Tag 2.0.2

git-svn-id: http://svn.automattic.com/wordpress/tags/2.0.2@3836 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/admin-functions.php

@@ -43,6 +43,12 @@ function write_post() {
 	if ('static' == $_POST['post_status'] && !current_user_can('edit_pages'))
 		die(__('This user cannot edit pages.'));
 
+	if (!isset ($_POST['comment_status']))
+		$_POST['comment_status'] = 'closed';
+
+	if (!isset ($_POST['ping_status']))
+		$_POST['ping_status'] = 'closed';
+
 	if (!empty ($_POST['edit_date'])) {
 		$aa = $_POST['aa'];
 		$mm = $_POST['mm'];
@@ -84,12 +90,12 @@ function relocate_children($old_ID, $new_ID) {
 function fix_attachment_links($post_ID) {
 	global $wp_rewrite;
 
-	$post = & get_post($post_ID);
+	$post = & get_post($post_ID, ARRAY_A);
 
 	$search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie";
 
 	// See if we have any rel="attachment" links
-	if ( 0 == preg_match_all($search, $post->post_content, $anchor_matches, PREG_PATTERN_ORDER) )
+	if ( 0 == preg_match_all($search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER) )
 		return;
 
 	$i = 0;
@@ -101,9 +107,11 @@ function fix_attachment_links($post_ID) {
 		$id = $id_matches[2];
 
 		// While we have the attachment ID, let's adopt any orphans.
-		$attachment = & get_post($id);
-		if ( ! is_object(get_post($attachment->post_parent)) ) {
-			$attachment->post_parent = $post_ID;
+		$attachment = & get_post($id, ARRAY_A);
+		if ( ! empty($attachment) && ! is_object(get_post($attachment['post_parent'])) ) {
+			$attachment['post_parent'] = $post_ID;
+			// Escape data pulled from DB.
+			$attachment = add_magic_quotes($attachment);
 			wp_update_post($attachment);
 		}
 
@@ -112,7 +120,10 @@ function fix_attachment_links($post_ID) {
 		++$i;
 	}
 
-	$post->post_content = str_replace($post_search, $post_replace, $post->post_content);
+	$post['post_content'] = str_replace($post_search, $post_replace, $post['post_content']);
+
+	// Escape data pulled from DB.
+	$post = add_magic_quotes($post);
 
 	return wp_update_post($post);
 }
@@ -582,7 +593,6 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
 		foreach ($categories as $category) {
 			if ($category->category_parent == $parent) {
 				$category->cat_name = wp_specialchars($category->cat_name);
-				$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
 				$pad = str_repeat('&#8212; ', $level);
 				if ( current_user_can('manage_categories') ) {
 					$edit = "<a href='categories.php?action=edit&amp;cat_ID=$category->cat_ID' class='edit'>".__('Edit')."</a></td>";
@@ -599,7 +609,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
 				$class = ('alternate' == $class) ? '' : 'alternate';
 				echo "<tr id='cat-$category->cat_ID' class='$class'><th scope='row'>$category->cat_ID</th><td>$pad $category->cat_name</td>
 								<td>$category->category_description</td>
-								<td>$count</td>
+								<td>$category->category_count</td>
 								<td>$edit</td>
 								</tr>";
 				cat_rows($category->cat_ID, $level +1, $categories);

wp-admin/admin-header.php

@@ -3,7 +3,8 @@
 if (!isset($_GET["page"])) require_once('admin.php');
 if ( $editing ) {
 	$dbx_js = true;
-	$cat_js = true;
+	if ( current_user_can('manage_categories') )
+		$cat_js = true;
 }
 if ( $list_js || $cat_js )
 	$sack_js = true;

wp-admin/admin.php

@@ -61,7 +61,7 @@ if (isset($_GET['page'])) {
 		}
 		
 		if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page"))
-			die(sprintf(__('Cannot load %s.'), $plugin_page));
+			die(sprintf(__('Cannot load %s.'), htmlentities($plugin_page)));
 
 		if (! isset($_GET['noheader']))
 			require_once(ABSPATH . '/wp-admin/admin-header.php');

wp-admin/edit-pages.php

@@ -43,7 +43,7 @@ if ($posts) {
 if ( isset($_GET['s']) ) {
 foreach ( $posts as $post ) : 
 	$class = ('alternate' != $class) ? 'alternate' : ''; ?>
-  <tr id='page-<?php echo $id; ?>' class='<?php echo $class; ?>'> 
+  <tr id='page-<?php echo $post->ID; ?>' class='<?php echo $class; ?>'> 
     <th scope="row"><?php echo $post->ID; ?></th> 
     <td>
       <?php echo $pad; ?><?php the_title() ?> 
@@ -51,8 +51,8 @@ foreach ( $posts as $post ) :
     <td><?php the_author() ?></td>
     <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 
 	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$post->ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
   </tr>
 <?php
 endforeach;

wp-admin/import/blogger.php

@@ -599,6 +599,8 @@ class Blogger_Import {
 		}
 		
 		if ( isset($_GET['noheader']) ) {
+			header('Content-Type: text/html; charset=utf-8');
+
 			$this->import = get_settings('import-blogger');
 
 			if ( false === $this->import ) {

wp-admin/list-manipulation.php

@@ -23,7 +23,7 @@ case 'delete-link' :
 	if ( !current_user_can('manage_links') )
 		die ('-1');
 
-	if ( $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$id'") )
+	if ( wp_delete_link($id) ) 
 		die('1');
 	else	die('0');
 	break;

wp-admin/menu-header.php

@@ -52,4 +52,10 @@ endforeach;
 ?>
 
 </ul>
-<?php endif; ?>
+<?php
+
+endif; 
+
+do_action('admin_notices');
+
+?>

wp-admin/post.php

@@ -30,7 +30,8 @@ $editing = true;
 
 switch($action) {
 case 'post':
-
+	check_admin_referer();
+	
 	$post_ID = write_post();
 
 	// Redirect.
@@ -86,6 +87,8 @@ case 'edit':
 	break;
 
 case 'editattachment':
+	check_admin_referer();
+
 	$post_id = (int) $_POST['post_ID'];
 
 	// Don't let these be changed
@@ -102,6 +105,8 @@ case 'editattachment':
 		add_post_meta($post_id, '_wp_attachment_metadata', $newmeta);
 
 case 'editpost':
+	check_admin_referer();
+	
 	$post_ID = edit_post();
 
 	if ($_POST['save']) {

wp-admin/user-edit.php

@@ -32,6 +32,8 @@ break;
 
 case 'update':
 
+check_admin_referer();
+
 $errors = array();
 
 if (!current_user_can('edit_users'))

wp-comments-post.php

@@ -48,16 +48,17 @@ if ( '' == $comment_content )
 
 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');
 
-wp_new_comment( $commentdata );
+$comment_id = wp_new_comment( $commentdata );
 
 if ( !$user_ID ) :
-	setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie('comment_author_url_' . COOKIEHASH, stripslashes($comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+	$comment = get_comment($comment_id);
+	setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+	setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+	setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
 endif;
 
 $location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; 
 
 wp_redirect( $location );
 
-?>
+?>

wp-includes/classes.php

@@ -654,7 +654,7 @@ class WP_Query {
 		$this->posts = $wpdb->get_results($this->request);
 
 		// Check post status to determine if post should be displayed.
-		if ($this->is_single) {
+		if ( !empty($this->posts) && $this->is_single ) {
 			$status = get_post_status($this->posts[0]);
 			if ( ('publish' != $status) && ('static' != $status) ) {
 				if ( ! (isset($user_ID) && ('' != intval($user_ID))) ) {
@@ -1321,7 +1321,7 @@ class WP_Rewrite {
 		$root_rewrite = apply_filters('root_rewrite_rules', $root_rewrite);
 
 		// Comments
-		$comments_rewrite = $this->generate_rewrite_rules($this->root . $this->comments_base, true, true, true);
+		$comments_rewrite = $this->generate_rewrite_rules($this->root . $this->comments_base, true, true, true, false);
 		$comments_rewrite = apply_filters('comments_rewrite_rules', $comments_rewrite);
 
 		// Search

wp-includes/comment-functions.php

@@ -7,9 +7,25 @@ function comments_template( $file = '/comments.php' ) {
 
 	if ( is_single() || is_page() || $withcomments ) :
 		$req = get_settings('require_name_email');
-		$comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : '';
-		$comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : '';
-		$comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : '';
+		$comment_author = '';
+		if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
+			$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
+			$comment_author = stripslashes($comment_author);
+			$comment_author = wp_specialchars($comment_author, true);
+		}
+		$comment_author_email = '';
+		if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
+			$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
+			$comment_author_email = stripslashes($comment_author_email);
+			$comment_author_email = wp_specialchars($comment_author_email, true);		
+		}
+		$comment_author_url = '';
+		if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
+			$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
+			$comment_author_url = stripslashes($comment_author_url);
+			$comment_author_url = wp_specialchars($comment_author_url, true);		
+		}
+
 	if ( empty($comment_author) ) {
 		$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
 	} else {

wp-includes/functions.php

@@ -71,10 +71,10 @@ function date_i18n($dateformatstring, $unixtimestamp) {
 		$dateweekday = $weekday[date('w', $i)];
 		$dateweekday_abbrev = $weekday_abbrev[$dateweekday];
 		$dateformatstring = ' '.$dateformatstring;
-		$dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit($dateweekday_abbrev), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit($datemonth_abbrev), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])D/", "\${1}".backslashit($dateweekday_abbrev), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])F/", "\${1}".backslashit($datemonth), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])l/", "\${1}".backslashit($dateweekday), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])M/", "\${1}".backslashit($datemonth_abbrev), $dateformatstring);
 		$dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1);
 	}
 	$j = @date($dateformatstring, $i);

wp-includes/js/tinymce/langs/en.js

@@ -1,22 +1,30 @@
 // UK lang variables
 
-tinyMCELang['lang_bold_desc'] = 'Bold (Alt+b)';
-tinyMCELang['lang_italic_desc'] = 'Italic (Alt+i)';
+if (navigator.userAgent.indexOf('Mac OS') != -1) {
+// Mac OS browsers use Ctrl to hit accesskeys
+	var metaKey = 'Ctrl';
+}
+else {
+	var metaKey = 'Alt';
+}
+
+tinyMCELang['lang_bold_desc'] = 'Bold (' + metaKey + '+b)';
+tinyMCELang['lang_italic_desc'] = 'Italic (' + metaKey + '+i)';
 tinyMCELang['lang_underline_desc'] = 'Underline';
-tinyMCELang['lang_striketrough_desc'] = 'Striketrough (Alt-d)';
-tinyMCELang['lang_justifyleft_desc'] = 'Align left (Alt-f)';
-tinyMCELang['lang_justifycenter_desc'] = 'Align center (Alt-c)';
-tinyMCELang['lang_justifyright_desc'] = 'Align right (Alt-r)';
+tinyMCELang['lang_striketrough_desc'] = 'Striketrough (' + metaKey + '-d)';
+tinyMCELang['lang_justifyleft_desc'] = 'Align left (' + metaKey + '-f)';
+tinyMCELang['lang_justifycenter_desc'] = 'Align center (' + metaKey + '-c)';
+tinyMCELang['lang_justifyright_desc'] = 'Align right (' + metaKey + '-r)';
 tinyMCELang['lang_justifyfull_desc'] = 'Align full';
-tinyMCELang['lang_bullist_desc'] = 'Unordered list (Alt-l)';
-tinyMCELang['lang_numlist_desc'] = 'Ordered list (Alt-o)';
-tinyMCELang['lang_outdent_desc'] = 'Outdent (Alt-w)';
-tinyMCELang['lang_indent_desc'] = 'Indent/Blockquote (Alt-q)';
-tinyMCELang['lang_undo_desc'] = 'Undo (Alt-u)';
-tinyMCELang['lang_redo_desc'] = 'Redo (Alt-y)';
-tinyMCELang['lang_link_desc'] = 'Insert/edit link (Alt-a)';
-tinyMCELang['lang_unlink_desc'] = 'Unlink (Alt-s)';
-tinyMCELang['lang_image_desc'] = 'Insert/edit image (Alt-m)';
+tinyMCELang['lang_bullist_desc'] = 'Unordered list (' + metaKey + '-l)';
+tinyMCELang['lang_numlist_desc'] = 'Ordered list (' + metaKey + '-o)';
+tinyMCELang['lang_outdent_desc'] = 'Outdent (' + metaKey + '-w)';
+tinyMCELang['lang_indent_desc'] = 'Indent/Blockquote (' + metaKey + '-q)';
+tinyMCELang['lang_undo_desc'] = 'Undo (' + metaKey + '-u)';
+tinyMCELang['lang_redo_desc'] = 'Redo (' + metaKey + '-y)';
+tinyMCELang['lang_link_desc'] = 'Insert/edit link (' + metaKey + '-a)';
+tinyMCELang['lang_unlink_desc'] = 'Unlink (' + metaKey + '-s)';
+tinyMCELang['lang_image_desc'] = 'Insert/edit image (' + metaKey + '-m)';
 tinyMCELang['lang_cleanup_desc'] = 'Cleanup messy code';
 tinyMCELang['lang_focus_alert'] = 'A editor instance must be focused before using this command.';
 tinyMCELang['lang_edit_confirm'] = 'Do you want to use the WYSIWYG mode for this textarea?';

wp-includes/js/tinymce/plugins/wordpress/langs/en.js

@@ -1,7 +1,15 @@
 // EN lang variables
 
+if (navigator.userAgent.indexOf('Mac OS') != -1) {
+// Mac OS browsers use Ctrl to hit accesskeys
+	var metaKey = 'Ctrl';
+}
+else {
+	var metaKey = 'Alt';
+}
+
 tinyMCE.addToLang('',{
-wordpress_more_button : 'Split post with More tag (Alt-t)',
+wordpress_more_button : 'Split post with More tag (' + metaKey + '-t)',
 wordpress_page_button : 'Split post with Page tag',
 wordpress_more_alt : 'More...',
 wordpress_page_alt : '...page...'

wp-includes/js/tinymce/tiny_mce_gzip.php

@@ -76,15 +76,32 @@
 
 	// Load theme, language pack and theme language packs
 	$theme = apply_filters('mce_theme', 'advanced');
+
 	echo wp_compact_tinymce_js(file_get_contents(realpath("themes/" . $theme . "/editor_template.js")));
-	echo wp_translate_tinymce_lang(file_get_contents(realpath("themes/" . $theme . "/langs/en.js")));
-	echo wp_translate_tinymce_lang(file_get_contents(realpath("langs/en.js")));
+
+	// Get the WordPress locale
+	$locale = get_locale();
+
+	$themeLanguageFile = realpath("themes/" . $theme . "/langs/" . $locale . ".js");
+
+	if (!file_exists($themeLanguageFile))
+		$themeLanguageFile = realpath("themes/" . $theme . "/langs/en.js");
+	echo wp_translate_tinymce_lang(file_get_contents($themeLanguageFile));
+
+	$tinymceLanguageFile = realpath("langs/" . $locale . ".js");
+
+	if (!file_exists($tinymceLanguageFile))
+		$tinymceLanguageFile = realpath("langs/en.js");
+	echo wp_translate_tinymce_lang(file_get_contents($tinymceLanguageFile));
 
 	// Load all plugins and their language packs
-	$plugins = apply_filters('mce_plugins', array('wordpress', 'autosave', 'wphelp'));
+	$plugins = apply_filters('mce_plugins', array('wordpress', 'autosave','wphelp'));
+
 	foreach ($plugins as $plugin) {
 		$pluginFile = realpath("plugins/" . $plugin . "/editor_plugin.js");
-		$languageFile = realpath("plugins/" . $plugin . "/langs/en.js");
+		$languageFile = realpath("plugins/" . $plugin . "/langs/" . $locale . ".js");
+		if (!file_exists($languageFile))
+			$languageFile = realpath("plugins/" . $plugin . "/langs/en.js");
 
 		if ($pluginFile)
 			echo file_get_contents($pluginFile);
@@ -105,7 +122,7 @@
 			. 'title[dir<ltr?rtl|lang],tr[abbr|align<center?char?justify?left?right|bgcolor|char|charoff|class|rowspan|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title|valign<baseline?bottom?middle?top],tt[class|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title],u[class|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title],ul[class|compact<compact|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title|type],var[class|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title]';
 	else // Use a much smaller set
 		$valid_elements = '-a[id|href|title|rel],-strong/b,-em/i,-strike,-del,-u,p[class|align|dir],-ol,-ul,-li,br,img[class|src|alt|title|width|height|align],-sub,-sup,-blockquote[dir],-table[border|cellspacing|cellpadding|width|height|class|align|dir],thead[class|rowspan|width|height|align|valign|dir],tr[class|rowspan|width|height|align|valign|dir],th[dir|class|colspan|rowspan|width|height|align|valign|scope],td[dir|class|colspan|rowspan|width|height|align|valign],-div[dir|class|align],-span[class|align],-pre[class],-code[class],-address,-h1[class|align|dir],-h2[class|align|dir],-h3[class|align|dir],-h4[class|align|dir],-h5[class|align|dir],-h6[class|align|dir],hr';
-	$valid_elements = apply_filters('mce_valid_elements', $valid_elements); 
+	$valid_elements = apply_filters('mce_valid_elements', $valid_elements);
 	$plugins = implode($plugins, ',');
 	$mce_buttons = apply_filters('mce_buttons', array('bold', 'italic', 'strikethrough', 'separator', 'bullist', 'numlist', 'outdent', 'indent', 'separator', 'justifyleft', 'justifycenter', 'justifyright' ,'separator', 'link', 'unlink', 'image', 'wordpress', 'separator', 'undo', 'redo', 'code', 'wphelp'));
 	$mce_buttons = implode($mce_buttons, ',');
@@ -140,6 +157,7 @@ initArray = {
 	convert_newlines_to_brs : false,
 	remove_linebreaks : true,
 	save_callback : "wp_save_callback",
+	document_base_url : "<?php echo trailingslashit(get_bloginfo('home')); ?>",
 	valid_elements : "<?php echo $valid_elements; ?>",
 <?php do_action('mce_options'); ?>
 	plugins : "<?php echo $plugins; ?>"

wp-includes/template-functions-general.php

@@ -482,7 +482,8 @@ function get_calendar($daylength = 1) {
 
 	if ( $previous ) {
 		echo "\n\t\t".'<td abbr="' . $month[zeroise($previous->month, 2)] . '" colspan="3" id="prev"><a href="' .
-		get_month_link($previous->year, $previous->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $month[zeroise($previous->month, 2)], date('Y', mktime(0, 0 , 0, $previous->month, 1, $previous->year))) . '">&laquo; ' . $month_abbrev[$month[zeroise($previous->month, 2)]] . '</a></td>';
+		get_month_link($previous->year, $previous->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $month[zeroise($previous->month, 2)],
+			date('Y', mktime(0, 0 , 0, $previous->month, 1, $previous->year))) . '">&laquo; ' . $month_abbrev[$month[zeroise($previous->month, 2)]] . '</a></td>';
 	} else {
 		echo "\n\t\t".'<td colspan="3" id="prev" class="pad">&nbsp;</td>';
 	}
@@ -491,8 +492,8 @@ function get_calendar($daylength = 1) {
 
 	if ( $next ) {
 		echo "\n\t\t".'<td abbr="' . $month[zeroise($next->month, 2)] . '" colspan="3" id="next"><a href="' .
-		get_month_link($next->year, $next->month) . '" title="View posts for ' . $month[zeroise($next->month, 2)] . ' ' .
-		date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year)) . '">' . $month_abbrev[$month[zeroise($next->month, 2)]] . ' &raquo;</a></td>';
+		get_month_link($next->year, $next->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $month[zeroise($next->month, 2)],
+			date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) . '">' . $month_abbrev[$month[zeroise($next->month, 2)]] . ' &raquo;</a></td>';
 	} else {
 		echo "\n\t\t".'<td colspan="3" id="next" class="pad">&nbsp;</td>';
 	}

wp-includes/template-functions-links.php

@@ -205,13 +205,10 @@ function get_feed_link($feed='rss2') {
 }
 
 function edit_post_link($link = 'Edit This', $before = '', $after = '') {
-	global $user_ID, $post;
+	global $post;
 
-	get_currentuserinfo();
-
-	if ( !user_can_edit_post($user_ID, $post->ID) ) {
+	if ( ! current_user_can('edit_post', $post->ID) )
 		return;
-	}
 
 	if ( is_attachment() )
 		return;
@@ -223,11 +220,9 @@ function edit_post_link($link = 'Edit This', $before = '', $after = '') {
 }
 
 function edit_comment_link($link = 'Edit This', $before = '', $after = '') {
-	global $user_ID, $post, $comment;
+	global $post, $comment;
 
-	get_currentuserinfo();
-
-	if ( !user_can_edit_post_comments($user_ID, $post->ID) )
+	if ( ! current_user_can('edit_post', $post->ID) )
 		return;
 
 	$location = get_settings('siteurl') . "/wp-admin/post.php?action=editcomment&comment=$comment->comment_ID";

wp-includes/version.php

@@ -2,7 +2,7 @@
 
 // This just holds the version number, in a separate file so we can bump it without cluttering the SVN
 
-$wp_version = '2.0.1';
+$wp_version = '2.0.2';
 $wp_db_version = 3437;
 
-?>
+?>

wp-register.php

@@ -25,10 +25,13 @@ case 'register':
 		$errors['user_email'] = __('<strong>ERROR</strong>: Please type your e-mail address.');
 	} else if (!is_email($user_email)) {
 		$errors['user_email'] = __('<strong>ERROR</strong>: The email address isn&#8217;t correct.');
+		$user_email = '';
 	}
 
-	if ( ! validate_username($user_login) )
+	if ( ! validate_username($user_login) ) {
 		$errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.');
+		$user_login = '';
+	}
 
 	if ( username_exists( $user_login ) )
 		$errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');
@@ -67,9 +70,9 @@ case 'register':
 
 <div id="login"> 
 	<h2><?php _e('Registration Complete') ?></h2>
-	<p><?php printf(__('Username: %s'), "<strong>$user_login</strong>") ?><br />
+	<p><?php printf(__('Username: %s'), "<strong>" . wp_specialchars($user_login) . "</strong>") ?><br />
 	<?php printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>') ?> <br />
-	<?php printf(__('E-mail: %s'), "<strong>$user_email</strong>") ?></p>
+	<?php printf(__('E-mail: %s'), "<strong>" . wp_specialchars($user_email) . "</strong>") ?></p>
 	<p class="submit"><a href="wp-login.php"><?php _e('Login'); ?> &raquo;</a></p>
 </div>
 </body>
@@ -110,8 +113,8 @@ default:
 <?php endif; ?>
 <form method="post" action="wp-register.php" id="registerform">
 	<p><input type="hidden" name="action" value="register" />
-	<label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo $user_login; ?>" /><br /></p>
-	<p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo $user_email; ?>" /></p>
+	<label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo wp_specialchars($user_login); ?>" /><br /></p>
+	<p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo wp_specialchars($user_email); ?>" /></p>
 	<p><?php _e('A password will be emailed to you.') ?></p>
 	<p class="submit"><input type="submit" value="<?php _e('Register') ?> &raquo;" id="submit" name="submit" /></p>
 </form>

wp-settings.php

@@ -190,7 +190,6 @@ if ( get_magic_quotes_gpc() ) {
 	$_GET    = stripslashes_deep($_GET   );
 	$_POST   = stripslashes_deep($_POST  );
 	$_COOKIE = stripslashes_deep($_COOKIE);
-	$_SERVER = stripslashes_deep($_SERVER);
 }
 
 // Escape with wpdb.