $plugin_data ) {
 	}
 }

-function wp_update_plugin($plugin, $feedback = '') {
-	if ( !empty($feedback) )
-		add_filter('update_feedback', $feedback);
-
-	include ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
-	$upgrader = new Plugin_Upgrader();
-	return $upgrader->upgrade($plugin);
-}
-
 function get_theme_updates() {
 	$themes = wp_get_themes();
 	$current = get_site_transient('update_themes');
@@ -236,15 +307,6 @@ function get_theme_updates() {
 	return $update_themes;
 }

-function wp_update_theme($theme, $feedback = '') {
-	if ( !empty($feedback) )
-		add_filter('update_feedback', $feedback);
-
-	include ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
-	$upgrader = new Theme_Upgrader();
-	return $upgrader->upgrade($theme);
-}
-
 function wp_theme_update_rows() {
 	if ( !current_user_can('update_themes' ) )
 		return;
@@ -285,19 +347,28 @@ function wp_theme_update_row( $theme_key, $theme ) {
 	echo '</div></td></tr>';
 }

-function wp_update_core($current, $feedback = '') {
-	if ( !empty($feedback) )
-		add_filter('update_feedback', $feedback);
-
-	include ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
-	$upgrader = new Core_Upgrader();
-	return $upgrader->upgrade($current);
-
-}
-
 function maintenance_nag() {
+	include ABSPATH . WPINC . '/version.php'; // include an unmodified $wp_version
 	global $upgrading;
-	if ( ! isset( $upgrading ) )
+	$nag = isset( $upgrading );
+	if ( ! $nag ) {
+		$failed = get_site_option( 'auto_core_update_failed' );
+		/*
+		 * If an update failed critically, we may have copied over version.php but not other files.
+		 * In that case, if the install claims we're running the version we attempted, nag.
+		 * This is serious enough to err on the side of nagging.
+		 *
+		 * If we simply failed to update before we tried to copy any files, then assume things are
+		 * OK if they are now running the latest.
+		 *
+		 * This flag is cleared whenever a successful update occurs using Core_Upgrader.
+		 */
+		$comparison = ! empty( $failed['critical'] ) ? '>=' : '>';
+		if ( version_compare( $failed['attempted'], $wp_version, $comparison ) )
+			$nag = true;
+	}
+
+	if ( ! $nag )
 		return false;

 	if ( current_user_can('update_core') )
@@ -308,3 +379,4 @@ function maintenance_nag() {
 	echo "<div class='update-nag'>$msg</div>";
 }
 add_action( 'admin_notices', 'maintenance_nag' );
+add_action( 'network_admin_notices', 'maintenance_nag' );
--- a/wp-admin/includes/upgrade.php
+++ b/wp-admin/includes/upgrade.php
@@ -402,6 +402,18 @@ function upgrade_all() {
 	if ( $wp_current_db_version < 22422 )
 		upgrade_350();

+	if ( $wp_current_db_version < 25824 )
+		upgrade_370();
+
+	if ( $wp_current_db_version < 26148 )
+		upgrade_372();
+
+	if ( $wp_current_db_version < 26149 )
+		upgrade_373();
+
+	if ( $wp_current_db_version < 26151 )
+		upgrade_379();
+
 	maybe_disable_link_manager();

 	maybe_disable_automattic_widgets();
@@ -1208,6 +1220,114 @@ function upgrade_350() {
 		wp_delete_term( $term->term_id, 'post_format' );
 }

+/**
+ * Execute changes made in WordPress 3.7.
+ *
+ * @since 3.7.0
+ */
+function upgrade_370() {
+	global $wp_current_db_version;
+	if ( $wp_current_db_version < 25824 )
+		wp_clear_scheduled_hook( 'wp_auto_updates_maybe_update' );
+}
+
+/**
+ * Execute changes made in WordPress 3.7.2.
+ *
+ * @since 3.7.2
+ * @since 3.8.0
+ */
+function upgrade_372() {
+	global $wp_current_db_version;
+	if ( $wp_current_db_version < 26148 )
+		wp_clear_scheduled_hook( 'wp_maybe_auto_update' );
+}
+
+/**
+ * Execute changes made in WordPress 3.7.3.
+ *
+ * @since 3.7.3
+ */
+function upgrade_373() {
+	global $wp_current_db_version, $wpdb;
+	if ( $wp_current_db_version < 26149 ) {
+		// Find all lost Quick Draft auto-drafts and promote them to proper drafts.
+		$posts = $wpdb->get_results( "SELECT ID, post_title, post_content FROM $wpdb->posts WHERE post_type = 'post'
+			AND post_status = 'auto-draft' AND post_date >= '2014-04-08 00:00:00'" );
+
+		foreach ( $posts as $post ) {
+			// A regular auto-draft should never have content as that would mean it should have been promoted.
+			// If an auto-draft has content, it's from Quick Draft and it should be recovered.
+			if ( '' === $post->post_content ) {
+				// If it does not have content, we must evaluate whether the title should be recovered.
+				if ( 'Auto Draft' === $post->post_title || __( 'Auto Draft' ) === $post->post_title ) {
+					// This a plain old auto draft. Ignore it.
+					continue;
+				}
+			}
+
+			$wpdb->update( $wpdb->posts, array( 'post_status' => 'draft' ), array( 'ID' => $post->ID ) );
+			clean_post_cache( $post->ID );
+		}
+	}
+}
+
+/**
+ * Execute changes made in WordPress 3.7.8.
+ *
+ * @since 3.7.8
+ */
+function upgrade_378() {
+}
+
+/**
+ * Execute changes made in WordPress 3.7.9.
+ *
+ * @since 3.7.9
+ */
+function upgrade_379() {
+	global $wp_current_db_version, $wpdb;
+
+	if ( $wp_current_db_version < 26151 ) {
+		$content_length = $wpdb->get_col_length( $wpdb->comments, 'comment_content' );
+
+		if ( is_wp_error( $content_length ) ) {
+			return;
+		}
+
+		if ( false === $content_length ) {
+			$content_length = array(
+				'type'   => 'byte',
+				'length' => 65535,
+			);
+		} elseif ( ! is_array( $content_length ) ) {
+			$length = (int) $content_length > 0 ? (int) $content_length : 65535;
+			$content_length = array(
+				'type'	 => 'byte',
+				'length' => $length
+			);
+		}
+
+		if ( 'byte' !== $content_length['type'] || 0 === $content_length['length'] ) {
+			// Sites with malformed DB schemas are on their own.
+			return;
+		}
+
+		$allowed_length = intval( $content_length['length'] ) - 10;
+
+		$comments = $wpdb->get_results(
+			"SELECT `comment_ID` FROM `{$wpdb->comments}`
+				WHERE `comment_date_gmt` > '2015-04-26'
+				AND LENGTH( `comment_content` ) >= {$allowed_length}
+				AND ( `comment_content` LIKE '%<%' OR `comment_content` LIKE '%>%' )"
+		);
+
+		foreach ( $comments as $comment ) {
+			wp_delete_comment( $comment->comment_ID, true );
+		}
+	}
+}
+
 /**
 * Execute network level changes
 *
@@ -1215,6 +1335,20 @@ function upgrade_350() {
 */
 function upgrade_network() {
 	global $wp_current_db_version, $wpdb;
+
+	// Always
+	if ( is_main_network() ) {
+		// Deletes all expired transients.
+		// The multi-table delete syntax is used to delete the transient record from table a,
+		// and the corresponding transient_timeout record from table b.
+		$time = time();
+		$wpdb->query("DELETE a, b FROM $wpdb->sitemeta a, $wpdb->sitemeta b WHERE
+			a.meta_key LIKE '\_site\_transient\_%' AND
+			a.meta_key NOT LIKE '\_site\_transient\_timeout\_%' AND
+			b.meta_key = CONCAT( '_site_transient_timeout_', SUBSTRING( a.meta_key, 17 ) )
+			AND b.meta_value < $time");
+	}
+
 	// 2.8
 	if ( $wp_current_db_version < 11549 ) {
 		$wpmu_sitewide_plugins = get_site_option( 'wpmu_sitewide_plugins' );
@@ -1978,6 +2112,22 @@ function pre_schema_upgrade() {
 		$wpdb->query("ALTER TABLE $wpdb->options DROP INDEX option_name");
 	}

+	// Multisite schema upgrades.
+	if ( $wp_current_db_version < 25448 && is_multisite() && ! defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) && is_main_network() ) {
+
+		// Upgrade verions prior to 3.7
+		if ( $wp_current_db_version < 25179 ) {
+			// New primary key for signups.
+			$wpdb->query( "ALTER TABLE $wpdb->signups ADD signup_id BIGINT(20) NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST" );
+			$wpdb->query( "ALTER TABLE $wpdb->signups DROP INDEX domain" );
+		}
+
+		if ( $wp_current_db_version < 25448 ) {
+			// Convert archived from enum to tinyint.
+			$wpdb->query( "ALTER TABLE $wpdb->blogs CHANGE COLUMN archived archived varchar(1) NOT NULL default '0'" );
+			$wpdb->query( "ALTER TABLE $wpdb->blogs CHANGE COLUMN archived archived tinyint(2) NOT NULL default 0" );
+		}
+	}
 }

 /**
--- a/Show More
+++ b/Show More