2.0.4

git-svn-id: http://svn.automattic.com/wordpress/tags/2.0.4@4068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
No magic vals
2006-07-29 02:25:19 +00:00 · 2006-07-29 01:44:58 +00:00 · 2006-07-29 01:38:27 +00:00 · 2006-07-28 23:38:34 +00:00 · 2006-07-28 22:57:58 +00:00 · 2006-07-28 22:09:09 +00:00
108 changed files with 1510 additions and 775 deletions
--- a/wp-admin/admin-db.php
+++ b/wp-admin/admin-db.php
@@ -92,16 +92,19 @@ function wp_insert_category($catarr) {
 	else
 		$update = false;

-	$cat_name = wp_specialchars($cat_name);
-
+	$cat_name = apply_filters('pre_category_name', $cat_name);
+	
 	if (empty ($category_nicename))
 		$category_nicename = sanitize_title($cat_name);
 	else
 		$category_nicename = sanitize_title($category_nicename);
+	$category_nicename = apply_filters('pre_category_nicename', $category_nicename);

 	if (empty ($category_description))
 		$category_description = '';
+	$category_description = apply_filters('pre_category_description', $category_description);

+	$category_parent = (int) $category_parent;
 	if (empty ($category_parent))
 		$category_parent = 0;

@@ -153,7 +156,7 @@ function wp_delete_category($cat_ID) {
 	$cat_ID = (int) $cat_ID;

 	// Don't delete the default cat.
-	if (1 == $cat_ID)
+	if ($cat_ID == get_option('default_category'))
 		return 0;

 	$category = get_category($cat_ID);
@@ -167,7 +170,8 @@ function wp_delete_category($cat_ID) {
 	$wpdb->query("UPDATE $wpdb->categories SET category_parent = '$parent' WHERE category_parent = '$cat_ID'");

 	// TODO: Only set categories to general if they're not in another category already
-	$wpdb->query("UPDATE $wpdb->post2cat SET category_id='1' WHERE category_id='$cat_ID'");
+	$default_cat = get_option('default_category');
+	$wpdb->query("UPDATE $wpdb->post2cat SET category_id='$default_cat' WHERE category_id='$cat_ID'");

 	wp_cache_delete($cat_ID, 'category');
 	wp_cache_delete('all_category_ids', 'category');
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@@ -43,6 +43,12 @@ function write_post() {
 	if ('static' == $_POST['post_status'] && !current_user_can('edit_pages'))
 		die(__('This user cannot edit pages.'));

+	if (!isset ($_POST['comment_status']))
+		$_POST['comment_status'] = 'closed';
+
+	if (!isset ($_POST['ping_status']))
+		$_POST['ping_status'] = 'closed';
+
 	if (!empty ($_POST['edit_date'])) {
 		$aa = $_POST['aa'];
 		$mm = $_POST['mm'];
@@ -84,12 +90,12 @@ function relocate_children($old_ID, $new_ID) {
 function fix_attachment_links($post_ID) {
 	global $wp_rewrite;

-	$post = & get_post($post_ID);
+	$post = & get_post($post_ID, ARRAY_A);

 	$search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie";

 	// See if we have any rel="attachment" links
-	if ( 0 == preg_match_all($search, $post->post_content, $anchor_matches, PREG_PATTERN_ORDER) )
+	if ( 0 == preg_match_all($search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER) )
 		return;

 	$i = 0;
@@ -101,9 +107,11 @@ function fix_attachment_links($post_ID) {
 		$id = $id_matches[2];

 		// While we have the attachment ID, let's adopt any orphans.
-		$attachment = & get_post($id);
-		if ( ! is_object(get_post($attachment->post_parent)) ) {
-			$attachment->post_parent = $post_ID;
+		$attachment = & get_post($id, ARRAY_A);
+		if ( ! empty($attachment) && ! is_object(get_post($attachment['post_parent'])) ) {
+			$attachment['post_parent'] = $post_ID;
+			// Escape data pulled from DB.
+			$attachment = add_magic_quotes($attachment);
 			wp_update_post($attachment);
 		}

@@ -112,7 +120,10 @@ function fix_attachment_links($post_ID) {
 		++$i;
 	}

-	$post->post_content = str_replace($post_search, $post_replace, $post->post_content);
+	$post['post_content'] = str_replace($post_search, $post_replace, $post['post_content']);
+
+	// Escape data pulled from DB.
+	$post = add_magic_quotes($post);

 	return wp_update_post($post);
 }
@@ -350,7 +361,7 @@ function edit_user($user_id = 0) {
 	if (isset ($_POST['pass2']))
 		$pass2 = $_POST['pass2'];

-	if (isset ($_POST['role'])) {
+	if (isset ($_POST['role']) && current_user_can('edit_users')) {
 		if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
 			$user->role = $_POST['role'];
 	}
@@ -512,7 +523,7 @@ function checked($checked, $current) {

 function return_categories_list($parent = 0) {
 	global $wpdb;
-	return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC LIMIT 100");
+	return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC");
 }

 function sort_cats($cat1, $cat2) {
@@ -582,14 +593,13 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
 		foreach ($categories as $category) {
 			if ($category->category_parent == $parent) {
 				$category->cat_name = wp_specialchars($category->cat_name);
-				$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
 				$pad = str_repeat('&#8212; ', $level);
 				if ( current_user_can('manage_categories') ) {
 					$edit = "<a href='categories.php?action=edit&amp;cat_ID=$category->cat_ID' class='edit'>".__('Edit')."</a></td>";
 					$default_cat_id = get_option('default_category');
-					
+
 					if ($category->cat_ID != $default_cat_id)
-						$edit .= "<td><a href='categories.php?action=delete&amp;cat_ID=$category->cat_ID' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '".sprintf(__("You are about to delete the category &quot;%s&quot;.  All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>";
+						$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category &quot;%s&quot;.  All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape($category->cat_name))."' );\" class='delete'>".__('Delete')."</a>";
 					else
 						$edit .= "<td style='text-align:center'>".__("Default");
 				}
@@ -599,7 +609,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
 				$class = ('alternate' == $class) ? '' : 'alternate';
 				echo "<tr id='cat-$category->cat_ID' class='$class'><th scope='row'>$category->cat_ID</th><td>$pad $category->cat_name</td>
 								<td>$category->category_description</td>
-								<td>$count</td>
+								<td>$category->category_count</td>
 								<td>$edit</td>
 								</tr>";
 				cat_rows($category->cat_ID, $level +1, $categories);
@@ -633,7 +643,7 @@ function page_rows($parent = 0, $level = 0, $pages = 0) {
    <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 
 	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $id) .  "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
  </tr> 

 <?php
@@ -1204,6 +1214,7 @@ function user_can_access_admin_page() {
 	global $pagenow;
 	global $menu;
 	global $submenu;
+	global $plugin_page;

 	$parent = get_admin_page_parent();

@@ -1219,15 +1230,23 @@ function user_can_access_admin_page() {
 	}

 	if (isset ($submenu[$parent])) {
-		foreach ($submenu[$parent] as $submenu_array) {
-			if ($submenu_array[2] == $pagenow) {
-				if (!current_user_can($submenu_array[1])) {
-					return false;
-				} else {
-					return true;
+		if ( isset($plugin_page) ) {
+			foreach ($submenu[$parent] as $submenu_array) {
+				if ( $submenu_array[2] == $plugin_page ) {
+					if (!current_user_can($submenu_array[1]))
+						return false;
 				}
 			}
 		}
+
+		foreach ($submenu[$parent] as $submenu_array) {		
+			if ($submenu_array[2] == $pagenow) {
+				if (!current_user_can($submenu_array[1]))
+					return false;
+				else
+					return true;
+			}
+		}
 	}

 	return true;
@@ -1472,23 +1491,23 @@ function get_plugin_data($plugin_file) {
 	preg_match("|Author:(.*)|i", $plugin_data, $author_name);
 	preg_match("|Author URI:(.*)|i", $plugin_data, $author_uri);
 	if (preg_match("|Version:(.*)|i", $plugin_data, $version))
-		$version = $version[1];
+		$version = trim($version[1]);
 	else
 		$version = '';

-	$description = wptexturize($description[1]);
+	$description = wptexturize(trim($description[1]));

 	$name = $plugin_name[1];
 	$name = trim($name);
 	$plugin = $name;
 	if ('' != $plugin_uri[1] && '' != $name) {
-		$plugin = '<a href="'.$plugin_uri[1].'" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
+		$plugin = '<a href="' . trim($plugin_uri[1]) . '" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
 	}

 	if ('' == $author_uri[1]) {
-		$author = $author_name[1];
+		$author = trim($author_name[1]);
 	} else {
-		$author = '<a href="'.$author_uri[1].'" title="'.__('Visit author homepage').'">'.$author_name[1].'</a>';
+		$author = '<a href="' . trim($author_uri[1]) . '" title="'.__('Visit author homepage').'">' . trim($author_name[1]) . '</a>';
 	}

 	return array ('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1]);
@@ -1654,45 +1673,6 @@ function wp_handle_upload(&$file, $overrides = false) {
 		__("Missing a temporary folder."),
 		__("Failed to write file to disk."));

-	// Accepted MIME types are set here as PCRE. Override with $override['mimes'].
-	$mimes = apply_filters('upload_mimes', array (
-		'jpg|jpeg|jpe' => 'image/jpeg',
-		'gif' => 'image/gif',
-		'png' => 'image/png',
-		'bmp' => 'image/bmp',
-		'tif|tiff' => 'image/tiff',
-		'ico' => 'image/x-icon',
-		'asf|asx|wax|wmv|wmx' => 'video/asf',
-		'avi' => 'video/avi',
-		'mov|qt' => 'video/quicktime',
-		'mpeg|mpg|mpe' => 'video/mpeg',
-		'txt|c|cc|h' => 'text/plain',
-		'rtx' => 'text/richtext',
-		'css' => 'text/css',
-		'htm|html' => 'text/html',
-		'mp3|mp4' => 'audio/mpeg',
-		'ra|ram' => 'audio/x-realaudio',
-		'wav' => 'audio/wav',
-		'ogg' => 'audio/ogg',
-		'mid|midi' => 'audio/midi',
-		'wma' => 'audio/wma',
-		'rtf' => 'application/rtf',
-		'js' => 'application/javascript',
-		'pdf' => 'application/pdf',
-		'doc' => 'application/msword',
-		'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
-		'wri' => 'application/vnd.ms-write',
-		'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
-		'mdb' => 'application/vnd.ms-access',
-		'mpp' => 'application/vnd.ms-project',
-		'swf' => 'application/x-shockwave-flash',
-		'class' => 'application/java',
-		'tar' => 'application/x-tar',
-		'zip' => 'application/zip',
-		'gz|gzip' => 'application/x-gzip',
-		'exe' => 'application/x-msdownload'
-	));
-
 	// All tests are on by default. Most can be turned off by $override[{test_name}] = false;
 	$test_form = true;
 	$test_size = true;
@@ -1720,17 +1700,11 @@ function wp_handle_upload(&$file, $overrides = false) {
 	if (! @ is_uploaded_file($file['tmp_name']) )
 		return $upload_error_handler($file, __('Specified file failed upload test.'));

-	// A correct MIME type will pass this test.
+	// A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter.
 	if ( $test_type ) {
-		$type = false;
-		$ext = false;
-		foreach ($mimes as $ext_preg => $mime_match) {
-			$ext_preg = '![^.]\.(' . $ext_preg . ')$!i';
-			if ( preg_match($ext_preg, $file['name'], $ext_matches) ) {
-				$type = $mime_match;
-				$ext = $ext_matches[1];
-			}
-		}
+		$wp_filetype = wp_check_filetype($file['name'], $mimes);
+
+		extract($wp_filetype);

 		if ( !$type || !$ext )
 			return $upload_error_handler($file, __('File type does not meet security guidelines. Try another.'));
@@ -1757,6 +1731,8 @@ function wp_handle_upload(&$file, $overrides = false) {
 			else
 				$filename = str_replace("$number$ext", ++$number . $ext, $filename);
 		}
+		$filename = str_replace($ext, '', $filename);
+		$filename = sanitize_title_with_dashes($filename) . $ext;
 	}

 	// Move the file to the uploads dir
@@ -1798,7 +1774,7 @@ o.action.value = 'view';
 o.submit();
 }
 </script>
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo $action ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo $action ?>">
 <label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
 <input type="hidden" name="action" value="save" />
 <div id="buttons">
--- a/wp-admin/admin-header.php
+++ b/wp-admin/admin-header.php
@@ -3,7 +3,8 @@
 if (!isset($_GET["page"])) require_once('admin.php');
 if ( $editing ) {
 	$dbx_js = true;
-	$cat_js = true;
+	if ( current_user_can('manage_categories') )
+		$cat_js = true;
 }
 if ( $list_js || $cat_js )
 	$sack_js = true;
--- a/wp-admin/admin.php
+++ b/wp-admin/admin.php
@@ -17,7 +17,7 @@ nocache_headers();

 update_category_cache();

-get_currentuserinfo();
+wp_get_current_user();

 $posts_per_page = get_settings('posts_per_page');
 $what_to_show = get_settings('what_to_show');
@@ -42,12 +42,15 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {

 $xfn_js = $sack_js = $list_js = $cat_js = $dbx_js = $editing = false;

-require(ABSPATH . '/wp-admin/menu.php');
-
-// Handle plugin admin pages.
 if (isset($_GET['page'])) {
 	$plugin_page = stripslashes($_GET['page']);
 	$plugin_page = plugin_basename($plugin_page);
+}
+
+require(ABSPATH . '/wp-admin/menu.php');
+
+// Handle plugin admin pages.
+if (isset($plugin_page)) {
 	$page_hook = get_plugin_page_hook($plugin_page, $pagenow);

 	if ( $page_hook ) {
@@ -61,7 +64,7 @@ if (isset($_GET['page'])) {
 		}
 		
 		if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page"))
-			die(sprintf(__('Cannot load %s.'), $plugin_page));
+			die(sprintf(__('Cannot load %s.'), htmlentities($plugin_page)));

 		if (! isset($_GET['noheader']))
 			require_once(ABSPATH . '/wp-admin/admin-header.php');
@@ -76,6 +79,9 @@ if (isset($_GET['page'])) {
 	
 	$importer = $_GET['import'];

+	if ( ! current_user_can('import') )
+		wp_die(__('You are not allowed to import.'));
+
 	if ( validate_file($importer) ) {
 		die(__('Invalid importer.'));
 	}
--- a/wp-admin/cat-js.php
+++ b/wp-admin/cat-js.php
@@ -144,9 +144,9 @@ function ajaxNewCat() {
 	var split_cats = new Array(1);
 	var catString = '';

-	catString = 'ajaxnewcat=' + encodeURIComponent(newcat.value);
+	catString = ajaxCat.encVar('ajaxnewcat', newcat.value) + '&' + ajaxCat.encVar('cookie', document.cookie);
 	ajaxCat.requestFile = 'edit-form-ajax-cat.php';
-	ajaxCat.method = 'GET';
+	ajaxCat.method = 'POST';
 	ajaxCat.onLoading = newCatLoading;
 	ajaxCat.onLoaded = newCatLoaded;
 	ajaxCat.onInteractive = newCatInteractive;
@@ -175,4 +175,4 @@ function myPload( str ) {
 	if ( currentElement != "" )
 		fixedExplode[count] = currentElement;
 	return fixedExplode;
-}
+}
--- a/wp-admin/categories.php
+++ b/wp-admin/categories.php
@@ -25,30 +25,32 @@ switch($action) {

 case 'addcat':

+	check_admin_referer('add-category');
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));
 	
 	wp_insert_category($_POST);

-	header('Location: categories.php?message=1#addcat');
+	wp_redirect('categories.php?message=1#addcat');
 break;

 case 'delete':
-
-	check_admin_referer();
+	$cat_ID = (int) $_GET['cat_ID'];
+	check_admin_referer('delete-category_' .  $cat_ID);

 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));

-	$cat_ID = (int) $_GET['cat_ID'];
 	$cat_name = get_catname($cat_ID);

-	if ( 1 == $cat_ID )
+	// Don't delete the default cats.
+	if ( $cat_ID == get_option('default_category') )
 		die(sprintf(__("Can't delete the <strong>%s</strong> category: this is the default one"), $cat_name));

 	wp_delete_category($cat_ID);

-	header('Location: categories.php?message=2');
+	wp_redirect('categories.php?message=2');

 break;

@@ -62,6 +64,7 @@ case 'edit':
 <div class="wrap">
 <h2><?php _e('Edit Category') ?></h2>
 <form name="editcat" action="categories.php" method="post">
+	  <?php wp_nonce_field('update-category_' .  $category->cat_ID); ?>
 	  <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 		<tr>
 		  <th width="33%" scope="row"><?php _e('Category name:') ?></th>
@@ -94,12 +97,15 @@ case 'edit':
 break;

 case 'editedcat':
+	$cat_ID = (int) $_POST['cat_ID'];
+	check_admin_referer('update-category_' . $cat_ID);
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));
 	
 	wp_update_category($_POST);

-	header('Location: categories.php?message=3');
+	wp_redirect('categories.php?message=3');
 break;

 default:
@@ -146,7 +152,7 @@ cat_rows();
 <div class="wrap">
    <h2><?php _e('Add New Category') ?></h2>
    <form name="addcat" id="addcat" action="categories.php" method="post">
-        
+    <?php wp_nonce_field('add-category'); ?>
        <p><?php _e('Name:') ?><br />
        <input type="text" name="cat_name" value="" /></p>
        <p><?php _e('Category parent:') ?><br />
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -39,6 +39,8 @@ function checkAll(form)
 <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
 <?php
 if ( !empty( $_POST['delete_comments'] ) ) :
+	check_admin_referer('bulk-comments');
+
 	$i = 0;
 	foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
 		$comment = (int) $comment;
@@ -96,13 +98,13 @@ if ('view' == $mode) {
        <p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');  
 			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 				echo " | <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
-				echo " | <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars( $comment->comment_author, 1 ))  . "' );\">" . __('Delete Comment') . "</a> &#8212; ";
+				echo ' | <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
 			} // end if any comments to show
 			// Get post title
 			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 				$post_title = $wpdb->get_var("SELECT post_title FROM $wpdb->posts WHERE ID = $comment->comment_post_ID");
 				$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
-				?> <a href="post.php?action=edit&amp;post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post &#8220;%s&#8221;'), stripslashes($post_title)); ?></a>
+				?> | <a href="post.php?action=edit&amp;post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post &#8220;%s&#8221;'), stripslashes($post_title)); ?></a>
 				<?php } ?>
 			 | <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a></p>
 		</li>
@@ -124,8 +126,9 @@ if ('view' == $mode) {
 } elseif ('edit' == $mode) {

 	if ($comments) {
-		echo '<form name="deletecomments" id="deletecomments" action="" method="post"> 
-		<table width="100%" cellpadding="3" cellspacing="3">
+		echo '<form name="deletecomments" id="deletecomments" action="" method="post"> ';
+		wp_nonce_field('bulk-comments');
+		echo '<table width="100%" cellpadding="3" cellspacing="3">
  <tr>
    <th scope="col">*</th>
    <th scope="col">' .  __('Name') . '</th>
@@ -148,13 +151,13 @@ if ('view' == $mode) {
    <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 	echo "<a href='post.php?action=editcomment&amp;comment=$comment->comment_ID' class='edit'>" .  __('Edit') . "</a>"; } ?></td>
    <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
-            echo "<a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\"    class='delete'>" . __('Delete') . "</a>"; } ?></td>
+            echo "<a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return confirm('" . __("You are about to delete this comment.\\n  \'Cancel\' to stop, \'OK\' to delete.") . "')\"    class='delete'>" . __('Delete') . "</a>"; } ?></td>
  </tr>
 		<?php 
 		} // end foreach
 	?></table>
    <p><a href="javascript:;" onclick="checkAll(document.getElementById('deletecomments')); return false; "><?php _e('Invert Checkbox Selection') ?></a></p>
-            <p class="submit"><input type="submit" name="Submit" value="<?php _e('Delete Checked Comments') ?> &raquo;" onclick="return confirm('<?php _e("You are about to delete these comments permanently \\n  \'Cancel\' to stop, \'OK\' to delete.") ?>')" />	</p>
+            <p class="submit"><input type="submit" name="Submit" value="<?php _e('Delete Checked Comments') ?> &raquo;" onclick="return confirm('<?php _e("You are about to delete these comments permanently.\\n  \'Cancel\' to stop, \'OK\' to delete.") ?>')" />	</p>
  </form>
 <?php
 	} else {
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -22,9 +22,11 @@ if (0 == $post_ID) {
 	$form_action = 'post';
 	$temp_ID = -1 * time();
 	$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
+	wp_nonce_field('add-post');
 } else {
 	$form_action = 'editpost';
 	$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+	wp_nonce_field('update-post_' .  $post_ID);
 }

 $form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
@@ -154,7 +156,7 @@ endforeach;
 </fieldset>

 <script type="text/javascript">
-<!--
+// <![CDATA[
 edCanvas = document.getElementById('content');
 <?php if ( user_can_richedit() ) : ?>
 // This code is meant to allow tabbing from Title to Post (TinyMCE).
@@ -189,7 +191,7 @@ else
 			}
 		}
 <?php endif; ?>
-//-->
+// ]]>
 </script>

 <?php echo $form_pingback ?>
@@ -209,10 +211,10 @@ if ('publish' != $post->post_status || 0 == $post_ID) {
 <input name="referredby" type="hidden" id="referredby" value="<?php 
 if ( !empty($_REQUEST['popupurl']) )
 	echo wp_specialchars($_REQUEST['popupurl']);
-else if ( url_to_postid($_SERVER['HTTP_REFERER']) == $post_ID )
+else if ( url_to_postid(wp_get_referer()) == $post_ID )
 	echo 'redo';
 else
-	echo wp_specialchars($_SERVER['HTTP_REFERER']);
+	echo wp_specialchars(wp_get_referer());
 ?>" /></p>

 <?php do_action('edit_form_advanced'); ?>
@@ -220,7 +222,7 @@ else
 <?php
 if (current_user_can('upload_files')) {
 	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
-	$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
+	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )
 		echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
@@ -229,23 +231,39 @@ if (current_user_can('upload_files')) {

 <div id="advancedstuff" class="dbx-group" >

+<div class="dbx-box-wrapper">
 <fieldset id="postexcerpt" class="dbx-box">
+<div class="dbx-handle-wrapper">
 <h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
 <div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
+</div>
 </fieldset>
+</div>

+<div class="dbx-box-wrapper">
 <fieldset class="dbx-box">
+<div class="dbx-handle-wrapper">
 <h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
 <div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
 <?php 
 if ( ! empty($pings) )
 	echo $pings;
 ?>
 </div>
+</div>
 </fieldset>
+</div>

+<div class="dbx-box-wrapper">
 <fieldset id="postcustom" class="dbx-box">
+<div class="dbx-handle-wrapper">
 <h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
 <div id="postcustomstuff" class="dbx-content">
 <?php 
 if($metadata = has_meta($post_ID)) {
@@ -259,13 +277,14 @@ if($metadata = has_meta($post_ID)) {
 ?>
 </div>
 </fieldset>
+</div>

 <?php do_action('dbx_post_advanced'); ?>

 </div>

-<?php if ('edit' == $action) : ?>
-<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "')\""; ?> />
+<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
+<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>

 </div>
--- a/wp-admin/edit-form-ajax-cat.php
+++ b/wp-admin/edit-form-ajax-cat.php
@@ -3,16 +3,16 @@ require_once('../wp-config.php');
 require_once('admin-functions.php');
 require_once('admin-db.php');

-get_currentuserinfo();
-
 if ( !current_user_can('manage_categories') )
 	die('-1');
+if ( !check_ajax_referer() )
+	die('-1');

 function get_out_now() { exit; }

 add_action('shutdown', 'get_out_now', -1);

-$names = explode(',', rawurldecode($_GET['ajaxnewcat']) );
+$names = explode(',', rawurldecode($_POST['ajaxnewcat']) );
 $ids   = array();

 foreach ($names as $cat_name) {
@@ -34,4 +34,4 @@ $return = join(',', $ids);

 die( (string) $return );

-?>
+?>
--- a/wp-admin/edit-form-comment.php
+++ b/wp-admin/edit-form-comment.php
@@ -6,6 +6,7 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment-
 ?>

 <form name="post" action="post.php" method="post" id="post">
+<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
@@ -88,7 +89,7 @@ else
 </script>

 <p class="submit"><input type="submit" name="editcomment" id="editcomment" value="<?php echo $submitbutton_text ?>" style="font-weight: bold;" tabindex="6" />
-  <input name="referredby" type="hidden" id="referredby" value="<?php echo $_SERVER['HTTP_REFERER']; ?>" />
+  <input name="referredby" type="hidden" id="referredby" value="<?php echo wp_get_referer(); ?>" />
 </p>

 </div>
--- a/wp-admin/edit-form.php
+++ b/wp-admin/edit-form.php
@@ -64,7 +64,7 @@ edCanvas = document.getElementById('content');
 <?php if ('bookmarklet' != $mode) {
      echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
  } ?>
-  <input name="referredby" type="hidden" id="referredby" value="<?php if (isset($_SERVER['HTTP_REFERER'])) echo urlencode($_SERVER['HTTP_REFERER']); ?>" />
+  <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />
 </p>

 <?php do_action('simple_edit_form', ''); ?>
--- a/wp-admin/edit-link-form.php
+++ b/wp-admin/edit-link-form.php
@@ -4,11 +4,13 @@ if ( ! empty($link_id) ) {
 	$heading = __('Edit a link:');
 	$submit_text = __('Save Changes &raquo;');
 	$form = '<form action="" method="post" name="editlink" id="editlink">'; 
+	$nonce_action = 'update-bookmark_' . $link_id;
 } else {
 	$editing = false;
 	$heading = __('<strong>Add</strong> a link:');
 	$submit_text = __('Add Link &raquo;');
 	$form = '<form name="addlink" method="post" action="link-manager.php">';
+	$nonce_action = 'add-bookmark';
 }

 function xfn_check($class, $value = '', $type = 'check') {
@@ -33,6 +35,7 @@ function xfn_check($class, $value = '', $type = 'check') {

 <div class="wrap"> 
  <?php echo $form ?>
+  <?php wp_nonce_field($nonce_action); ?>
  <h2><?php echo $heading ?></h2>
 <fieldset class="options">
    <legend><?php _e('Basics') ?></legend>
@@ -84,7 +87,7 @@ function xfn_check($class, $value = '', $type = 'check') {
                <input class="valinp" type="radio" name="friendship" value="contact" id="contact" <?php xfn_check('friendship', 'contact', 'radio'); ?> /> <?php _e('contact') ?></label>
                <label for="acquaintance">
                <input class="valinp" type="radio" name="friendship" value="acquaintance" id="acquaintance" <?php xfn_check('friendship', 'acquaintance', 'radio'); ?> />  <?php _e('acquaintance') ?></label>
-                <label id="friend">
+                <label for="friend">
                <input class="valinp" type="radio" name="friendship" value="friend" id="friend" <?php xfn_check('friendship', 'friend', 'radio'); ?> /> <?php _e('friend') ?></label>
                <label for="friendship">
                <input name="friendship" type="radio" class="valinp" value="" id="friendship" <?php xfn_check('friendship', '', 'radio'); ?> /> <?php _e('none') ?></label>
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@@ -5,14 +5,16 @@
 <?php
 if (0 == $post_ID) {
 	$form_action = 'post';
+	$nonce_action = 'add-post';
 	$temp_ID = -1 * time();
 	$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
 } else {
 	$form_action = 'editpost';
-	$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+	$nonce_action = 'update-post_' . $post_ID;
+	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }

-$sendto = $_SERVER['HTTP_REFERER'];
+$sendto = wp_get_referer();

 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
 	$sendto = 'redo';
@@ -23,22 +25,24 @@ $sendto = wp_specialchars( $sendto );
 <form name="post" action="post.php" method="post" id="post">

 <?php
+wp_nonce_field($nonce_action);
+
 if (isset($mode) && 'bookmarklet' == $mode) {
    echo '<input type="hidden" name="mode" value="bookmarklet" />';
 }
 ?>
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
-<input type="hidden" name="action" value='<?php echo $form_action ?>' />
+<input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' />
 <?php echo $form_extra ?>
 <input type="hidden" name="post_status" value="static" />

 <script type="text/javascript">
-<!--
+// <![CDATA[
 function focusit() { // focus on first input field
 	document.post.title.focus();
 }
 addLoadEvent(focusit);
-//-->
+// ]]>
 </script>
 <div id="poststuff">

@@ -70,7 +74,7 @@ addLoadEvent(focusit);
 </fieldset>

 <?php if ( 0 != count( get_page_templates() ) ) { ?>
-<fieldset id="pageparent" class="dbx-box">
+<fieldset id="pagetemplate" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Page Template:') ?></h3> 
 <div class="dbx-content"><p><select name="page_template">
 		<option value='default'><?php _e('Default Template'); ?></option>
@@ -186,7 +190,7 @@ else
 <?php
 if (current_user_can('upload_files')) {
 	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
-	$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
+	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )
 		echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
@@ -209,14 +213,16 @@ if($metadata = has_meta($post_ID)) {
 	meta_form();
 ?>
 </div>
+<div id="ajax-response"></div>
 </fieldset>

 <?php do_action('dbx_page_advanced'); ?>

 </div>

-<?php if ('edit' == $action) : ?>
-		<input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $wpdb->escape($post->post_title) ) . "')\""; ?> />
+<?php if ('edit' == $action) :
+	$delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?>
+	<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
 </form>

--- a/wp-admin/edit-pages.php
+++ b/wp-admin/edit-pages.php
@@ -43,7 +43,7 @@ if ($posts) {
 if ( isset($_GET['s']) ) {
 foreach ( $posts as $post ) : 
 	$class = ('alternate' != $class) ? 'alternate' : ''; ?>
-  <tr id='page-<?php echo $id; ?>' class='<?php echo $class; ?>'> 
+  <tr id='page-<?php echo $post->ID; ?>' class='<?php echo $class; ?>'> 
    <th scope="row"><?php echo $post->ID; ?></th> 
    <td>
      <?php echo $pad; ?><?php the_title() ?> 
@@ -51,8 +51,8 @@ foreach ( $posts as $post ) :
    <td><?php the_author() ?></td>
    <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 
 	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title('','',0))) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
  </tr>
 <?php
 endforeach;
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -210,7 +210,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {

 	case 'control_delete':
 		?>
-		<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
+		<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td>
 		<?php
 		break;

@@ -262,12 +262,13 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
  <?php 
 			if ( current_user_can('edit_post', $post->ID) ) {
 				echo "[ <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" .  __('Edit') . "</a>";
-				echo " - <a href=\"post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> ";
+				echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "');\">" . __('Delete') . '</a> ';
+
 				if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
 					if ('approved' == wp_get_comment_status($comment->comment_ID)) {
-						echo " - <a href=\"post.php?action=unapprovecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> ";
+						echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> ';
 					} else {
-						echo " - <a href=\"post.php?action=approvecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">" . __('Approve') . "</a> ";
+						echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '">' . __('Approve') . '</a> ';
 					}
 				}
 				echo "]";
--- a/wp-admin/images/box-bg-left.gif
+++ b/wp-admin/images/box-bg-left.gif
--- a/wp-admin/images/box-bg-right.gif
+++ b/wp-admin/images/box-bg-right.gif
--- a/wp-admin/images/box-butt-left.gif
+++ b/wp-admin/images/box-butt-left.gif
--- a/wp-admin/images/box-butt-right.gif
+++ b/wp-admin/images/box-butt-right.gif
--- a/wp-admin/images/box-head-left.gif
+++ b/wp-admin/images/box-head-left.gif
--- a/wp-admin/images/box-head-right.gif
+++ b/wp-admin/images/box-head-right.gif
--- a/wp-admin/import.php
+++ b/wp-admin/import.php
@@ -36,7 +36,7 @@ if (empty ($importers)) {
 	$style = '';
 	foreach ($importers as $id => $data) {
 		$style = ('class="alternate"' == $style || 'class="alternate active"' == $style) ? '' : 'alternate';
-		$action = "<a href='admin.php?import=$id' title='{$data[1]}'>{$data[0]}</a>";
+		$action = "<a href='admin.php?import=$id' title='".wptexturize(strip_tags($data[1]))."'>{$data[0]}</a>";

 		if ($style != '')
 			$style = 'class="'.$style.'"';
--- a/wp-admin/import/blogger.php
+++ b/wp-admin/import/blogger.php
@@ -25,7 +25,7 @@ class Blogger_Import {
 	// Deletes saved data and redirect.
 	function restart() {
 		delete_option('import-blogger');
-		header("Location: admin.php?import=blogger");
+		wp_redirect("admin.php?import=blogger");
 		die();
 	}

@@ -213,7 +213,7 @@ class Blogger_Import {
 	
 	// Redirects to next step
 	function do_next_step() {
-		header("Location: admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
+		wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
 		die();
 	}

@@ -273,7 +273,7 @@ class Blogger_Import {
 				);
 			}
 			update_option('import-blogger', $this->import);
-			header("Location: admin.php?import=blogger&noheader=true&step=1");
+			wp_redirect("admin.php?import=blogger&noheader=true&step=1");
 		}
 		die();
 	}
@@ -599,6 +599,8 @@ class Blogger_Import {
 		}
 		
 		if ( isset($_GET['noheader']) ) {
+			header('Content-Type: text/html; charset=utf-8');
+
 			$this->import = get_settings('import-blogger');

 			if ( false === $this->import ) {
--- a/wp-admin/import/dotclear.php
+++ b/wp-admin/import/dotclear.php
@@ -640,12 +640,12 @@ class Dotclear_Import {
 	function db_form()
 	{
 		echo '<ul>';
-		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" /></li>', __('Dotclear Database User:'));
-		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" /></li>', __('Dotclear Database Password:'));
-		printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" /></li>', __('Dotclear Database Name:'));
-		printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" value="localhost" /></li>', __('Dotclear Database Host:'));
+		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Dotclear Database User:'));
+		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Dotclear Database Password:'));
+		printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" id="dbname" /></li>', __('Dotclear Database Name:'));
+		printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" id="dbhost" value="localhost" /></li>', __('Dotclear Database Host:'));
 		/* printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" /></li>', __('Dotclear Table prefix (if any):')); */
-		printf('<li><label for="dccharset">%s</label> <input type="text" name="dccharset" value="ISO-8859-15"/></li>', __('Originating character set:'));
+		printf('<li><label for="dccharset">%s</label> <input type="text" id="dccharset" name="dccharset" value="ISO-8859-15"/></li>', __('Originating character set:'));
 		echo '</ul>';
 	}
 	
--- a/wp-admin/import/mt.php
+++ b/wp-admin/import/mt.php
@@ -193,7 +193,7 @@ class MT_Import {

 				// We want the excerpt
 				preg_match("|-----\nEXCERPT:(.*)|s", $post, $excerpt);
-				$excerpt = $wpdb->escape(trim($excerpt[1]));
+				$post_excerpt = $wpdb->escape(trim($excerpt[1]));
 				$post = preg_replace("|(-----\nEXCERPT:.*)|s", '', $post);

 				// We're going to put extended body into main body with a more tag
--- a/wp-admin/import/textpattern.php
+++ b/wp-admin/import/textpattern.php
@@ -569,11 +569,11 @@ class Textpattern_Import {
 	function db_form()
 	{
 		echo '<ul>';
-		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" /></li>', __('Textpattern Database User:'));
-		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" /></li>', __('Textpattern Database Password:'));
-		printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" /></li>', __('Textpattern Database Name:'));
-		printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" value="localhost" /></li>', __('Textpattern Database Host:'));
-		printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" /></li>', __('Textpattern Table prefix (if any):'));
+		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Textpattern Database User:'));
+		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Textpattern Database Password:'));
+		printf('<li><label for="dbname">%s</label> <input type="text" id="dbname" name="dbname" /></li>', __('Textpattern Database Name:'));
+		printf('<li><label for="dbhost">%s</label> <input type="text" id="dbhost" name="dbhost" value="localhost" /></li>', __('Textpattern Database Host:'));
+		printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" id="dbprefix"  /></li>', __('Textpattern Table prefix (if any):'));
 		echo '</ul>';
 	}
 	
--- a/wp-admin/index.php
+++ b/wp-admin/index.php
@@ -43,7 +43,6 @@ if ( $comments || $numcomments ) :
 <?php if ( $numcomments ) : ?>
 <p><strong><a href="moderation.php"><?php echo sprintf(__('Comments in moderation (%s)'), number_format($numcomments) ); ?> &raquo;</a></strong></p>
 <?php endif; ?>
-</div>

 <ul>
 <?php 
@@ -56,9 +55,10 @@ foreach ($comments as $comment) {
 }
 ?>
 </ul>
-
+</div>
 <?php endif; ?>

+
 <?php
 if ( $recentposts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'publish' AND post_date_gmt < '$today' ORDER BY post_date DESC LIMIT 5") ) :
 ?>
--- a/wp-admin/inline-uploading.php
+++ b/wp-admin/inline-uploading.php
@@ -34,16 +34,20 @@ break;

 case 'delete':

+check_admin_referer('inlineuploading');
+
 if ( !current_user_can('edit_post', (int) $attachment) )
 	die(__('You are not allowed to delete this attachment.').' <a href="'.basename(__FILE__)."?post=$post&amp;all=$all&amp;action=upload\">".__('Go back').'</a>');

 wp_delete_attachment($attachment);

-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start");
+wp_redirect(basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start");
 die;

 case 'save':

+check_admin_referer('inlineuploading');
+
 $overrides = array('action'=>'save');

 $file = wp_handle_upload($_FILES['image'], $overrides);
@@ -98,7 +102,7 @@ if ( preg_match('!^image/!', $attachment['post_mime_type']) ) {
 	add_post_meta($id, '_wp_attachment_metadata', array());
 }

-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=0");
+wp_redirect(basename(__FILE__) . "?post=$post&all=$all&action=view&start=0");
 die();

 case 'upload':
@@ -137,7 +141,7 @@ if ( '' == $sort )
 $attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_status = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A);

 if ( count($attachments) == 0 ) {
-	header("Location: ".basename(__FILE__)."?post=$post&action=upload");
+	wp_redirect( basename(__FILE__) ."?post=$post&action=upload" );
 	die;
 } elseif ( count($attachments) > $num ) {
 	$next = $start + count($attachments) - $num;
@@ -211,7 +215,7 @@ var icon = new Array();
 		</noscript>
 ";
 		$send_delete_cancel = "<a onclick=\"sendToEditor({$ID});return false;\" href=\"javascript:void()\">$__send_to_editor</a>
-<a onclick=\"return confirm('$__confirmdelete')\" href=\"".basename(__FILE__)."?action=delete&amp;attachment={$ID}&amp;all=$all&amp;start=$start&amp;post=$post\">$__delete</a>
+<a onclick=\"return confirm('$__confirmdelete')\" href=\"" . wp_nonce_url( basename(__FILE__) . "?action=delete&amp;attachment={$ID}&amp;all=$all&amp;start=$start&amp;post=$post", inlineuploading) . "\">$__delete</a>
 		<a onclick=\"popup.style.display='none';return false;\" href=\"javascript:void()\">$__close</a>
 ";
 		$uwidth_sum += 128;
@@ -234,7 +238,7 @@ srcb[{$ID}] = '{$image['guid']}';
 			$xpadding = (128 - $image['uwidth']) / 2;
 			$ypadding = (96 - $image['uheight']) / 2;
 			$style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
-			$title = htmlentities($image['post_title'], ENT_QUOTES);
+			$title = wp_specialchars($image['post_title'], ENT_QUOTES);
 			$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
@@ -254,7 +258,7 @@ imgb[{$ID}] = '<img id=\"image{$ID}\" src=\"{$image['guid']}\" alt=\"{$title}\"
 </div>
 ";
 		} else {
-			$title = htmlentities($attachment['post_title'], ENT_QUOTES);
+			$title = wp_specialchars($attachment['post_title'], ENT_QUOTES);
 			$filename = basename($attachment['guid']);
 			$icon = get_attachment_icon($ID);
 			$toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
@@ -295,8 +299,10 @@ die(__('This script was not meant to be called directly.'));
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_settings('blog_charset'); ?>" />
+<title></title>
 <meta http-equiv="imagetoolbar" content="no" />
 <script type="text/javascript">
+// <![CDATA[
 /* Define any variables we'll need, such as alternate URLs. */
 <?php echo $script; ?>
 function htmldecode(st) {
@@ -434,6 +440,7 @@ function sendToEditor(n) {
 	else
 		win.edInsertContent(win.edCanvas, h);
 }
+// ]]>
 </script>
 <style type="text/css">
 <?php if ( $action == 'links' ) : ?>
@@ -639,25 +646,25 @@ th {
 </head>
 <body>
 <ul id="upload-menu">
-<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__); ?>?action=upload&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $start; ?>"><?php _e('Upload'); ?></a></li>
+<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__) . "?action=upload&amp;post=$post&amp;all=$all&amp;start=$start"; ?>"><?php _e('Upload'); ?></a></li>
 <?php if ( $attachments = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?>
-<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&amp;post=<?php echo $post; ?>&amp;all=false"><?php _e('Browse'); ?></a></li>
+<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__) . "?action=view&amp;post=$post&amp;all=false"; ?>"><?php _e('Browse'); ?></a></li>
 <?php } ?>
 <?php if ($wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment'")) { ?>
-<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&amp;post=<?php echo $post; ?>&amp;all=true"><?php _e('Browse All'); ?></a></li>
+<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__) . "?action=view&amp;post=$post&amp;all=true"; ?>"><?php _e('Browse All'); ?></a></li>
 <?php } ?>
 <li> </li>
 <?php if ( $action == 'view' ) { ?>
 <?php if ( false !== $back ) : ?>
-<li class="spacer"><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=0" title="<?php _e('First'); ?>">|&laquo;</a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $back; ?>"">&laquo; <?php _e('Back'); ?></a></li>
+<li class="spacer"><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=0"; ?>" title="<?php _e('First'); ?>">|&laquo;</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=$back"; ?>">&laquo; <?php _e('Back'); ?></a></li>
 <?php else : ?>
 <li class="inactive spacer">|&laquo;</li>
 <li class="inactive">&laquo; <?php _e('Back'); ?></li>
 <?php endif; ?>
 <?php if ( false !== $next ) : ?>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $next; ?>"><?php _e('Next'); ?> &raquo;</a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;last=true" title="<?php _e('Last'); ?>">&raquo;|</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=$next"; ?>"><?php _e('Next &raquo;'); ?></a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;last=true"; ?>" title="<?php _e('Last'); ?>">&raquo;|</a></li>
 <?php else : ?>
 <li class="inactive"><?php _e('Next'); ?> &raquo;</li>
 <li class="inactive">&raquo;|</li>
@@ -674,7 +681,7 @@ th {
 </div>
 <?php elseif ( $action == 'upload' ) : ?>
 <div class="tip"></div>
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo basename(__FILE__); ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo basename(__FILE__); ?>">
 <table style="width:99%;">
 <tr>
 <th scope="row" align="right"><label for="upload"><?php _e('File:'); ?></label></th>
@@ -695,6 +702,7 @@ th {
 <input type="hidden" name="post" value="<?php echo $post; ?>" />
 <input type="hidden" name="all" value="<?php echo $all; ?>" />
 <input type="hidden" name="start" value="<?php echo $start; ?>" />
+<?php wp_nonce_field( 'inlineuploading' ); ?>
 <div id="submit">
 <input type="submit" value="<?php _e('Upload'); ?>" />
 <?php if ( !empty($all) ) : ?>
@@ -704,7 +712,6 @@ th {
 </td>
 </tr>
 </table>
-</div>
 </form>
 <?php elseif ( $action == 'links' ) : ?>
 <div id="links">
--- a/wp-admin/link-categories.php
+++ b/wp-admin/link-categories.php
@@ -26,6 +26,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 switch ($action) {
  case 'addcat':
  {
+      check_admin_referer('add-link-category');
+
      if ( !current_user_can('manage_links') )
          die (__("Cheatin' uh ?"));

@@ -75,12 +77,14 @@ switch ($action) {
             " '$show_rating', '$show_updated', '$sort_order', '$sort_desc', '$text_before_link', '$text_after_link', \n" .
             " '$text_after_all', $list_limit)");

-      header('Location: link-categories.php');
+      wp_redirect('link-categories.php');
    break;
  } // end addcat
  case 'Delete':
  {
-    $cat_id = (int) $_GET['cat_id'];
+   	$cat_id = (int) $_GET['cat_id'];
+    check_admin_referer('delete-link-category_' . $cat_id);
+
    $cat_name=get_linkcatname($cat_id);

    if ($cat_id=="1")
@@ -92,7 +96,7 @@ switch ($action) {
    $wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$cat_id'");
    $wpdb->query("UPDATE $wpdb->links SET link_category=1 WHERE link_category='$cat_id'");

-    header('Location: link-categories.php');
+    wp_redirect('link-categories.php');
    break;
  } // end delete
  case 'Edit':
@@ -112,6 +116,7 @@ switch ($action) {
  <h2><?php printf(__('Edit &#8220%s&#8221; Category'), wp_specialchars($row->cat_name)); ?></h2>

  <form name="editcat" method="post">
+  <?php wp_nonce_field('update-link-category_' . $row->cat_id) ?>
      <input type="hidden" name="action" value="editedcat" />
      <input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" />
 <fieldset class="options">
@@ -177,15 +182,15 @@ switch ($action) {
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
 	<th width="33%" scope="row"><?php _e('Before Link:') ?></th>
-	<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link)?>" /></td>
+	<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link,'double')?>" /></td>
 </tr>
 <tr>
 <th scope="row"><?php _e('Between Link and Description:') ?></th>
-<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link)?>" /></td>
+<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link,'double')?>" /></td>
 </tr>
 <tr>
 <th scope="row"><?php _e('After Link:') ?></th>
-<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all)?>"/></td>
+<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all,'double')?>"/></td>
 </tr>
 </table>
 </fieldset>
@@ -199,14 +204,15 @@ switch ($action) {
  } // end Edit
  case "editedcat":
  {
+    $cat_id = (int)$_POST["cat_id"];
+    check_admin_referer('update-link-category_' . $cat_id);
+
    if ( !current_user_can('manage_links') )
      die (__("Cheatin' uh ?"));

    $submit=$_POST["submit"];
    if (isset($submit)) {

-    $cat_id = (int)$_POST["cat_id"];
-
    $cat_name= wp_specialchars($_POST["cat_name"]);
    $auto_toggle = $_POST["auto_toggle"];
    if ($auto_toggle != 'Y') {
@@ -265,7 +271,7 @@ switch ($action) {
    } // end if save


-    header("Location: link-categories.php");
+    wp_redirect("link-categories.php");
    break;
  } // end editcat
  default:
@@ -345,12 +351,12 @@ foreach ($results as $row) {
                <td><?php echo $row->show_updated == 'Y' ? __('Yes') : __('No') ?></td>
                <td><?php echo $row->sort_order ?></td>
                <td><?php echo $row->sort_desc == 'Y' ? __('Yes') : __('No') ?></td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_before_link)?>&nbsp;</td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_after_link)?>&nbsp;</td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_after_all)?></td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_before_link)?>&nbsp;</td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_link)?>&nbsp;</td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_all)?></td>
                <td><?php echo $row->list_limit ?></td>
                <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Edit" class="edit"><?php _e('Edit') ?></a></td>
-                <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Delete" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
+                <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
              </tr>
 <?php
        ++$i;
@@ -364,7 +370,8 @@ foreach ($results as $row) {
 </div>

 <div class="wrap">
-    <form name="addcat" method="post">
+    <form name="addcat" method="post" action="">
+    <?php wp_nonce_field('add-link-category'); ?>
      <input type="hidden" name="action" value="addcat" />
 	  <h2><?php _e('Add a Link Category:') ?></h2>
 <fieldset class="options">
--- a/wp-admin/link-import.php
+++ b/wp-admin/link-import.php
@@ -24,6 +24,7 @@ switch ($step) {
 <div class="wrap">
 <h2><?php _e('Import your blogroll from another system') ?> </h2>
 <form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
+<?php wp_nonce_field('import-bookmarks') ?>

 <p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?>
 <div style="width: 70%; margin: auto; height: 8em;">
@@ -63,6 +64,8 @@ foreach ($categories as $category) {
            } // end case 0

    case 1: {
+		check_admin_referer('import-bookmarks');
+
                include_once('admin-header.php');
                if ( !current_user_can('manage_links') )
                    die (__("Cheatin' uh ?"));
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -39,7 +39,7 @@ if ('' != $_POST['linkcheck']) $linkcheck = $_POST[linkcheck];
 switch ($action) {
  case 'assign':
  {
-    check_admin_referer();
+	check_admin_referer('bulk-bookmarks');

    // check the current user's level first.
    if ( !current_user_can('manage_links') )
@@ -49,7 +49,7 @@ switch ($action) {
    //userlevel of the owner of the link then we can proceed.

    if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
        exit;
    }
    $all_links = join(',', $linkcheck);
@@ -62,12 +62,12 @@ switch ($action) {
    $all_links = join(',', $ids_to_change);
    $q = $wpdb->query("update $wpdb->links SET link_owner='$newowner' WHERE link_id IN ($all_links)");

-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
    break;
  }
  case 'visibility':
  {
-    check_admin_referer();
+  	check_admin_referer('bulk-bookmarks');

    // check the current user's level first.
    if ( !current_user_can('manage_links') )
@@ -75,7 +75,7 @@ switch ($action) {

    //for each link id (in $linkcheck[]): toggle the visibility
    if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
        exit;
    }
    $all_links = join(',', $linkcheck);
@@ -99,12 +99,12 @@ switch ($action) {
        $q = $wpdb->query("update $wpdb->links SET link_visible='Y' WHERE link_id IN ($all_linkson)");
    }

-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
    break;
  }
  case 'move':
  {
-    check_admin_referer();
+	check_admin_referer('bulk-bookmarks');

    // check the current user's level first.
    if ( !current_user_can('manage_links') )
@@ -112,31 +112,31 @@ switch ($action) {

    //for each link id (in $linkcheck[]) change category to selected value
    if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
        exit;
    }
    $all_links = join(',', $linkcheck);
    // should now have an array of links we can change
    $q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)");

-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
    break;
  }

  case 'Add':
  {
-    check_admin_referer();
+  	check_admin_referer('add-bookmark');

 	add_link();
 	
-    header('Location: ' . $_SERVER['HTTP_REFERER'] . '?added=true');
+    wp_redirect(wp_get_referer() . '?added=true');
    break;
  } // end Add

  case 'editlink':
  {
- 
-	check_admin_referer();
+	$link_id = (int) $_POST['link_id'];
+	check_admin_referer('update-bookmark_' . $link_id);
 	
 	if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
 		$cat_id = $links_show_cat_id;
@@ -147,7 +147,6 @@ switch ($action) {
 	}
 	$links_show_cat_id = $cat_id;

-	$link_id = (int) $_POST['link_id'];
 	edit_link($link_id);
 	
    setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
@@ -155,15 +154,14 @@ switch ($action) {
    break;
  } // end Save

-  case 'Delete':
+  case 'delete':
  {
-    check_admin_referer();
+	$link_id = (int) $_GET['link_id'];
+	check_admin_referer('delete-bookmark_' . $link_id);

    if ( !current_user_can('manage_links') )
      die (__("Cheatin' uh ?"));

-    $link_id = (int) $_GET['link_id'];
-
 	wp_delete_link($link_id);
 	
    if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
@@ -320,6 +318,7 @@ function checkAll(form)
 <form name="links" id="links" method="post" action="">
 <div class="wrap">

+    <?php wp_nonce_field('bulk-bookmarks') ?>
    <input type="hidden" name="link_id" value="" />
    <input type="hidden" name="action" value="" />
    <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
@@ -383,11 +382,12 @@ LINKS;

            if ($show_buttons) {
        echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=linkedit" class="edit">' . __('Edit') . '</a></td>';
-        echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=Delete"' .  " onclick=\"return deleteSomething( 'link', $link->link_id , '" . sprintf(__("You are about to delete the &quot;%s&quot; link to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($link->link_name,1), wp_specialchars($link->link_url)) . '\' );" class="delete">' . __('Delete') . '</a></td>';
+ 		echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; bookmark to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($link->link_name), js_escape($link->link_url)).'\' );">'.__('Delete').'</a></td>';
        echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>';
            } else {
              echo "<td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td>\n";
            }
+
 		echo "\n    </tr>\n";
        }
    }
--- a/wp-admin/list-manipulation.js
+++ b/wp-admin/list-manipulation.js
@@ -33,13 +33,13 @@ function ajaxDelete(what, id) {
 	ajaxDel.onLoaded = function() { ajaxDel.myResponseElement.innerHTML = 'Data Sent...'; };
 	ajaxDel.onInteractive = function() { ajaxDel.myResponseElement.innerHTML = 'Processing Data...'; };
 	ajaxDel.onCompletion = function() { removeThisItem( what + '-' + id ); };
-	ajaxDel.runAJAX('action=delete-' + what + '&id=' + id);
+	ajaxDel.runAJAX('action=delete-' + what + '&id=' + id + '&' + ajaxDel.encVar('cookie', document.cookie));
 	return false;
 }

 function removeThisItem(id) {
 	var response = ajaxDel.response;
-	if ( isNaN(response) ) { alert(response); }
+	if ( isNaN(response) ) { ajaxDel.myResponseElement.innerHTML = response; return false; }
 	response = parseInt(response, 10);
 	if ( -1 == response ) { ajaxDel.myResponseElement.innerHTML = "You don't have permission to do that."; }
 	else if ( 0 == response ) { ajaxDel.myResponseElement.interHTML = "Something odd happened.  Try refreshing the page? Either that or what you tried to delete never existed in the first place."; }
--- a/wp-admin/list-manipulation.php
+++ b/wp-admin/list-manipulation.php
@@ -2,10 +2,12 @@
 require_once('../wp-config.php');
 require_once('admin-functions.php');
 require_once('admin-db.php');
+header("Content-type: text/plain", true);

-get_currentuserinfo();
 if ( !is_user_logged_in() )
 	die('-1');
+if ( !check_ajax_referer() )
+	die('-1');

 function grab_results() {
 	global $ajax_results;
@@ -15,15 +17,13 @@ function grab_results() {
 function get_out_now() { exit; }
 add_action('shutdown', 'get_out_now', -1);

-//	check_admin_referer();
-
 switch ( $_POST['action'] ) :
 case 'delete-link' :
 	$id = (int) $_POST['id'];
 	if ( !current_user_can('manage_links') )
 		die ('-1');

-	if ( $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$id'") )
+	if ( wp_delete_link($id) ) 
 		die('1');
 	else	die('0');
 	break;
--- a/wp-admin/menu-header.php
+++ b/wp-admin/menu-header.php
@@ -52,4 +52,10 @@ endforeach;
 ?>

 </ul>
-<?php endif; ?>
+<?php
+
+endif; 
+
+do_action('admin_notices');
+
+?>
--- a/wp-admin/moderation.php
+++ b/wp-admin/moderation.php
@@ -32,6 +32,8 @@ switch($action) {

 case 'update':

+	check_admin_referer('moderate-comments');
+
 	if ( ! current_user_can('moderate_comments') )
 	die('<p>'.__('Your level is not high enough to moderate comments.').'</p>');

@@ -68,7 +70,7 @@ case 'update':
 	}

 	$file = basename(__FILE__);
-	header("Location: $file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam");
+	wp_redirect("$file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam");
 	exit();

 break;
@@ -130,6 +132,7 @@ if ($comments) {
 ?>
    <h2><?php _e('Moderation Queue') ?></h2>
    <form name="approval" action="moderation.php" method="post">
+    <?php wp_nonce_field('moderate-comments') ?>
    <input type="hidden" name="action" value="update" />
    <ol id="the-list" class="commentlist">
 <?php
@@ -148,11 +151,11 @@ $i = 0;
 echo '<a href="post.php?action=editcomment&amp;comment='.$comment->comment_ID.'">' . __('Edit') . '</a> | ';?>
 <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a> | 
 <?php 
-echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($comment->comment_author, 1)) . "' );\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
+echo " <a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
 	</p>

 	</li>
--- a/wp-admin/options-discussion.php
+++ b/wp-admin/options-discussion.php
@@ -21,6 +21,7 @@ if ($action == 'retrospam') {
 <div class="wrap"> 
 <h2><?php _e('Discussion Options') ?></h2> 
 <form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
 <fieldset class="options">
 <legend><?php _e('Usual settings for an article:<br /><small><em>(These settings may be overridden for individual articles.)</em></small>') ?></legend> 
 <ul> 
--- a/wp-admin/options-general.php
+++ b/wp-admin/options-general.php
@@ -10,6 +10,7 @@ include('./admin-header.php');
 <div class="wrap">
 <h2><?php _e('General Options') ?></h2>
 <form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
 <table class="optiontable"> 
 <tr valign="top"> 
 <th scope="row"><?php _e('Weblog title:') ?></th> 
--- a/wp-admin/options-misc.php
+++ b/wp-admin/options-misc.php
@@ -11,7 +11,7 @@ include('admin-header.php');
 <div class="wrap"> 
 <h2><?php _e('Miscellaneous Options') ?></h2> 
 <form method="post" action="options.php">
-
+<?php wp_nonce_field('update-options') ?>
 <fieldset class="options">
 <legend><?php _e('Uploading'); ?></legend>
 <table class="editform optiontable">
--- a/wp-admin/options-permalink.php
+++ b/wp-admin/options-permalink.php
@@ -57,7 +57,9 @@ include('admin-header.php');

 $home_path = get_home_path();

-if ( isset($_POST) ) {
+if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) {
+	check_admin_referer('update-permalink');
+
 	if ( isset($_POST['permalink_structure']) ) {
 		$permalink_structure = $_POST['permalink_structure'];
 		if (! empty($permalink_structure) )
@@ -115,6 +117,7 @@ $structures = array(
 	);
 ?>
 <form name="form" action="options-permalink.php" method="post"> 
+<?php wp_nonce_field('update-permalink') ?>
 <h3><?php _e('Common options:'); ?></h3>
 <p>
 	<label>
@@ -163,6 +166,7 @@ checked="checked"
 <?php if ( $permalink_structure && !$usingpi && !$writable ) : ?>
  <p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a>, we could do this automatically, but it isn&#8217;t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
 <form action="options-permalink.php" method="post">
+<?php wp_nonce_field('update-permalink') ?>
   <p>
 <textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>
 </textarea>
--- a/wp-admin/options-reading.php
+++ b/wp-admin/options-reading.php
@@ -9,7 +9,9 @@ include('admin-header.php');

 <div class="wrap"> 
 <h2><?php _e('Reading Options') ?></h2> 
-<form name="form1" method="post" action="options.php"> 
+<form name="form1" method="post" action="options.php">
+<?php wp_nonce_field('update-options') ?>
+
 <fieldset class="options"> 
 <legend><?php _e('Blog Pages') ?></legend> 
 <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
--- a/wp-admin/options-writing.php
+++ b/wp-admin/options-writing.php
@@ -10,6 +10,7 @@ include('admin-header.php');
 <div class="wrap"> 
 <h2><?php _e('Writing Options') ?></h2> 
 <form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
 <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
 <tr valign="top"> 
 <th width="33%" scope="row"> <?php _e('Size of the post box:') ?></th> 
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -29,7 +29,7 @@ switch($action) {
 case 'update':
 	$any_changed = 0;
 	
-	check_admin_referer();
+	check_admin_referer('update-options');

 	if (!$_POST['page_options']) {
 		foreach ($_POST as $key => $value) {
@@ -68,8 +68,6 @@ case 'update':
 			if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) {
 				// If home changed, write rewrite rules to new location.
 				$wp_rewrite->flush_rules();
-				// Get currently logged in user and password.
-				get_currentuserinfo();
 				// Clear cookies for old paths.
 				wp_clearcookie();
 				// Set cookies for new paths.
@@ -79,8 +77,8 @@ case 'update':
 			//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
    }
    
-	$referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
-	$goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
+	$referred = remove_query_arg('updated' , wp_get_referer());
+	$goback = add_query_arg('updated', 'true', wp_get_referer());
 	$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
 	wp_redirect($goback);
    break;
@@ -91,6 +89,7 @@ default:
 <div class="wrap">
  <h2><?php _e('All options'); ?></h2>
  <form name="form" action="options.php" method="post">
+  <?php wp_nonce_field('update-options') ?>
  <input type="hidden" name="action" value="update" />
  <table width="98%">
 <?php
--- a/wp-admin/page-new.php
+++ b/wp-admin/page-new.php
@@ -13,8 +13,6 @@ require_once('admin-header.php');
 <?php
 if ( current_user_can('edit_pages') ) {
 	$action = 'post';
-	get_currentuserinfo();
-	
 	$post = get_default_post_to_edit();
 	$post->post_status = 'static';

--- a/wp-admin/plugin-editor.php
+++ b/wp-admin/plugin-editor.php
@@ -34,6 +34,8 @@ switch($action) {

 case 'update':

+	check_admin_referer('edit-plugin_' . $file);
+
 	if ( !current_user_can('edit_plugins') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');

@@ -42,9 +44,9 @@ case 'update':
 		$f = fopen($real_file, 'w+');
 		fwrite($f, $newcontent);
 		fclose($f);
-		header("Location: plugin-editor.php?file=$file&a=te");
+		wp_redirect("plugin-editor.php?file=$file&a=te");
 	} else {
-		header("Location: plugin-editor.php?file=$file");
+		wp_redirect("plugin-editor.php?file=$file");
 	}

 	exit();
@@ -95,6 +97,7 @@ if ($plugin_files) :
 </div>
 	<?php	if (!$error) { ?> 
  <form name="template" id="template" action="plugin-editor.php" method="post">
+  <?php wp_nonce_field('edit-plugin_' . $file) ?>
 		 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 
     <input type="hidden" name="action" value="update" /> 
     <input type="hidden" name="file" value="<?php echo $file ?>" /> 
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -2,9 +2,8 @@
 require_once('admin.php');

 if ( isset($_GET['action']) ) {
-	check_admin_referer();
-	
 	if ('activate' == $_GET['action']) {
+		check_admin_referer('activate-plugin_' . $_GET['plugin']);
 		$current = get_settings('active_plugins');
 		if (!in_array($_GET['plugin'], $current)) {
 			$current[] = trim( $_GET['plugin'] );
@@ -13,13 +12,14 @@ if ( isset($_GET['action']) ) {
 			include(ABSPATH . 'wp-content/plugins/' . trim( $_GET['plugin'] ));
 			do_action('activate_' . trim( $_GET['plugin'] ));
 		}
-		header('Location: plugins.php?activate=true');
+		wp_redirect('plugins.php?activate=true');
 	} else if ('deactivate' == $_GET['action']) {
+		check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
 		$current = get_settings('active_plugins');
 		array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
 		update_option('active_plugins', $current);
 		do_action('deactivate_' . trim( $_GET['plugin'] ));
-		header('Location: plugins.php?deactivate=true');
+		wp_redirect('plugins.php?deactivate=true');
 	}
 	exit;
 }
@@ -98,11 +98,11 @@ if (empty($plugins)) {
 		$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';

 		if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
-			$action = "<a href='plugins.php?action=deactivate&amp;plugin=$plugin_file' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
+			$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&amp;plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
 			$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
 			$style .= $style == 'alternate' ? ' active' : 'active';
 		} else {
-			$action = "<a href='plugins.php?action=activate&amp;plugin=$plugin_file' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
+			$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
 		}
 		$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
 		if ($style != '') $style = 'class="' . $style . '"';
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -30,7 +30,8 @@ $editing = true;

 switch($action) {
 case 'post':
-
+	check_admin_referer('add-post');
+	
 	$post_ID = write_post();

 	// Redirect.
@@ -56,7 +57,7 @@ case 'post':
 	if ( isset($_POST['save']) )
 		$location = "post.php?action=edit&post=$post_ID";

-	header("Location: $location");
+	wp_redirect($location);
 	exit();
 	break;

@@ -88,6 +89,8 @@ case 'edit':
 case 'editattachment':
 	$post_id = (int) $_POST['post_ID'];

+	check_admin_referer('update-attachment_' . $post_id);
+
 	// Don't let these be changed
 	unset($_POST['guid']);
 	$_POST['post_status'] = 'attachment';
@@ -102,15 +105,23 @@ case 'editattachment':
 		add_post_meta($post_id, '_wp_attachment_metadata', $newmeta);

 case 'editpost':
+	$post_ID = (int) $_POST['post_ID'];
+	check_admin_referer('update-post_' . $post_ID);
+	
 	$post_ID = edit_post();

+	$referredby = '';
+	if ( !empty($_POST['referredby']) )
+		$referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
+	$referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
+	
 	if ($_POST['save']) {
-		$location = $_SERVER['HTTP_REFERER'];
+		$location = wp_get_referer();
 	} elseif ($_POST['updatemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=2#postcustom';
+		$location = wp_get_referer() . '&message=2#postcustom';
 	} elseif ($_POST['deletemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=3#postcustom';
-	} elseif (isset($_POST['referredby']) && $_POST['referredby'] != $_SERVER['HTTP_REFERER']) {
+		$location = wp_get_referer() . '&message=3#postcustom';
+	} elseif (!empty($referredby) && $referredby != $referer) {
 		$location = $_POST['referredby'];
 		if ( $_POST['referredby'] == 'redo' )
 			$location = get_permalink( $post_ID );
@@ -119,15 +130,15 @@ case 'editpost':
 	} else {
 		$location = 'post.php';
 	}
-	header ('Location: ' . $location); // Send user on their way while we keep working
+
+	wp_redirect($location); // Send user on their way while we keep working

 	exit();
 	break;

 case 'delete':
-	check_admin_referer();
-
 	$post_id = (isset($_GET['post']))  ? intval($_GET['post']) : intval($_POST['post_ID']);
+	check_admin_referer('delete-post_' . $post_id);

 	$post = & get_post($post_id);
 	
@@ -142,11 +153,11 @@ case 'delete':
 			die( __('Error in deleting...') );
 	}

-	$sendback = $_SERVER['HTTP_REFERER'];
+	$sendback = wp_get_referer();
 	if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
 	elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
 	$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
-	header ('Location: ' . $sendback);
+	wp_redirect($sendback);
 	break;

 case 'editcomment':
@@ -198,6 +209,7 @@ case 'confirmdeletecomment':
 	echo "<input type='hidden' name='p' value='$p' />\n";
 	echo "<input type='hidden' name='comment' value='{$comment->comment_ID}' />\n";
 	echo "<input type='hidden' name='noredir' value='1' />\n";
+	wp_nonce_field('delete-comment_' .  $comment->comment_ID);
 	echo "<input type='submit' value='" . __('Yes') . "' />";
 	echo "&nbsp;&nbsp;";
 	echo "<input type='button' value='" . __('No') . "' onclick=\"self.location='". get_settings('siteurl') ."/wp-admin/edit.php?p=$p&amp;c=1#comments';\" />\n";
@@ -207,10 +219,9 @@ case 'confirmdeletecomment':
 	break;

 case 'deletecomment':
-
-	check_admin_referer();
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('delete-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
@@ -229,19 +240,18 @@ case 'deletecomment':
 	wp_set_comment_status($comment->comment_ID, "delete");
 	do_action('delete_comment', $comment->comment_ID);

-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}

 	break;

 case 'unapprovecomment':
-
-	check_admin_referer();
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('unapprove-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
@@ -257,17 +267,17 @@ case 'unapprovecomment':

 	wp_set_comment_status($comment->comment_ID, "hold");

-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}

 	break;

 case 'mailapprovecomment':
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('approve-comment_' . $comment);

 	if ( ! $comment = get_comment($comment) )
 			 die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
@@ -281,13 +291,14 @@ case 'mailapprovecomment':
 			wp_notify_postauthor($comment->comment_ID);
 	}

-	header('Location: ' . get_option('siteurl') . '/wp-admin/moderation.php?approved=1');
+	wp_redirect(get_option('siteurl') . '/wp-admin/moderation.php?approved=1');

 	break;

 case 'approvecomment':
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('approve-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
@@ -307,23 +318,28 @@ case 'approvecomment':
 	}


-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}

 	break;

 case 'editedcomment':

+	$comment_ID = (int) $_POST['comment_ID'];
+	$comment_post_ID = (int)  $_POST['comment_post_ID'];
+
+	check_admin_referer('update-comment_' . $comment_ID);
+
 	edit_comment();

 	$referredby = $_POST['referredby'];
 	if (!empty($referredby)) {
-		header('Location: ' . $referredby);
+		wp_redirect($referredby);
 	} else {
-		header ("Location: edit.php?p=$comment_post_ID&c=1#comments");
+		wp_redirect("edit.php?p=$comment_post_ID&c=1#comments");
 	}

 	break;
--- a/wp-admin/profile-update.php
+++ b/wp-admin/profile-update.php
@@ -2,7 +2,7 @@

 require_once('admin.php');

-check_admin_referer();
+check_admin_referer('update-profile_' . $user_ID);

 if ( !$_POST )
 	die( __('No post?') );
--- a/wp-admin/profile.php
+++ b/wp-admin/profile.php
@@ -19,6 +19,7 @@ $bookmarklet_height= 440;
 <div class="wrap">
 <h2><?php _e('Your Profile and Personal Options'); ?></h2>
 <form name="profile" id="your-profile" action="profile-update.php" method="post">
+<?php wp_nonce_field('update-profile_' . $user_ID) ?>
 <p>
 <input type="hidden" name="from" value="profile" />
 <input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
--- a/wp-admin/setup-config.php
+++ b/wp-admin/setup-config.php
@@ -1,17 +1,18 @@
 <?php
 define('WP_INSTALLING', true);

-if (file_exists('../wp-config.php')) 
-	die("The file 'wp-config.php' already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try <a href='install.php'>installing now</a>.");
-
 if (!file_exists('../wp-config-sample.php'))
    die('Sorry, I need a wp-config-sample.php file to work from. Please re-upload this file from your WordPress installation.');
+
 $configFile = file('../wp-config-sample.php');

 if (!is_writable('../')) die("Sorry, I can't write to the directory. You'll have to either change the permissions on your WordPress directory or create your wp-config.php manually.");

-$step = 0;
-if(isset($_GET['step'])) $step = $_GET['step'];
+
+if (isset($_GET['step']))
+	$step = $_GET['step'];
+else
+	$step = 0;
 header( 'Content-Type: text/html; charset=utf-8' );
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -20,45 +21,74 @@ header( 'Content-Type: text/html; charset=utf-8' );
 <title>WordPress &rsaquo; Setup Configuration File</title>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <style media="screen" type="text/css">
-    <!--
+	<!--
+	html {
+		background: #eee;
+	}
 	body {
+		background: #fff;
+		color: #000;
 		font-family: Georgia, "Times New Roman", Times, serif;
-		margin-left: 15%;
-		margin-right: 15%;
+		margin-left: 20%;
+		margin-right: 20%;
+		padding: .2em 2em;
+	}
+
+	h1 {
+		color: #006;
+		font-size: 18px;
+		font-weight: lighter;
+	}
+
+	h2 {
+		font-size: 16px;
+	}
+
+	p, li, dt {
+		line-height: 140%;
+		padding-bottom: 2px;
+	}
+
+	ul, ol {
+		padding: 5px 5px 5px 20px;
 	}
 	#logo {
-		margin: 0;
-		padding: 0;
-		background-image: url(http://wordpress.org/images/logo.png);
-		background-repeat: no-repeat;
-		height: 60px;
-		border-bottom: 4px solid #333;
+		margin-bottom: 2em;
 	}
-	#logo a {
-		display: block;
-		height: 60px;
+	.step a, .step input {
+		font-size: 2em;
 	}
-	#logo a span {
-		display: none;
+	td input {
+		font-size: 1.5em;
 	}
-	p, li {
-		line-height: 140%;
+	.step, th {
+		text-align: right;
 	}
-    -->
+	#footer {
+		text-align: center;
+		border-top: 1px solid #ccc;
+		padding-top: 1em;
+		font-style: italic;
+	}
+	-->
 	</style>
 </head>
-<body> 
-<h1 id="logo"><a href="http://wordpress.org/"><span>WordPress</span></a></h1> 
+<body>
+<h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
 <?php
+// Check if wp-config.php has been created
+if (file_exists('../wp-config.php'))
+	die("<p>The file 'wp-config.php' already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try <a href='install.php'>installing now</a>.</p></body></html>");

 switch($step) {
 	case 0:
 ?> 
+
 <p>Welcome to WordPress. Before getting started, we need some information on the database. You will need to know the following items before proceeding.</p> 
 <ol> 
  <li>Database name</li> 
  <li>Database username</li> 
-  <li>Database password</li> 
+  <li>Database password</li>
  <li>Database host</li> 
  <li>Table prefix (if you want to run more than one WordPress in a single database) </li>
 </ol> 
@@ -70,40 +100,42 @@ switch($step) {
 	case 1:
 	?> 
 </p> 
-<form method="post" action="setup-config.php?step=2"> 
+<form method="post" action="setup-config.php?step=2">
  <p>Below you should enter your database connection details. If you're not sure about these, contact your host. </p>
  <table> 
    <tr> 
      <th scope="row">Database Name</th> 
-      <td><input name="dbname" type="text" size="45" value="wordpress" /></td> 
+      <td><input name="dbname" type="text" size="25" value="wordpress" /></td>
      <td>The name of the database you want to run WP in. </td> 
    </tr> 
    <tr> 
      <th scope="row">User Name</th> 
-      <td><input name="uname" type="text" size="45" value="username" /></td> 
+      <td><input name="uname" type="text" size="25" value="username" /></td>
      <td>Your MySQL username</td> 
    </tr> 
    <tr> 
      <th scope="row">Password</th> 
-      <td><input name="pwd" type="text" size="45" value="password" /></td> 
+      <td><input name="pwd" type="text" size="25" value="password" /></td>
      <td>...and MySQL password.</td> 
    </tr> 
    <tr> 
      <th scope="row">Database Host</th> 
-      <td><input name="dbhost" type="text" size="45" value="localhost" /></td> 
+      <td><input name="dbhost" type="text" size="25" value="localhost" /></td>
      <td>99% chance you won't need to change this value.</td> 
    </tr>
    <tr>
      <th scope="row">Table Prefix</th>
-      <td><input name="prefix" type="text" id="prefix" value="wp_" size="45" /></td>
+      <td><input name="prefix" type="text" id="prefix" value="wp_" size="25" /></td>
      <td>If you want to run multiple WordPress installations in a single database, change this.</td>
    </tr> 
-  </table> 
-  <input name="submit" type="submit" value="Submit" /> 
+  </table>
+  <h2 class="step">
+  <input name="submit" type="submit" value="Submit" />
+  </h2>
 </form> 
 <?php
 	break;
-	
+
 	case 2:
 	$dbname  = trim($_POST['dbname']);
    $uname   = trim($_POST['uname']);
@@ -149,8 +181,8 @@ switch($step) {
 <p>All right sparky! You've made it through this part of the installation. WordPress can now communicate with your database. If you are ready, time now to <a href="install.php">run the install!</a></p> 
 <?php
 	break;
-
 }
-?> 
+?>
+<p id="footer"><a href="http://wordpress.org/">WordPress</a>, personal publishing platform.</p>
 </body>
 </html>
--- a/wp-admin/sidebar.php
+++ b/wp-admin/sidebar.php
@@ -48,7 +48,7 @@ form {
 </head>
 <body id="sidebar">
 <h1 id="wphead"><a href="http://wordpress.org/" rel="external">WordPress</a></h1>
-<form name="post" action="post.php" method="POST">
+<form name="post" action="post.php" method="post">
 <div><input type="hidden" name="action" value="post" />
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" name="mode" value="sidebar" />
--- a/wp-admin/templates.php
+++ b/wp-admin/templates.php
@@ -36,6 +36,8 @@ switch($action) {

 case 'update':

+	check_admin_referer('edit-file_' . $file);
+
 	if ( ! current_user_can('edit_files') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');

@@ -45,12 +47,12 @@ case 'update':
 		if ( $f ) {
 			fwrite($f, $newcontent);
 			fclose($f);
-			header("Location: templates.php?file=$file&a=te");
+			wp_redirect("templates.php?file=$file&a=te");
 		} else {
-			header("Location: templates.php?file=$file&a=err");
+			wp_redirect("templates.php?file=$file&a=err");
 		}
 	} else {
-		header("Location: templates.php?file=$file&a=err");
+		wp_redirect("templates.php?file=$file&a=err");
 	}

 	exit();
@@ -126,6 +128,7 @@ endif;
 </div>
 <?php if (!$error) { ?>
  <form name="template" id="template" action="templates.php" method="post"> 
+  <?php wp_nonce_field('edit-file_' . $file) ?>
     <div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea> 
     <input type="hidden" name="action" value="update" /> 
     <input type="hidden" name="file" value="<?php echo $file ?>" /> 
--- a/wp-admin/theme-editor.php
+++ b/wp-admin/theme-editor.php
@@ -47,6 +47,8 @@ switch($action) {

 case 'update':

+	check_admin_referer('edit-theme_' . $file . $theme);
+
 	if ( !current_user_can('edit_themes') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');

@@ -56,9 +58,9 @@ case 'update':
 		$f = fopen($real_file, 'w+');
 		fwrite($f, $newcontent);
 		fclose($f);
-		header("Location: theme-editor.php?file=$file&theme=$theme&a=te");
+		wp_redirect("theme-editor.php?file=$file&theme=$theme&a=te");
 	} else {
-		header("Location: theme-editor.php?file=$file&theme=$theme");
+		wp_redirect("theme-editor.php?file=$file&theme=$theme");
 	}

 	exit();
@@ -129,6 +131,7 @@ if ($allowed_files) :
 	if (!$error) {
 	?> 
  <form name="template" id="template" action="theme-editor.php" method="post">
+  <?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
 		 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 
     <input type="hidden" name="action" value="update" /> 
     <input type="hidden" name="file" value="<?php echo $file ?>" /> 
--- a/wp-admin/themes.php
+++ b/wp-admin/themes.php
@@ -2,7 +2,7 @@
 require_once('admin.php');

 if ( isset($_GET['action']) ) {
-	check_admin_referer();
+	check_admin_referer('switch-theme_' . $_GET['template']);
 	
 	if ('activate' == $_GET['action']) {
 		if ( isset($_GET['template']) )
@@ -13,7 +13,7 @@ if ( isset($_GET['action']) ) {
 		
 		do_action('switch_theme', get_current_theme());
 		
-		header('Location: themes.php?activated=true');
+		wp_redirect('themes.php?activated=true');
 		exit;
 	}
 }
@@ -69,7 +69,7 @@ foreach ($theme_names as $theme_name) {
 	$author = $themes[$theme_name]['Author'];
 	$screenshot = $themes[$theme_name]['Screenshot'];
 	$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
-	$activate_link = "themes.php?action=activate&amp;template=$template&amp;stylesheet=$stylesheet";
+	$activate_link = wp_nonce_url("themes.php?action=activate&amp;template=$template&amp;stylesheet=$stylesheet", 'switch-theme_' . $template);
 ?>
 <div class="available-theme">
 <h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>
--- a/wp-admin/update-links.php
+++ b/wp-admin/update-links.php
@@ -23,7 +23,7 @@ $http_request .= "\r\n";
 $http_request .= $query_string;

 $response = '';
-if( false !== ( $fs = fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
+if ( false !== ( $fs = @fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
 	fwrite($fs, $http_request);
 	while ( !feof($fs) )
 		$response .= fgets($fs, 1160); // One TCP-IP packet
--- a/wp-admin/upgrade-schema.php
+++ b/wp-admin/upgrade-schema.php
@@ -211,7 +211,7 @@ function populate_options() {
 	add_option('page_uris');
 	add_option('blacklist_keys');
 	add_option('comment_registration', 0);
-	add_option('open_proxy_check', 1);
+	add_option('open_proxy_check', 0);
 	add_option('rss_language', 'en');
 	add_option('html_type', 'text/html');
 	// 1.5.1
@@ -229,6 +229,9 @@ function populate_options() {
 		add_option('uploads_use_yearmonth_folders', 1);
 		add_option('upload_path', 'wp-content/uploads');
 	}
+	
+	// 2.0.3
+	add_option('secret', md5(uniqid(microtime())));

 	// Delete unused options
 	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog');
--- a/wp-admin/upgrade.php
+++ b/wp-admin/upgrade.php
@@ -67,7 +67,7 @@ text-align: center; border-top: 1px solid #ccc; padding-top: 1em; font-style: it
 switch($step) {

 	case 0:
-	$goback = wp_specialchars($_SERVER['HTTP_REFERER'], 1);
+	$goback = wp_specialchars(wp_get_referer());
 ?> 
 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
 	<h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
@@ -75,10 +75,13 @@ switch($step) {
 	break;
 	
 	case 1:
-	wp_cache_flush();
-	make_db_current_silent();
-	upgrade_all();
-	wp_cache_flush();
+	$wp_current_db_version = __get_option('db_version');
+	if ( $wp_db_version != $wp_current_db_version ) {
+		wp_cache_flush();
+		make_db_current_silent();
+		upgrade_all();
+		wp_cache_flush();
+	}

 	if ( empty( $_GET['backto'] ) )
 		$backto = __get_option('home');
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -32,6 +32,8 @@ break;

 case 'update':

+check_admin_referer('update-user_' . $user_id);
+
 $errors = array();

 if (!current_user_can('edit_users'))
@@ -40,7 +42,7 @@ else
 	$errors = edit_user($user_id);

 if(count($errors) == 0) {
-	header("Location: user-edit.php?user_id=$user_id&updated=true");
+	wp_redirect("user-edit.php?user_id=$user_id&updated=true");
 	exit;
 }

@@ -71,6 +73,7 @@ if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permi
 <h2><?php _e('Edit User'); ?></h2>

 <form name="profile" id="your-profile" action="user-edit.php" method="post">
+<?php wp_nonce_field('update-user_' . $user_id) ?>
 <p>
 <input type="hidden" name="from" value="profile" />
 <input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -11,10 +11,10 @@ $update = '';
 switch ($action) {

 case 'promote':
-	check_admin_referer();
+	check_admin_referer('bulk-users');

 	if (empty($_POST['users'])) {
-		header('Location: users.php');
+		wp_redirect('users.php');
 	}

 	if ( !current_user_can('edit_users') )
@@ -33,16 +33,16 @@ case 'promote':
 		$user->set_role($_POST['new_role']);
 	}
 		
-	header('Location: users.php?update=' . $update);
+	wp_redirect('users.php?update=' . $update);

 break;

 case 'dodelete':

-	check_admin_referer();
+	check_admin_referer('delete-users');

 	if ( empty($_POST['users']) ) {
-		header('Location: users.php');
+		wp_redirect('users.php');
 	}

 	if ( !current_user_can('edit_users') )
@@ -66,17 +66,16 @@ case 'dodelete':
 		}
 	}

-	header('Location: users.php?update=' . $update);
+	wp_redirect('users.php?update=' . $update);

 break;

 case 'delete':

-	check_admin_referer();
+	check_admin_referer('bulk-users');

-	if (empty($_POST['users'])) {
-		header('Location: users.php');
-	}
+	if ( empty($_POST['users']) )
+		wp_redirect('users.php');

 	if ( !current_user_can('edit_users') )
 		$error['edit_users'] = __('You can&#8217;t delete users.');
@@ -86,6 +85,7 @@ case 'delete':
 	include ('admin-header.php');
 ?>
 <form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('delete-users') ?>
 <div class="wrap">
 <h2><?php _e('Delete Users'); ?></h2>
 <p><?php _e('You have specified these users for deletion:'); ?></p>
@@ -131,12 +131,12 @@ case 'delete':
 break;

 case 'adduser':
-	check_admin_referer();
+	check_admin_referer('add-user');
 	
 	$errors = add_user();
 	
 	if(count($errors) == 0) {
-		header('Location: users.php?update=add');
+		wp_redirect('users.php?update=add');
 		die();
 	}

@@ -200,6 +200,7 @@ default:
 	?>
 	
 <form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('bulk-users') ?>
 <div class="wrap">
 	<h2><?php _e('User List by Role'); ?></h2>
  <table cellpadding="3" cellspacing="3" width="100%">
@@ -280,6 +281,7 @@ $role_select .= '</select>';
 <h2><?php _e('Add New User') ?></h2>
 <?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'</p>'; ?>
 <form action="" method="post" name="adduser" id="adduser">
+  <?php wp_nonce_field('add-user') ?>
  <table class="editform" width="100%" cellspacing="2" cellpadding="5">
    <tr>
      <th scope="row" width="33%"><?php _e('Nickname') ?>
--- a/wp-admin/wp-admin.css
+++ b/wp-admin/wp-admin.css
@@ -848,6 +848,11 @@ table .vers, table .name {
 	padding-right: 2px;
 }

+#moremeta fieldset.dbx-box-closed {
+	background: url(images/box-butt.gif) no-repeat bottom;
+	padding-bottom: 9px;
+}
+
 /* handles */

 .dbx-handle  {
@@ -868,6 +873,55 @@ table .vers, table .name {
 	background: url(images/box-bg.gif) repeat-y right;
 }

+#advancedstuff h3.dbx-handle {
+	margin-left: 7px;
+	margin-bottom: -7px;
+	padding: 6px 1em 0 3px;
+	background: #2685af url(images/box-head-right.gif) no-repeat top right;
+}
+
+#advancedstuff div.dbx-handle-wrapper {
+	margin: 0 0 0 -7px;
+	background: #fff url(images/box-head-left.gif) no-repeat top left;
+}
+
+#advancedstuff div.dbx-content {
+	margin-left: 8px;
+	background: url(images/box-bg-right.gif) repeat-y right;
+	padding: 10px 10px 15px 0px;
+}
+
+#postexcerpt div.dbx-content {
+	margin-right: 0;
+	padding-right: 17px;
+}
+
+#advancedstuff div.dbx-content-wrapper {
+	margin-left: -7px;
+	margin-right: 0;
+	background: url(images/box-bg-left.gif) repeat-y left;
+}
+
+#advancedstuff fieldset.dbx-box {
+	padding-bottom: 9px;
+	margin-left: 6px;
+	background: url(images/box-butt-right.gif) no-repeat bottom right;
+}
+
+#advancedstuff div.dbx-box-wrapper {
+	background: url(images/box-butt-left.gif) no-repeat bottom left;
+}
+
+#advancedstuff .dbx-box-closed div.dbx-content-wrapper {
+	padding-bottom: 2px;
+	background: url(images/box-butt-left.gif) no-repeat bottom left;
+}
+
+#advancedstuff .dbx-box {
+	background: url(images/box-butt-right.gif) no-repeat bottom right;
+}
+
+
 /* handle cursors */
 .dbx-handle-cursor {
 	cursor: move;
@@ -902,12 +956,16 @@ a.dbx-toggle, a.dbx-toggle:visited {
 #advancedstuff a.dbx-toggle, #advancedstuff a.dbx-toggle-open:visited {
 	height: 22px;
 	width: 22px;
+	top: 3px;
+	right: 5px;
 	background-position: 0 -3px;
 }

 #advancedstuff a.dbx-toggle-open, #advancedstuff a.dbx-toggle-open:visited {
 	height: 22px;
 	width: 22px;
+	top: 3px;
+	right: 5px;
 	background-position: 0 -28px;
 }

--- a/wp-comments-post.php
+++ b/wp-comments-post.php
@@ -24,11 +24,11 @@ $comment_author_url   = trim($_POST['url']);
 $comment_content      = trim($_POST['comment']);

 // If the user is logged in
-get_currentuserinfo();
-if ( $user_ID ) :
-	$comment_author       = $wpdb->escape($user_identity);
-	$comment_author_email = $wpdb->escape($user_email);
-	$comment_author_url   = $wpdb->escape($user_url);
+$user = wp_get_current_user();
+if ( $user->ID ) :
+	$comment_author       = $wpdb->escape($user->display_name);
+	$comment_author_email = $wpdb->escape($user->user_email);
+	$comment_author_url   = $wpdb->escape($user->user_url);
 else :
 	if ( get_option('comment_registration') )
 		die( __('Sorry, you must be logged in to post a comment.') );
@@ -36,7 +36,7 @@ endif;

 $comment_type = '';

-if ( get_settings('require_name_email') && !$user_ID ) {
+if ( get_settings('require_name_email') && !$user->ID ) {
 	if ( 6 > strlen($comment_author_email) || '' == $comment_author )
 		die( __('Error: please fill the required fields (name, email).') );
 	elseif ( !is_email($comment_author_email))
@@ -48,16 +48,17 @@ if ( '' == $comment_content )

 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');

-wp_new_comment( $commentdata );
+$comment_id = wp_new_comment( $commentdata );

-if ( !$user_ID ) :
-	setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie('comment_author_url_' . COOKIEHASH, stripslashes($comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+if ( !$user->ID ) :
+	$comment = get_comment($comment_id);
+	setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+	setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+	setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
 endif;

 $location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; 

 wp_redirect( $location );

-?>
+?>
--- a/wp-content/plugins/wp-db-backup.php
+++ b/wp-content/plugins/wp-db-backup.php
@@ -36,13 +36,13 @@ class wpdbBackup {
 	}

 	function wpdbBackup() {
-				
 		add_action('wp_cron_daily', array(&$this, 'wp_cron_daily'));

 		$this->backup_dir = trailingslashit($this->backup_dir);
 		$this->basename = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', __FILE__);
 	
 		if (isset($_POST['do_backup'])) {
+			if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
 			switch($_POST['do_backup']) {
 			case 'backup':
 				$this->perform_backup();
@@ -52,8 +52,10 @@ class wpdbBackup {
 				break;				
 			}
 		} elseif (isset($_GET['fragment'] )) {
+			if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
 			add_action('init', array(&$this, 'init'));
 		} elseif (isset($_GET['backup'] )) {
+			if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
 			add_action('init', array(&$this, 'init'));
 		} else {
 			add_action('admin_menu', array(&$this, 'admin_menu'));
@@ -61,10 +63,7 @@ class wpdbBackup {
 	}
 	
 	function init() {
-		global $user_level;
-		get_currentuserinfo();
-
-		if ($user_level < 9) die(__('Need higher user level.'));
+		if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));

 		if (isset($_GET['backup'])) {
 			$via = isset($_GET['via']) ? $_GET['via'] : 'http';
@@ -307,7 +306,7 @@ class wpdbBackup {
 		
 		$core_tables = $_POST['core_tables'];
 		$this->backup_file = $this->db_backup($core_tables, $also_backup);
-		if (FALSE !== $backup_file) {
+		if (FALSE !== $this->backup_file) {
 			if ('smtp' == $_POST['deliver']) {
 				$this->deliver_backup ($this->backup_file, $_POST['deliver'], $_POST['backup_recipient']);
 			} elseif ('http' == $_POST['deliver']) {
@@ -321,11 +320,11 @@ class wpdbBackup {
 	
 	///////////////////////////////
 	function admin_menu() {
-		add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));
+		add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
 	}

 	function fragment_menu() {
-		add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));
+		add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
 	}

 	/////////////////////////////////////////////////////////
@@ -884,6 +883,14 @@ class wpdbBackup {
 	} // wp_cron_db_backup
 }

-$mywpdbbackup = new wpdbBackup();
+function wpdbBackup_init() {
+	global $mywpdbbackup;
+
+	if ( !current_user_can('import') ) return;
+
+	$mywpdbbackup = new wpdbBackup(); 	
+}
+
+add_action('plugins_loaded', 'wpdbBackup_init');

 ?>
--- a/wp-content/themes/classic/comments-popup.php
+++ b/wp-content/themes/classic/comments-popup.php
@@ -29,9 +29,8 @@ foreach ($posts as $post) { start_wp();

 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $commentstatus = get_post($id);
 if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) {  // and it doesn't match the cookie
--- a/wp-content/themes/default/archive.php
+++ b/wp-content/themes/default/archive.php
@@ -5,21 +5,21 @@
 		<?php if (have_posts()) : ?>

 		 <?php $post = $posts[0]; // Hack. Set $post so that the_date() works. ?>
-<?php /* If this is a category archive */ if (is_category()) { ?>				
+<?php /* If this is a category archive */ if (is_category()) { ?>
 		<h2 class="pagetitle">Archive for the '<?php echo single_cat_title(); ?>' Category</h2>
-		
+
 	  <?php /* If this is a daily archive */ } elseif (is_day()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('F jS, Y'); ?></h2>
-		
+
 	 <?php /* If this is a monthly archive */ } elseif (is_month()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('F, Y'); ?></h2>

 		<?php /* If this is a yearly archive */ } elseif (is_year()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('Y'); ?></h2>
-		
+
 	  <?php /* If this is a search */ } elseif (is_search()) { ?>
 		<h2 class="pagetitle">Search Results</h2>
-		
+
 	  <?php /* If this is an author archive */ } elseif (is_author()) { ?>
 		<h2 class="pagetitle">Author Archive</h2>

@@ -38,29 +38,29 @@
 		<div class="post">
 				<h3 id="post-<?php the_ID(); ?>"><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h3>
 				<small><?php the_time('l, F jS, Y') ?></small>
-				
+
 				<div class="entry">
 					<?php the_content() ?>
 				</div>
-		
+
 				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p> 

 			</div>
-	
+
 		<?php endwhile; ?>

 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
 		</div>
-	
+
 	<?php else : ?>

 		<h2 class="center">Not Found</h2>
 		<?php include (TEMPLATEPATH . '/searchform.php'); ?>

 	<?php endif; ?>
-		
+
 	</div>

 <?php get_sidebar(); ?>
--- a/wp-content/themes/default/archives.php
+++ b/wp-content/themes/default/archives.php
@@ -20,6 +20,6 @@ Template Name: Archives
     <?php wp_list_cats(); ?>
  </ul>

-</div>	
+</div>

 <?php get_footer(); ?>
--- a/wp-content/themes/default/attachment.php
+++ b/wp-content/themes/default/attachment.php
@@ -1,9 +1,9 @@
 <?php get_header(); ?>

 	<div id="content" class="widecolumn">
-				
+
  <?php if (have_posts()) : while (have_posts()) : the_post(); ?>
-	
+
 		<div class="navigation">
 			<div class="alignleft">&nbsp;</div>
 			<div class="alignright">&nbsp;</div>
@@ -12,13 +12,13 @@
 <?php $_post = &get_post($post->ID); $classname = ($_post->iconsize[0] <= 128 ? 'small' : '') . 'attachment'; // This lets us style narrow icons specially ?>
 		<div class="post" id="post-<?php the_ID(); ?>">
 			<h2><a href="<?php echo get_permalink($post->post_parent); ?>" rev="attachment"><?php echo get_the_title($post->post_parent); ?></a> &raquo; <a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2>
-			<div class="entrytext">
+			<div class="entry">
 				<p class="<?php echo $classname; ?>"><?php echo $attachment_link; ?><br /><?php echo basename($post->guid); ?></p>

 				<?php the_content('<p class="serif">Read the rest of this entry &raquo;</p>'); ?>
-	
+
 				<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-	
+
 				<p class="postmetadata alt">
 					<small>
 						This entry was posted
@@ -29,39 +29,39 @@
 						on <?php the_time('l, F jS, Y') ?> at <?php the_time() ?>
 						and is filed under <?php the_category(', ') ?>.
 						You can follow any responses to this entry through the <?php comments_rss_link('RSS 2.0'); ?> feed. 
-						
+
 						<?php if (('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Both Comments and Pings are open ?>
 							You can <a href="#respond">leave a response</a>, or <a href="<?php trackback_url(true); ?>" rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (!('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Only Pings are Open ?>
 							Responses are currently closed, but you can <a href="<?php trackback_url(true); ?> " rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Comments are open, Pings are not ?>
 							You can skip to the end and leave a response. Pinging is currently not allowed.
-			
+
 						<?php } elseif (!('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Neither Comments, nor Pings are open ?>
-							Both comments and pings are currently closed.			
-						
+							Both comments and pings are currently closed.
+
 						<?php } edit_post_link('Edit this entry.','',''); ?>
-						
+
 					</small>
 				</p>
-	
+
 			</div>
 		</div>
-		
+
 	<?php comments_template(); ?>
-	
+
 	<?php endwhile; else: ?>
-	
+
 		<p>Sorry, no attachments matched your criteria.</p>
-	
+
 <?php endif; ?>
-	
+
 	</div>

 <?php get_footer(); ?>
--- a/wp-content/themes/default/comments-popup.php
+++ b/wp-content/themes/default/comments-popup.php
@@ -29,9 +29,8 @@ foreach ($posts as $post) { start_wp();

 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $post = get_post($id);
 if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $post->post_password) {  // and it doesn't match the cookie
@@ -103,7 +102,7 @@ if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $pos
 <?php // Seen at http://www.mijnkopthee.nl/log2/archive/2003/05/28/esc(18) ?>
 <script type="text/javascript">
 <!--
-document.onkeypress = function esc(e) {	
+document.onkeypress = function esc(e) {
 	if(typeof(e) == "undefined") { e=event; }
 	if (e.keyCode == 27) { self.close(); }
 }
--- a/wp-content/themes/default/comments.php
+++ b/wp-content/themes/default/comments.php
@@ -5,9 +5,9 @@
        if (!empty($post->post_password)) { // if there's a password
            if ($_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) {  // and it doesn't match the cookie
 				?>
-				
+
 				<p class="nocomments">This post is password protected. Enter the password to view comments.<p>
-				
+
 				<?php
 				return;
            }
@@ -39,7 +39,7 @@

 		</li>

-	<?php /* Changes every other comment to a different class */	
+	<?php /* Changes every other comment to a different class */
 		if ('alt' == $oddcomment) $oddcomment = '';
 		else $oddcomment = 'alt';
 	?>
@@ -52,11 +52,11 @@

  <?php if ('open' == $post->comment_status) : ?> 
 		<!-- If comments are open, but there are no comments. -->
-		
+
 	 <?php else : // comments are closed ?>
 		<!-- If comments are closed. -->
 		<p class="nocomments">Comments are closed.</p>
-		
+
 	<?php endif; ?>
 <?php endif; ?>

--- a/wp-content/themes/default/footer.php
+++ b/wp-content/themes/default/footer.php
@@ -1,6 +1,7 @@

 <hr />
 <div id="footer">
+<!-- If you'd like to support WordPress, having the "powered by" link someone on your blog is the best way, it's our only promotion or advertising. -->
 	<p>
 		<?php bloginfo('name'); ?> is proudly powered by 
 		<a href="http://wordpress.org/">WordPress</a>
--- a/wp-content/themes/default/functions.php
+++ b/wp-content/themes/default/functions.php
@@ -57,7 +57,7 @@ function kubrick_header_color_string() {
 	$color = kubrick_header_color();
 	if ( false === $color )
 		return 'white';
-		
+
 	return $color;
 }

@@ -100,21 +100,21 @@ function kubrick_add_theme_page() {
 					}
 				}
 			} else {
-	
+
 				if ( isset($_REQUEST['headerimage']) ) {
 					if ( '' == $_REQUEST['headerimage'] )
 						delete_option('kubrick_header_image');
 					else
 						update_option('kubrick_header_image', $_REQUEST['headerimage']);
 				}
-	
+
 				if ( isset($_REQUEST['fontcolor']) ) {
 					if ( '' == $_REQUEST['fontcolor'] )
 						delete_option('kubrick_header_color');
 					else
 						update_option('kubrick_header_color', $_REQUEST['fontcolor']);
 				}
-	
+
 				if ( isset($_REQUEST['fontdisplay']) ) {
 					if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] )
 						delete_option('kubrick_header_display');
@@ -123,7 +123,7 @@ function kubrick_add_theme_page() {
 				}
 			}
 			//print_r($_REQUEST);
-			header("Location: themes.php?page=functions.php&saved=true");
+			wp_redirect("themes.php?page=functions.php&saved=true");
 			die;
 		}
 		add_action('admin_head', 'kubrick_theme_page_head');
@@ -135,6 +135,7 @@ function kubrick_theme_page_head() {
 ?>
 <script type="text/javascript" src="../wp-includes/js/colorpicker.js"></script>
 <script type='text/javascript'>
+// <![CDATA[
 	function pickColor(color) {
 		ColorPicker_targetInput.value = color;
 		kUpdate(ColorPicker_targetInput.id);
@@ -239,6 +240,7 @@ function kubrick_theme_page_head() {
 		document.getElementById('nonJsForm').style.display = 'none';
 	}
 	addLoadEvent(kInit);
+// ]]>
 </script>
 <style type='text/css'>
 	#headwrap {
@@ -268,7 +270,7 @@ function kubrick_theme_page_head() {
 		font-family: 'Lucida Grande', Verdana, Arial, Sans-Serif;
 		font-size: 1.2em;
 		text-align: center;
-	}	
+	}
 	#kubrick-header #header {
 		text-decoration: none;
 		color: <?php echo kubrick_header_color_string(); ?>;
@@ -351,13 +353,13 @@ function kubrick_theme_page() {
 		</div>
 		<br />
 		<div id="nonJsForm">
-			<form method="POST">
+			<form method="post" action="">
 				<div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div>
 				<label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo kubrick_header_color(); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />
 				<label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo kubrick_upper_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
 				<label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo kubrick_lower_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
 				<input type="hidden" name="hi" id="hi" value="<?php echo kubrick_header_image(); ?>" />
-				<label> </label><input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />
+				<input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />
 				<input type="submit" name="defaults" value="Use Defaults" />
 				<input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;Save&nbsp;&nbsp;" />
 				<input type="hidden" name="action" value="save" />
@@ -381,7 +383,7 @@ function kubrick_theme_page() {
 			</form>
 			<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
 			<div id="advanced">
-				<form id="jsAdvanced" style="display:none;">
+				<form id="jsAdvanced" style="display:none;" action="">
 					<label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo kubrick_header_color(); ?>" /><br />
 					<label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo kubrick_upper_color(); ?>" /><br />
 					<label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo kubrick_lower_color(); ?>" /><br />
--- a/wp-content/themes/default/header.php
+++ b/wp-content/themes/default/header.php
@@ -13,32 +13,16 @@
 <link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />

 <style type="text/css" media="screen">
-/*	To accomodate differing install paths of WordPress, images are referred only here,
-	and not in the wp-layout.css file. If you prefer to use only CSS for colors and what
-	not, then go right ahead and delete the following lines, and the image files. */
-		
-	body { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgcolor.jpg"); }	
-<?php /* Checks to see whether it needs a sidebar or not */ if ((! $withcomments) && (! is_single())) { ?>
+
+<?php 
+// Checks to see whether it needs a sidebar or not
+if ( !$withcomments && !is_single() ) { 
+?>
 	#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbg.jpg") repeat-y top; border: none; }
 <?php } else { // No sidebar ?>
 	#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgwide.jpg") repeat-y top; border: none; } 
 <?php } ?>
-	#header { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickheader.jpg") no-repeat bottom center; }
-	#footer { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickfooter.jpg") no-repeat bottom; border: none;}

-/*	Because the template is slightly different, size-wise, with images, this needs to be set here
-	If you don't want to use the template's images, you can also delete the following two lines. */
-		
-	#header 	{ margin: 0 !important; margin: 0 0 0 1px; padding: 1px; height: 198px; width: 758px; }
-	#headerimg 	{ margin: 7px 9px 0; height: 192px; width: 740px; } 
-
-/* 	To ease the insertion of a personal header image, I have done it in such a way,
-	that you simply drop in an image called 'personalheader.jpg' into your /images/
-	directory. Dimensions should be at least 760px x 200px. Anything above that will
-	get cropped off of the image. */
-	/*
-	#headerimg { background: url('<?php bloginfo('stylesheet_directory'); ?>/images/personalheader.jpg') no-repeat top;}
-	*/
 </style>

 <?php wp_head(); ?>
--- a/wp-content/themes/default/index.php
+++ b/wp-content/themes/default/index.php
@@ -3,27 +3,27 @@
 	<div id="content" class="narrowcolumn">

 	<?php if (have_posts()) : ?>
-		
+
 		<?php while (have_posts()) : the_post(); ?>
-				
+
 			<div class="post" id="post-<?php the_ID(); ?>">
 				<h2><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h2>
 				<small><?php the_time('F jS, Y') ?> <!-- by <?php the_author() ?> --></small>
-				
+
 				<div class="entry">
 					<?php the_content('Read the rest of this entry &raquo;'); ?>
 				</div>
-		
+
 				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
 			</div>
-	
+
 		<?php endwhile; ?>

 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
 		</div>
-		
+
 	<?php else : ?>

 		<h2 class="center">Not Found</h2>
--- a/wp-content/themes/default/links.php
+++ b/wp-content/themes/default/links.php
@@ -13,6 +13,6 @@ Template Name: Links
 <?php get_links_list(); ?>
 </ul>

-</div>	
+</div>

 <?php get_footer(); ?>
--- a/wp-content/themes/default/page.php
+++ b/wp-content/themes/default/page.php
@@ -5,11 +5,11 @@
    <?php if (have_posts()) : while (have_posts()) : the_post(); ?>
 		<div class="post" id="post-<?php the_ID(); ?>">
 		<h2><?php the_title(); ?></h2>
-			<div class="entrytext">
+			<div class="entry">
 				<?php the_content('<p class="serif">Read the rest of this page &raquo;</p>'); ?>
-	
+
 				<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-	
+
 			</div>
 		</div>
 	  <?php endwhile; endif; ?>
--- a/wp-content/themes/default/search.php
+++ b/wp-content/themes/default/search.php
@@ -5,7 +5,7 @@
 	<?php if (have_posts()) : ?>

 		<h2 class="pagetitle">Search Results</h2>
-		
+
 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
@@ -13,28 +13,28 @@


 		<?php while (have_posts()) : the_post(); ?>
-				
+
 			<div class="post">
 				<h3 id="post-<?php the_ID(); ?>"><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h3>
 				<small><?php the_time('l, F jS, Y') ?></small>
-		
+
 				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
 			</div>
-	
+
 		<?php endwhile; ?>

 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
 		</div>
-	
+
 	<?php else : ?>

 		<h2 class="center">No posts found. Try a different search?</h2>
 		<?php include (TEMPLATEPATH . '/searchform.php'); ?>

 	<?php endif; ?>
-		
+
 	</div>

 <?php get_sidebar(); ?>
--- a/wp-content/themes/default/sidebar.php
+++ b/wp-content/themes/default/sidebar.php
@@ -1,6 +1,6 @@
 	<div id="sidebar">
 		<ul>
-			
+
 			<li>
 				<?php include (TEMPLATEPATH . '/searchform.php'); ?>
 			</li>
@@ -15,11 +15,11 @@
 			<?php /* If this is a 404 page */ if (is_404()) { ?>
 			<?php /* If this is a category archive */ } elseif (is_category()) { ?>
 			<p>You are currently browsing the archives for the <?php single_cat_title(''); ?> category.</p>
-			
+
 			<?php /* If this is a yearly archive */ } elseif (is_day()) { ?>
 			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for the day <?php the_time('l, F jS, Y'); ?>.</p>
-			
+
 			<?php /* If this is a monthly archive */ } elseif (is_month()) { ?>
 			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for <?php the_time('F, Y'); ?>.</p>
@@ -27,7 +27,7 @@
      <?php /* If this is a yearly archive */ } elseif (is_year()) { ?>
 			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for the year <?php the_time('Y'); ?>.</p>
-			
+
 		 <?php /* If this is a monthly archive */ } elseif (is_search()) { ?>
 			<p>You have searched the <a href="<?php echo bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for <strong>'<?php echo wp_specialchars($s); ?>'</strong>. If you are unable to find anything in these search results, you can try one of these links.</p>
@@ -52,9 +52,9 @@
 				</ul>
 			</li>

-			<?php /* If this is the frontpage */ if ( is_home() || is_page() ) { ?>				
+			<?php /* If this is the frontpage */ if ( is_home() || is_page() ) { ?>
 				<?php get_links_list(); ?>
-				
+
 				<li><h2>Meta</h2>
 				<ul>
 					<?php wp_register(); ?>
@@ -66,7 +66,7 @@
 				</ul>
 				</li>
 			<?php } ?>
-			
+
 		</ul>
 	</div>

--- a/wp-content/themes/default/single.php
+++ b/wp-content/themes/default/single.php
@@ -1,22 +1,22 @@
 <?php get_header(); ?>

 	<div id="content" class="widecolumn">
-				
+
  <?php if (have_posts()) : while (have_posts()) : the_post(); ?>
-	
+
 		<div class="navigation">
 			<div class="alignleft"><?php previous_post_link('&laquo; %link') ?></div>
 			<div class="alignright"><?php next_post_link('%link &raquo;') ?></div>
 		</div>
-	
+
 		<div class="post" id="post-<?php the_ID(); ?>">
 			<h2><a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2>
-	
-			<div class="entrytext">
+
+			<div class="entry">
 				<?php the_content('<p class="serif">Read the rest of this entry &raquo;</p>'); ?>
-	
+
 				<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-	
+
 				<p class="postmetadata alt">
 					<small>
 						This entry was posted
@@ -27,39 +27,39 @@
 						on <?php the_time('l, F jS, Y') ?> at <?php the_time() ?>
 						and is filed under <?php the_category(', ') ?>.
 						You can follow any responses to this entry through the <?php comments_rss_link('RSS 2.0'); ?> feed. 
-						
+
 						<?php if (('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Both Comments and Pings are open ?>
 							You can <a href="#respond">leave a response</a>, or <a href="<?php trackback_url(true); ?>" rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (!('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Only Pings are Open ?>
 							Responses are currently closed, but you can <a href="<?php trackback_url(true); ?> " rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Comments are open, Pings are not ?>
 							You can skip to the end and leave a response. Pinging is currently not allowed.
-			
+
 						<?php } elseif (!('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Neither Comments, nor Pings are open ?>
-							Both comments and pings are currently closed.			
-						
+							Both comments and pings are currently closed.
+
 						<?php } edit_post_link('Edit this entry.','',''); ?>
-						
+
 					</small>
 				</p>
-	
+
 			</div>
 		</div>
-		
+
 	<?php comments_template(); ?>
-	
+
 	<?php endwhile; else: ?>
-	
+
 		<p>Sorry, no posts matched your criteria.</p>
-	
+
 <?php endif; ?>
-	
+
 	</div>

 <?php get_footer(); ?>
--- a/wp-content/themes/default/style.css
+++ b/wp-content/themes/default/style.css
@@ -2,7 +2,7 @@
 Theme Name: WordPress Default
 Theme URI: http://wordpress.org/
 Description: The default WordPress theme based on the famous <a href="http://binarybonsai.com/kubrick/">Kubrick</a>.
-Version: 1.5
+Version: 1.6
 Author: Michael Heilemann
 Author URI: http://binarybonsai.com/

@@ -14,13 +14,7 @@ Author URI: http://binarybonsai.com/

 	The CSS, XHTML and design is released under GPL:
 	http://www.opensource.org/licenses/gpl-license.php
-	

-	*** REGARDING IMAGES ***
-	All CSS that involves the use of images, can be found in the 'index.php' file.
-	This is to ease installation inside subdirectories of a server.
-
-	Have fun, and don't be afraid to contact me if you have questions.
 */


@@ -29,7 +23,7 @@ Author URI: http://binarybonsai.com/
 body {
 	font-size: 62.5%; /* Resets 1em to 10px */
 	font-family: 'Lucida Grande', Verdana, Arial, Sans-Serif;
-	background-color: #d5d6d7;
+	background: #d5d6d7 url('images/kubrickbgcolor.jpg');
 	color: #333;
 	text-align: center;
 	}
@@ -41,9 +35,15 @@ body {
 	}

 #header {
-	background-color: #73a0c5;
+	background: #73a0c5 url('images/kubrickheader.jpg') no-repeat bottom center;
 	}

+#headerimg 	{ 
+	margin: 7px 9px 0; 
+	height: 192px; 
+	width: 740px; 
+	} 
+
 #content {
 	font-size: 1.2em
 	}
@@ -59,7 +59,7 @@ body {
 .widecolumn {
 	line-height: 1.6em;
 	}
-	
+
 .narrowcolumn .postmetadata {
 	text-align: center;
 	}
@@ -71,7 +71,8 @@ body {
 	}

 #footer {
-	background-color: #eee;
+	background: #eee url('images/kubrickfooter.jpg') no-repeat top; 
+	border: none;
 	}

 small {
@@ -132,7 +133,7 @@ h2, h2 a, h2 a:hover, h2 a:visited, h3, h3 a, h3 a:hover, h3 a:visited, #sidebar
 .commentlist li, #commentform input, #commentform textarea {
 	font: 0.9em 'Lucida Grande', Verdana, Arial, Sans-Serif;
 	}
-	
+
 .commentlist li {
 	font-weight: bold;
 	}
@@ -164,7 +165,7 @@ h2, h2 a, h2 a:hover, h2 a:visited, h3, h3 a, h3 a:hover, h3 a:visited, #sidebar
 small, #sidebar ul ul li, #sidebar ul ol li, .nocomments, .postmetadata, blockquote, strike {
 	color: #777;
 	}
-	
+
 code {
 	font: 1.1em 'Courier New', Courier, Fixed;
 	}
@@ -184,7 +185,7 @@ a:hover {
 	color: #147;
 	text-decoration: underline;
 	}
-	
+
 #wp-calendar #prev a {
 	font-size: 9pt;
 	}
@@ -208,7 +209,7 @@ a:hover {

 /* Begin Structure */
 body {
-	margin: 0;
+	margin: 0 0 20px 0;
 	padding: 0; 
 	}

@@ -219,13 +220,13 @@ body {
 	width: 760px;
 	border: 1px solid #959596;
 	}
-	
+
 #header {
-	padding: 0;
-	margin: 0 auto;
-	height: 200px;
-	width: 100%;
 	background-color: #73a0c5;
+	margin: 0 0 0 1px; 
+	padding: 0; 
+	height: 200px; 
+	width: 758px;
 	}

 #headerimg {
@@ -246,7 +247,7 @@ body {
 	margin: 5px 0 0 150px;
 	width: 450px;
 	}
-	
+
 .post {
 	margin: 0 0 40px;
 	text-align: justify;
@@ -281,7 +282,7 @@ body {
 }

 #footer {
-	padding: 0 0 0 1px;
+	padding: 0;
 	margin: 0 auto;
 	width: 760px;
 	clear: both;
@@ -339,13 +340,13 @@ p img {
 	thought?!) align the image to the right. And using 'class="centered',
 	will of course center the image. This is much better than using
 	align="center", being much more futureproof (and valid) */
-	
+
 img.centered {
 	display: block;
 	margin-left: auto;
 	margin-right: auto;
 	}
-	
+
 img.alignright {
 	padding: 4px;
 	margin: 0 0 2px 7px;
@@ -361,7 +362,7 @@ img.alignleft {
 .alignright {
 	float: right;
 	}
-	
+
 .alignleft {
 	float: left
 	}
@@ -405,7 +406,7 @@ html>body .entry li {
 	list-style-type: none;
 	list-style-image: none;
 	}
-	
+
 #sidebar ul, #sidebar ul ol {
 	margin: 0;
 	padding: 0;
@@ -449,7 +450,7 @@ ol li, #sidebar ul ol li {
 	}

 #sidebar #searchform #s {
-	width: 115px;
+	width: 108px;
 	padding: 2px;
 	}

--- a/wp-includes/cache.php
+++ b/wp-includes/cache.php
@@ -47,8 +47,8 @@ function wp_cache_set($key, $data, $flag = '', $expire = 0) {
 	return $wp_object_cache->set($key, $data, $flag, $expire);
 }

-define('CACHE_SERIAL_HEADER', "<?php\n//");
-define('CACHE_SERIAL_FOOTER', "\n?".">");
+define('CACHE_SERIAL_HEADER', "<?php\n/*");
+define('CACHE_SERIAL_FOOTER', "*/\n?".">");

 class WP_Object_Cache {
 	var $cache_dir;
@@ -64,6 +64,7 @@ class WP_Object_Cache {
 	var $cold_cache_hits = 0;
 	var $warm_cache_hits = 0;
 	var $cache_misses = 0;
+	var $secret = '';

 	function acquire_lock() {
 		// Acquire a write lock. 
@@ -103,7 +104,7 @@ class WP_Object_Cache {

 		if ( ! $this->acquire_lock() )
 			return false;
-		
+
 		$this->rm_cache_dir();
 		$this->cache = array ();
 		$this->dirty_objects = array ();
@@ -142,7 +143,7 @@ class WP_Object_Cache {
 			return false;
 		}

-		$cache_file = $this->cache_dir.$this->get_group_dir($group)."/".md5($id.DB_PASSWORD).'.php';
+		$cache_file = $this->cache_dir.$this->get_group_dir($group)."/".$this->hash($id).'.php';
 		if (!file_exists($cache_file)) {
 			$this->non_existant_objects[$group][$id] = true;
 			$this->cache_misses += 1;
@@ -158,7 +159,7 @@ class WP_Object_Cache {
 			return false;
 		}

-		$this->cache[$group][$id] = unserialize(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER)));
+		$this->cache[$group][$id] = unserialize(base64_decode(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER))));
 		if (false === $this->cache[$group][$id])
 			$this->cache[$group][$id] = '';

@@ -173,6 +174,14 @@ class WP_Object_Cache {
 		return "{$this->blog_id}/$group";
 	}

+	function hash($data) {
+		if ( function_exists('hash_hmac') ) {
+			return hash_hmac('md5', $data, $this->secret);
+		} else {
+			return md5($data . $this->secret);
+		}
+	}
+
 	function load_group_from_db($group) {
 		global $wpdb;

@@ -332,7 +341,7 @@ class WP_Object_Cache {

 			$ids = array_unique($ids);
 			foreach ($ids as $id) {
-				$cache_file = $group_dir.md5($id.DB_PASSWORD).'.php';
+				$cache_file = $group_dir.$this->hash($id).'.php';

 				// Remove the cache file if the key is not set.
 				if (!isset ($this->cache[$group][$id])) {
@@ -342,7 +351,7 @@ class WP_Object_Cache {
 				}

 				$temp_file = tempnam($group_dir, 'tmp');
-				$serial = CACHE_SERIAL_HEADER.serialize($this->cache[$group][$id]).CACHE_SERIAL_FOOTER;
+				$serial = CACHE_SERIAL_HEADER.base64_encode(serialize($this->cache[$group][$id])).CACHE_SERIAL_FOOTER;
 				$fd = @fopen($temp_file, 'w');
 				if ( false === $fd ) {
 					$errors++;
@@ -400,6 +409,9 @@ class WP_Object_Cache {
 		if (defined('DISABLE_CACHE'))
 			return;

+		if ( ! defined('ENABLE_CACHE') )
+			return;
+
 		// Disable the persistent cache if safe_mode is on.
 		if ( ini_get('safe_mode') && ! defined('ENABLE_CACHE') )
 			return;
@@ -421,7 +433,12 @@ class WP_Object_Cache {
 		if (defined('CACHE_EXPIRATION_TIME'))
 			$this->expiration_time = CACHE_EXPIRATION_TIME;

-		$this->blog_id = md5($blog_id);
+		if ( defined('WP_SECRET') )
+			$this->secret = WP_SECRET;
+		else
+			$this->secret = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
+
+		$this->blog_id = $this->hash($blog_id);
 	}
 }
 ?>
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -309,7 +309,7 @@ function map_meta_cap($cap, $user_id) {

 // Capability checking wrapper around the global $current_user object.
 function current_user_can($capability) {
-	global $current_user;
+	$current_user = wp_get_current_user();

 	$args = array_slice(func_get_args(), 1);
 	$args = array_merge(array($capability), $args);
--- a/wp-includes/class-snoopy.php
+++ b/wp-includes/class-snoopy.php
@@ -78,7 +78,7 @@ class Snoopy
 	var $error			=	"";					// error messages sent here
 	var	$response_code	=	"";					// response code returned from server
 	var	$headers		=	array();			// headers returned from server sent here
-	var	$maxlength		=	500000;				// max return data length (body)
+	var	$maxlength		=	8192;				// max return data length (body)
 	var $read_timeout	=	0;					// timeout on read operations, in seconds
 												// supported only since PHP 4 Beta 4
 												// set to 0 to disallow timeouts
@@ -720,13 +720,13 @@ class Snoopy
 							chr(176),
 							chr(39),
 							chr(128),
-							"<EFBFBD>",
-							"<EFBFBD>",
-							"<EFBFBD>",
-							"<EFBFBD>",
-							"<EFBFBD>",
-							"<EFBFBD>",
-							"<EFBFBD>",
+							"ä",
+							"ö",
+							"ü",
+							"Ä",
+							"Ö",
+							"Ü",
+							"ß",
 						);
 					
 		$text = preg_replace($search,$replace,$document);
@@ -1238,7 +1238,9 @@ class Snoopy
 						if (!is_readable($file_name)) continue;

 						$fp = fopen($file_name, "r");
-						$file_content = fread($fp, filesize($file_name));
+						while (!feof($fp)) {
+							$file_content = fread($fp, filesize($file_name));
+						}
 						fclose($fp);
 						$base_name = basename($file_name);

--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -305,6 +305,7 @@ class WP_Query {
 		if (isset($q['page'])) {
 			$q['page'] = trim($q['page'], '/');
 			$q['page'] = (int) $q['page'];
+			$q['page'] = abs($q['page']);
 		}
 	
 		$add_hours = intval(get_settings('gmt_offset'));
@@ -616,16 +617,22 @@ class WP_Query {
 		$join = apply_filters('posts_join', $join);

 		// Paging
-		if (empty($q['nopaging']) && ! $this->is_single) {
-			$page = $q['paged'];
+		if (empty($q['nopaging']) && ! $this->is_single && ! $this->is_page) {
+			$page = abs(intval($q['paged']));
 			if (empty($page)) {
 				$page = 1;
 			}

 			if (($q['what_to_show'] == 'posts')) {
-				$pgstrt = '';
-				$pgstrt = (intval($page) -1) * $q['posts_per_page'] . ', ';
-				$limits = 'LIMIT '.$pgstrt.$q['posts_per_page'];
+				$q['offset'] = abs(intval($q['offset']));
+				if ( empty($q['offset']) ) {
+					$pgstrt = '';
+					$pgstrt = (intval($page) -1) * $q['posts_per_page'] . ', ';
+					$limits = 'LIMIT '.$pgstrt.$q['posts_per_page'];
+				} else { // we're ignoring $page and using 'offset'
+					$pgstrt = $q['offset'] . ', ';
+					$limits = 'LIMIT ' . $pgstrt . $q['posts_per_page'];
+				}
 			} elseif ($q['what_to_show'] == 'days') {
 				$startrow = $q['posts_per_page'] * (intval($page)-1);
 				$start_date = $wpdb->get_var("SELECT max(post_date) FROM $wpdb->posts $join WHERE (1=1) $where GROUP BY year(post_date), month(post_date), dayofmonth(post_date) ORDER BY post_date DESC LIMIT $startrow,1");
@@ -654,7 +661,7 @@ class WP_Query {
 		$this->posts = $wpdb->get_results($this->request);

 		// Check post status to determine if post should be displayed.
-		if ($this->is_single) {
+		if ( !empty($this->posts) && $this->is_single ) {
 			$status = get_post_status($this->posts[0]);
 			if ( ('publish' != $status) && ('static' != $status) ) {
 				if ( ! (isset($user_ID) && ('' != intval($user_ID))) ) {
@@ -826,7 +833,7 @@ class retrospam_mgr {
 					if ( empty( $word ) )
 						continue;
 					$fulltext = strtolower($comment->email.' '.$comment->url.' '.$comment->ip.' '.$comment->text);
-					if( strpos( $fulltext, strtolower($word) ) != FALSE ) {
+					if( false !== strpos( $fulltext, strtolower($word) ) ) {
 						$this->found_comments[] = $comment->ID;
 						break;
 					}
@@ -1321,7 +1328,7 @@ class WP_Rewrite {
 		$root_rewrite = apply_filters('root_rewrite_rules', $root_rewrite);

 		// Comments
-		$comments_rewrite = $this->generate_rewrite_rules($this->root . $this->comments_base, true, true, true);
+		$comments_rewrite = $this->generate_rewrite_rules($this->root . $this->comments_base, true, true, true, false);
 		$comments_rewrite = apply_filters('comments_rewrite_rules', $comments_rewrite);

 		// Search
@@ -1604,12 +1611,12 @@ class WP {
 	}

 	function send_headers() {
-		global $current_user;
 		@header('X-Pingback: '. get_bloginfo('pingback_url'));
 		if ( is_user_logged_in() )
 			nocache_headers();
 		if ( !empty($this->query_vars['error']) && '404' == $this->query_vars['error'] ) {
 			status_header( 404 );
+			@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
 		} else if ( empty($this->query_vars['feed']) ) {
 			@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
 		} else {
@@ -1681,7 +1688,7 @@ class WP {
 	}

 	function init() {
-		get_currentuserinfo();
+		wp_get_current_user();
 	}

 	function query_posts() {
--- a/wp-includes/comment-functions.php
+++ b/wp-includes/comment-functions.php
@@ -5,11 +5,14 @@
 function comments_template( $file = '/comments.php' ) {
 	global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;

-	if ( is_single() || is_page() || $withcomments ) :
-		$req = get_settings('require_name_email');
-		$comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : '';
-		$comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : '';
-		$comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : '';
+	if ( ! (is_single() || is_page() || $withcomments) )
+		return;
+
+	$req = get_settings('require_name_email');
+	$commenter = wp_get_current_commenter();
+	extract($commenter);
+
+	// TODO: Use API instead of SELECTs.
 	if ( empty($comment_author) ) {
 		$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
 	} else {
@@ -18,16 +21,12 @@ function comments_template( $file = '/comments.php' ) {
 		$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date");
 	}

-	get_currentuserinfo();
-
 	define('COMMENTS_TEMPLATE', true);
 	$include = apply_filters('comments_template', TEMPLATEPATH . $file );
 	if ( file_exists( $include ) )
 		require( $include );
 	else
 		require( ABSPATH . 'wp-content/themes/default/comments.php');
-
-	endif;
 }

 function wp_new_comment( $commentdata ) {
@@ -169,6 +168,8 @@ function wp_update_comment($commentarr) {
 	// Merge old and new fields with new fields overwriting old ones.
 	$commentarr = array_merge($comment, $commentarr);

+	$commentarr = wp_filter_comment( $commentarr );
+
 	// Now extract the merged array.
 	extract($commentarr);

@@ -205,8 +206,10 @@ function wp_delete_comment($comment_id) {
 		return false;

 	$post_id = $comment->comment_post_ID;
-	if ( $post_id && $comment->comment_approved == 1 )
-		$wpdb->query( "UPDATE $wpdb->posts SET comment_count = comment_count - 1 WHERE ID = '$post_id'" );
+	if ( $post_id && $comment->comment_approved == 1 ) {
+		$count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1'");
+		$wpdb->query( "UPDATE $wpdb->posts SET comment_count = $count WHERE ID = '$post_id'" );
+	}

 	do_action('wp_set_comment_status', $comment_id, 'delete');
 	return true;
@@ -312,7 +315,8 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com
 		if (!empty($CSSclass)) {
 			echo ' class="'.$CSSclass.'"';
 		}
-		echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">';
+		$title = wp_specialchars(apply_filters('the_title', get_the_title()), true);
+		echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">';
 		comments_number($zero, $one, $more, $number);
 		echo '</a>';
 	}
@@ -884,7 +888,50 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $

 function get_approved_comments($post_id) {
 	global $wpdb;
+
+	$post_id = (int) $post_id;
 	return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date");
 }

+function sanitize_comment_cookies() {
+	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
+		$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
+		$comment_author = stripslashes($comment_author);
+		$comment_author = wp_specialchars($comment_author, true);
+		$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
+	}
+
+	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
+		$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
+		$comment_author_email = stripslashes($comment_author_email);
+		$comment_author_email = wp_specialchars($comment_author_email, true);	
+		$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
+	}
+
+	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
+		$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
+		$comment_author_url = stripslashes($comment_author_url);
+		$comment_author_url = wp_specialchars($comment_author_url, true);
+		$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
+	}
+}
+
+function wp_get_current_commenter() {
+	// Cookies should already be sanitized.
+
+	$comment_author = '';
+	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) )
+		$comment_author = $_COOKIE['comment_author_'.COOKIEHASH];
+
+	$comment_author_email = '';
+	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) )
+		$comment_author_email = $_COOKIE['comment_author_email_'.COOKIEHASH];
+
+	$comment_author_url = '';
+	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) )
+		$comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH];
+
+	return compact('comment_author', 'comment_author_email', 'comment_author_url');
+}
+
 ?>
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@@ -44,11 +44,44 @@ add_filter('comment_url', 'clean_url');

 add_filter('comment_text', 'convert_chars');
 add_filter('comment_text', 'make_clickable');
+add_filter('comment_text', 'force_balance_tags', 25);
 add_filter('comment_text', 'wpautop', 30);
 add_filter('comment_text', 'convert_smilies', 20);

 add_filter('comment_excerpt', 'convert_chars');

+// Categories
+add_filter('pre_category_name', 'strip_tags');
+add_filter('pre_category_name', 'trim');
+add_filter('pre_category_name', 'wp_filter_kses');
+add_filter('pre_category_name', 'wp_specialchars', 30);
+add_filter('pre_category_description', 'wp_filter_kses');
+
+// Users
+add_filter('pre_user_display_name', 'strip_tags');
+add_filter('pre_user_display_name', 'trim');
+add_filter('pre_user_display_name', 'wp_filter_kses');
+add_filter('pre_user_display_name', 'wp_specialchars', 30);
+add_filter('pre_user_first_name', 'strip_tags');
+add_filter('pre_user_first_name', 'trim');
+add_filter('pre_user_first_name', 'wp_filter_kses');
+add_filter('pre_user_first_name', 'wp_specialchars', 30);
+add_filter('pre_user_last_name', 'strip_tags');
+add_filter('pre_user_last_name', 'trim');
+add_filter('pre_user_last_name', 'wp_filter_kses');
+add_filter('pre_user_last_name', 'wp_specialchars', 30);
+add_filter('pre_user_nickname', 'strip_tags');
+add_filter('pre_user_nickname', 'trim');
+add_filter('pre_user_nickname', 'wp_filter_kses');
+add_filter('pre_user_nickname', 'wp_specialchars', 30);
+add_filter('pre_user_description', 'trim');
+add_filter('pre_user_description', 'wp_filter_kses');
+add_filter('pre_user_url', 'strip_tags');
+add_filter('pre_user_url', 'trim');
+add_filter('pre_user_url', 'clean_url');
+add_filter('pre_user_email', 'trim');
+add_filter('pre_user_email', 'sanitize_email');
+
 // Places to balance tags on input
 add_filter('content_save_pre', 'balanceTags', 50);
 add_filter('excerpt_save_pre', 'balanceTags', 50);
@@ -72,11 +105,12 @@ add_filter('sanitize_title', 'sanitize_title_with_dashes');
 // RSS filters
 add_filter('the_title_rss', 'strip_tags');
 add_filter('the_title_rss', 'ent2ncr', 8);
+add_filter('the_title_rss', 'wp_specialchars');
 add_filter('the_content_rss', 'ent2ncr', 8);
 add_filter('the_excerpt_rss', 'convert_chars');
 add_filter('the_excerpt_rss', 'ent2ncr', 8);
 add_filter('comment_author_rss', 'ent2ncr', 8);
-add_filter('comment_text_rss', 'htmlspecialchars');
+add_filter('comment_text_rss', 'wp_specialchars');
 add_filter('comment_text_rss', 'ent2ncr', 8);
 add_filter('bloginfo_rss', 'ent2ncr', 8);
 add_filter('the_author', 'ent2ncr', 8);
@@ -84,5 +118,6 @@ add_filter('the_author', 'ent2ncr', 8);
 // Actions
 add_action('publish_post', 'generic_ping');
 add_action('wp_head', 'rsd_link');
+add_action('sanitize_comment_cookies', 'sanitize_comment_cookies');

-?>
+?>
--- a/wp-includes/functions-compat.php
+++ b/wp-includes/functions-compat.php
@@ -97,4 +97,17 @@ if (!function_exists('array_change_key_case')) {
    }
 }

+// From php.net
+if(!function_exists('http_build_query')) {
+   function http_build_query( $formdata, $numeric_prefix = null, $key = null ) {
+       $res = array();
+       foreach ((array)$formdata as $k=>$v) {
+           $tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k);
+           if ($key) $tmp_key = $key.'['.$tmp_key.']';
+           $res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) );
+       }
+       $separator = ini_get('arg_separator.output');
+       return implode($separator, $res);
+   }
+}
 ?>
--- a/wp-includes/functions-formatting.php
+++ b/wp-includes/functions-formatting.php
@@ -41,7 +41,7 @@ function wptexturize($text) {
 		} else {
 			$next = true;
 		}
-		$curl = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&#038;$1', $curl);
+		$curl = preg_replace('/&([^#])(?![a-zA-Z1-4]{1,8};)/', '&#038;$1', $curl);
 		$output .= $curl;
 	}
 	return $output;
@@ -98,10 +98,14 @@ function seems_utf8($Str) { # by bmorel at ssi dot fr

 function wp_specialchars( $text, $quotes = 0 ) {
 	// Like htmlspecialchars except don't double-encode HTML entities
-	$text = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&#038;$1', $text);-
+	$text = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&#038;$1', $text);
 	$text = str_replace('<', '&lt;', $text);
 	$text = str_replace('>', '&gt;', $text);
-	if ( $quotes ) {
+	if ( 'double' === $quotes ) {
+		$text = str_replace('"', '&quot;', $text);
+	} elseif ( 'single' === $quotes ) {
+		$text = str_replace("'", '&#039;', $text);
+	} elseif ( $quotes ) {
 		$text = str_replace('"', '&quot;', $text);
 		$text = str_replace("'", '&#039;', $text);
 	}
@@ -141,6 +145,9 @@ function utf8_uri_encode( $utf8_string ) {
 }

 function remove_accents($string) {
+	if ( !preg_match('/[\x80-\xff]/', $string) )
+		return $string;
+
 	if (seems_utf8($string)) {
 		$chars = array(
 		// Decompositions for Latin-1 Supplement
@@ -274,7 +281,7 @@ function sanitize_user( $username, $strict = false ) {

 	// If strict, reduce to ASCII for max portability.
 	if ( $strict )
-		$username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username);
+		$username = preg_replace('|[^a-z0-9 _.\-@]|i', '', $username);

 	return apply_filters('sanitize_user', $username, $raw_username, $strict);
 }
@@ -501,6 +508,9 @@ function balanceTags($text, $is_comment = 0) {
 	return $newtext;
 }

+function force_balance_tags($text) {
+	return balanceTags($text, 0, true);
+}

 function format_to_edit($content, $richedit = false) {
 	$content = apply_filters('format_to_edit', $content);
@@ -517,10 +527,11 @@ function format_to_post($content) {

 function zeroise($number,$threshold) { // function to add leading zeros when necessary
 	return sprintf('%0'.$threshold.'s', $number);
-	}
+}


 function backslashit($string) {
+	$string = preg_replace('/^([0-9])/', '\\\\\\\\\1', $string);
 	$string = preg_replace('/([a-z])/i', '\\\\\1', $string);
 	return $string;
 }
@@ -570,10 +581,11 @@ function antispambot($emailaddy, $mailto=0) {
 }

 function make_clickable($ret) {
-	$ret = ' ' . $ret . ' ';
-	$ret = preg_replace("#([\s>])(https?)://([^\s<>{}()]+[^\s.,<>{}()])#i", "$1<a href='$2://$3' rel='nofollow'>$2://$3</a>", $ret);
-	$ret = preg_replace("#(\s)www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^ <>{}()\n\r]*[^., <>{}()\n\r]?)?)#i", "$1<a href='http://www.$2.$3$4' rel='nofollow'>www.$2.$3$4</a>", $ret);
-	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([a-z0-9\-_.]+)\.([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3.$4\">$2@$3.$4</a>", $ret);
+	$ret = ' ' . $ret;
+	$ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='$2' rel='nofollow'>$2</a>", $ret);
+	$ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='http://$2' rel='nofollow'>$2</a>", $ret);
+	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3\">$2@$3</a>", $ret);
+	$ret = substr($ret, 1);
 	$ret = trim($ret);
 	return $ret;
 }
@@ -997,10 +1009,7 @@ function ent2ncr($text) {
 		'&diams;' => '&#9830;'
 	);

-	foreach ($to_ncr as $entity => $ncr) {
-		$text = str_replace($entity, $ncr, $text);
-	}
-	return $text;
+	return str_replace( array_keys($to_ncr), array_values($to_ncr), $text );
 }

 function wp_richedit_pre($text) {
@@ -1018,4 +1027,10 @@ function wp_richedit_pre($text) {
 	return apply_filters('richedit_pre', $output);
 }

+// Escape single quotes, specialchar double quotes, and fix line endings.
+function js_escape($text) {
+	$text = wp_specialchars($text, 'double');
+	$text = str_replace('&#039;', "'", $text);
+	return preg_replace("/\r?\n/", "\\n", addslashes($text));
+}
 ?>
--- a/wp-includes/functions-post.php
+++ b/wp-includes/functions-post.php
@@ -352,7 +352,7 @@ function wp_delete_attachment($postid) {
 	global $wpdb;
 	$postid = (int) $postid;

-	if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
+	if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
 		return $post;

 	if ( 'attachment' != $post->post_status )
@@ -361,17 +361,17 @@ function wp_delete_attachment($postid) {
 	$meta = get_post_meta($postid, '_wp_attachment_metadata', true);
 	$file = get_post_meta($postid, '_wp_attached_file', true);

-	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
+	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");

-	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
+	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");

-	$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
+	$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");

-	$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
+	$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");

 	if ( ! empty($meta['thumb']) ) {
 		// Don't delete the thumb if another attachment uses it
-		if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid"))
+		if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
 			@ unlink(str_replace(basename($file), $meta['thumb'], $file));
 	}

@@ -456,9 +456,11 @@ function wp_update_post($postarr = array()) {
 function wp_get_post_cats($blogid = '1', $post_ID = 0) {
 	global $wpdb;
 	
+	$post_ID = (int) $post_ID;
+
 	$sql = "SELECT category_id 
 		FROM $wpdb->post2cat 
-		WHERE post_id = $post_ID 
+		WHERE post_id = '$post_ID' 
 		ORDER BY category_id";

 	$result = $wpdb->get_col($sql);
@@ -682,7 +684,7 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age
 function wp_proxy_check($ipnum) {
 	if ( get_option('open_proxy_check') && isset($ipnum) ) {
 		$rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) );
-		$lookup = $rev_ip . '.opm.blitzed.org.';
+		$lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
 		if ( $lookup != gethostbyname( $lookup ) )
 			return true;
 	}
@@ -915,7 +917,11 @@ function wp_upload_dir() {

 function wp_upload_bits($name, $type, $bits) {
 	if ( empty($name) )
-		return array('error' => "Empty filename");
+		return array('error' => __("Empty filename"));
+
+	$wp_filetype = wp_check_filetype($name);
+	if ( !$wp_filetype['ext'] )
+		return array('error' => __("Invalid file type"));

 	$upload = wp_upload_dir();
 	
@@ -961,4 +967,59 @@ function wp_upload_bits($name, $type, $bits) {
 	return array('file' => $new_file, 'url' => $url, 'error' => false);
 }

+function wp_check_filetype($filename, $mimes = null) {
+	// Accepted MIME types are set here as PCRE unless provided.
+	$mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array (
+		'jpg|jpeg|jpe' => 'image/jpeg',
+		'gif' => 'image/gif',
+		'png' => 'image/png',
+		'bmp' => 'image/bmp',
+		'tif|tiff' => 'image/tiff',
+		'ico' => 'image/x-icon',
+		'asf|asx|wax|wmv|wmx' => 'video/asf',
+		'avi' => 'video/avi',
+		'mov|qt' => 'video/quicktime',
+		'mpeg|mpg|mpe' => 'video/mpeg',
+		'txt|c|cc|h' => 'text/plain',
+		'rtx' => 'text/richtext',
+		'css' => 'text/css',
+		'htm|html' => 'text/html',
+		'mp3|mp4' => 'audio/mpeg',
+		'ra|ram' => 'audio/x-realaudio',
+		'wav' => 'audio/wav',
+		'ogg' => 'audio/ogg',
+		'mid|midi' => 'audio/midi',
+		'wma' => 'audio/wma',
+		'rtf' => 'application/rtf',
+		'js' => 'application/javascript',
+		'pdf' => 'application/pdf',
+		'doc' => 'application/msword',
+		'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
+		'wri' => 'application/vnd.ms-write',
+		'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
+		'mdb' => 'application/vnd.ms-access',
+		'mpp' => 'application/vnd.ms-project',
+		'swf' => 'application/x-shockwave-flash',
+		'class' => 'application/java',
+		'tar' => 'application/x-tar',
+		'zip' => 'application/zip',
+		'gz|gzip' => 'application/x-gzip',
+		'exe' => 'application/x-msdownload'
+	));
+
+	$type = false;
+	$ext = false;
+
+	foreach ($mimes as $ext_preg => $mime_match) {
+		$ext_preg = '!\.(' . $ext_preg . ')$!i';
+		if ( preg_match($ext_preg, $filename, $ext_matches) ) {
+			$type = $mime_match;
+			$ext = $ext_matches[1];
+			break;
+		}
+	}
+
+	return compact('ext', 'type');
+}
+
 ?>
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -305,10 +305,10 @@ function get_option($option) {
 }

 function get_user_option( $option, $user = 0 ) {
-	global $wpdb, $current_user;
+	global $wpdb;
 	
 	if ( empty($user) )
-		$user = $current_user;
+		$user = wp_get_current_user();
 	else
 		$user = get_userdata($user);

@@ -364,6 +364,7 @@ function update_option($option_name, $newvalue) {
 		return true;
 	}

+	$_newvalue = $newvalue;
 	if ( is_array($newvalue) || is_object($newvalue) )
 		$newvalue = serialize($newvalue);

@@ -373,7 +374,7 @@ function update_option($option_name, $newvalue) {
 	$option_name = $wpdb->escape($option_name);
 	$wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'");
 	if ( $wpdb->rows_affected == 1 ) {
-		do_action("update_option_{$option_name}", $oldvalue, $newvalue);
+		do_action("update_option_{$option_name}", array('old'=>$oldvalue, 'new'=>$_newvalue));
 		return true;
 	}
 	return false;
@@ -747,6 +748,8 @@ function &get_category(&$category, $output = OBJECT) {
 		}
 	}

+	$_category = apply_filters('get_category', $_category);
+
 	if ( !isset($_category->fullpath) ) {
 		$_category = set_category_path($_category);
 		wp_cache_replace($_category->cat_ID, $_category, 'category');	
@@ -993,7 +996,7 @@ function debug_fclose($fp) {
 }

 function spawn_pinger() {
-	global $wpdb;
+	global $wpdb, $wp_version;
 	$doping = false;
 	if ( $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE TRIM(to_ping) != '' LIMIT 1") )
 		$doping = true;
@@ -1009,7 +1012,7 @@ function spawn_pinger() {
 		$parts = parse_url($ping_url);
 		$argyle = @ fsockopen($parts['host'], $_SERVER['SERVER_PORT'], $errno, $errstr, 0.01);
 		if ( $argyle )
-			fputs($argyle, "GET {$parts['path']}?time=".time()." HTTP/1.0\r\nHost: {$_SERVER['HTTP_HOST']}\r\n\r\n");
+			fputs($argyle, "GET {$parts['path']}?time=".time()." HTTP/1.0\r\nHost: {$_SERVER['HTTP_HOST']}\r\nUser-Agent: WordPress/{$wp_version}\r\n\r\n");
       }
 }

@@ -1090,15 +1093,13 @@ function wp_get_http_headers( $url, $red = 1 ) {
 		$headers["$key"] = $matches[2][$i];
 	}

-    $code = preg_replace('/.*?(\d{3}).*/i', '$1', $response);
-    
-    $headers['status_code'] = $code;
-    
-    if ( '302' == $code || '301' == $code )
-        return wp_get_http_headers( $url, ++$red );
-
 	preg_match('/.*([0-9]{3}).*/', $response, $return);
 	$headers['response'] = $return[1]; // HTTP response code eg 204, 200, 404
+
+    $code = $headers['response'];
+    if ( ('302' == $code || '301' == $code) && isset($headers['location']) )
+        return wp_get_http_headers( $headers['location'], ++$red );
+
 	return $headers;
 }

@@ -1146,6 +1147,28 @@ function setup_postdata($post) {
 	return true;
 }

+// Setup global user vars.  Used by set_current_user() for back compat.
+function setup_userdata($user_id = '') {
+	global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity;
+
+	if ( '' == $user_id )
+		$user = wp_get_current_user();
+	else 
+		$user = new WP_User($user_id);
+
+	if ( 0 == $user->ID )
+		return;
+
+	$userdata = $user->data;
+	$user_login	= $user->user_login;
+	$user_level	= $user->user_level;
+	$user_ID	= $user->ID;
+	$user_email	= $user->user_email;
+	$user_url	= $user->user_url;
+	$user_pass_md5	= md5($user->user_pass);
+	$user_identity	= $user->display_name;
+}
+
 function is_new_day() {
 	global $day, $previousday;
 	if ( $day != $previousday ) {
@@ -1231,6 +1254,7 @@ function remove_filter($tag, $function_to_remove, $priority = 10, $accepted_args

 	// rebuild the list of filters
 	if ( isset($wp_filter[$tag]["$priority"]) ) {
+		$new_function_list = array();
 		foreach($wp_filter[$tag]["$priority"] as $filter) {
 			if ( $filter['function'] != $function_to_remove ) {
 				$new_function_list[] = $filter;
@@ -1717,24 +1741,24 @@ function get_theme_data($theme_file) {
 	preg_match("|Author URI:(.*)|i", $theme_data, $author_uri);
 	preg_match("|Template:(.*)|i", $theme_data, $template);
 	if ( preg_match("|Version:(.*)|i", $theme_data, $version) )
-		$version = $version[1];
+		$version = trim($version[1]);
 	else
 		$version ='';
 	if ( preg_match("|Status:(.*)|i", $theme_data, $status) )
-		$status = $status[1];
+		$status = trim($status[1]);
 	else
-		$status ='publish';
+		$status = 'publish';

-	$description = wptexturize($description[1]);
+	$description = wptexturize(trim($description[1]));

 	$name = $theme_name[1];
 	$name = trim($name);
 	$theme = $name;

 	if ( '' == $author_uri[1] ) {
-		$author = $author_name[1];
+		$author = trim($author_name[1]);
 	} else {
-		$author = '<a href="' . $author_uri[1] . '" title="' . __('Visit author homepage') . '">' . $author_name[1] . '</a>';
+		$author = '<a href="' . trim($author_uri[1]) . '" title="' . __('Visit author homepage') . '">' . trim($author_name[1]) . '</a>';
 	}

 	return array('Name' => $name, 'Title' => $theme, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1], 'Status' => $status);
@@ -2061,6 +2085,13 @@ function add_query_arg() {
 			$uri = @func_get_arg(2);
 	}

+	if ( preg_match('|^https?://|i', $uri, $matches) ) {
+		$protocol = $matches[0];
+		$uri = substr($uri, strlen($protocol));
+	} else {
+		$protocol = '';
+	}
+
 	if ( strstr($uri, '?') ) {
 		$parts = explode('?', $uri, 2);
 		if ( 1 == count($parts) ) {
@@ -2070,8 +2101,7 @@ function add_query_arg() {
 			$base = $parts[0] . '?';
 			$query = $parts[1];
 		}
-	}
-	else if ( strstr($uri, '/') ) {
+	} else if ( !empty($protocol) || strstr($uri, '/') ) {
 		$base = $uri . '?';
 		$query = '';
 	} else {
@@ -2094,7 +2124,7 @@ function add_query_arg() {
 			$ret .= "$k=$v";
 		}
 	}
-	$ret = $base . $ret;
+	$ret = $protocol . $base . $ret;
 	return trim($ret, '?');
 }

@@ -2287,4 +2317,190 @@ function get_num_queries() {
 	return $wpdb->num_queries;
 }

+function wp_nonce_url($actionurl, $action = -1) {
+	return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
+}
+
+function wp_nonce_field($action = -1) {
+	echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
+	wp_referer_field();
+}
+
+function wp_referer_field() {
+	$ref = wp_specialchars($_SERVER['REQUEST_URI']);
+	echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
+	if ( wp_get_original_referer() ) {
+		$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+		echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
+	}
+}
+
+function wp_original_referer_field() {
+	echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+}
+
+function wp_get_referer() {
+	foreach ( array($_REQUEST['_wp_http_referer'], $_SERVER['HTTP_REFERER']) as $ref )
+		if ( !empty($ref) )
+			return $ref;
+	return false;
+}
+
+function wp_get_original_referer() {
+	if ( !empty($_REQUEST['_wp_original_http_referer']) )
+		return $_REQUEST['_wp_original_http_referer'];
+	return false;
+}
+
+function wp_explain_nonce($action) {
+	if ( $action !== -1 && preg_match('/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches) ) {
+		$verb = $matches[1];
+		$noun = $matches[2];
+
+		$trans = array();
+		$trans['update']['attachment'] = array(__('Are you sure you want to edit this attachment: &quot;%s&quot;?'), 'get_the_title');
+
+		$trans['add']['category'] = array(__('Are you sure you want to add this category?'), false);
+		$trans['delete']['category'] = array(__('Are you sure you want to delete this category: &quot;%s&quot;?'), 'get_catname');
+		$trans['update']['category'] = array(__('Are you sure you want to edit this category: &quot;%s&quot;?'), 'get_catname');
+
+		$trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['update']['comment'] = array(__('Are you sure you want to edit this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false);
+		$trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false);
+
+		$trans['add']['bookmark'] = array(__('Are you sure you want to add this bookmark?'), false);
+		$trans['delete']['bookmark'] = array(__('Are you sure you want to delete this bookmark: &quot;%s&quot;?'), 'use_id');
+		$trans['update']['bookmark'] = array(__('Are you sure you want to edit this bookmark: &quot;%s&quot;?'), 'use_id');
+		$trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify bookmarks?'), false);
+
+		$trans['add']['page'] = array(__('Are you sure you want to add this page?'), false);
+		$trans['delete']['page'] = array(__('Are you sure you want to delete this page: &quot;%s&quot;?'), 'get_the_title');
+		$trans['update']['page'] = array(__('Are you sure you want to edit this page: &quot;%s&quot;?'), 'get_the_title');
+
+		$trans['edit']['plugin'] = array(__('Are you sure you want to edit this plugin file: &quot;%s&quot;?'), 'use_id');
+		$trans['activate']['plugin'] = array(__('Are you sure you want to activate this plugin: &quot;%s&quot;?'), 'use_id');
+		$trans['deactivate']['plugin'] = array(__('Are you sure you want to deactivate this plugin: &quot;%s&quot;?'), 'use_id');
+
+		$trans['add']['post'] = array(__('Are you sure you want to add this post?'), false);
+		$trans['delete']['post'] = array(__('Are you sure you want to delete this post: &quot;%s&quot;?'), 'get_the_title');
+		$trans['update']['post'] = array(__('Are you sure you want to edit this post: &quot;%s&quot;?'), 'get_the_title');
+
+		$trans['add']['user'] = array(__('Are you sure you want to add this user?'), false);
+		$trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false);
+		$trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false);
+		$trans['update']['user'] = array(__('Are you sure you want to edit this user: &quot;%s&quot;?'), 'get_author_name');
+		$trans['update']['profile'] = array(__('Are you sure you want to modify the profile for: &quot;%s&quot;?'), 'get_author_name');
+
+		$trans['update']['options'] = array(__('Are you sure you want to edit your settings?'), false);
+		$trans['update']['permalink'] = array(__('Are you sure you want to change your permalink structure to: %s?'), 'use_id');
+		$trans['edit']['file'] = array(__('Are you sure you want to edit this file: &quot;%s&quot;?'), 'use_id');
+		$trans['edit']['theme'] = array(__('Are you sure you want to edit this theme file: &quot;%s&quot;?'), 'use_id');
+		$trans['switch']['theme'] = array(__('Are you sure you want to switch to this theme: &quot;%s&quot;?'), 'use_id');
+
+		if ( isset($trans[$verb][$noun]) ) {
+			if ( !empty($trans[$verb][$noun][1]) ) {
+				$lookup = $trans[$verb][$noun][1];
+				$object = $matches[4];
+				if ( 'use_id' != $lookup )
+					$object = call_user_func($lookup, $object);
+				return sprintf($trans[$verb][$noun][0], $object);
+			} else {
+				return $trans[$verb][$noun][0];
+			}
+		}
+	}
+
+	return __('Are you sure you want to do this');
+}
+
+function wp_nonce_ays($action) {
+	global $pagenow, $menu, $submenu, $parent_file, $submenu_file;
+
+	$adminurl = get_settings('siteurl') . '/wp-admin';
+	if ( wp_get_referer() )
+		$adminurl = wp_get_referer();
+
+	$title = __('WordPress Confirmation');
+	// Remove extra layer of slashes.
+	$_POST   = stripslashes_deep($_POST  );
+	if ( $_POST ) {
+		$q = http_build_query($_POST);
+		$q = explode( ini_get('arg_separator.output'), $q);
+		$html .= "\t<form method='post' action='$pagenow'>\n";
+		foreach ( (array) $q as $a ) {
+			$v = substr(strstr($a, '='), 1);
+			$k = substr($a, 0, -(strlen($v)+1));
+			$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
+		}
+		$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
+		$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
+	} else {
+		$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
+	}
+	$html .= "</body>\n</html>";
+	wp_die($html, $title);
+}
+
+function wp_die($message, $title = '') {
+	header('Content-Type: text/html; charset=utf-8');
+
+	if ( empty($title) )
+		$title = __('WordPress &rsaquo; Error');
 ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title><?php echo $title ?></title>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+	<style media="screen" type="text/css">
+	<!--
+	html {
+		background: #eee;
+	}
+	body {
+		background: #fff;
+		color: #000;
+		font-family: Georgia, "Times New Roman", Times, serif;
+		margin-left: 25%;
+		margin-right: 25%;
+		padding: .2em 2em;
+	}
+
+	h1 {
+		color: #006;
+		font-size: 18px;
+		font-weight: lighter;
+	}
+
+	h2 {
+		font-size: 16px;
+	}
+
+	p, li, dt {
+		line-height: 140%;
+		padding-bottom: 2px;
+	}
+
+	ul, ol {
+		padding: 5px 5px 5px 20px;
+	}
+	#logo {
+		margin-bottom: 2em;
+	}
+	-->
+	</style>
+</head>
+<body>
+	<h1 id="logo"><img alt="WordPress" src="<?php echo get_settings('siteurl'); ?>/wp-admin/images/wordpress-logo.png" /></h1>
+	<p><?php echo $message; ?></p>
+</body>
+</html>
+<?php
+
+	die();
+}
+
+?>
--- a/wp-includes/gettext.php
+++ b/wp-includes/gettext.php
@@ -61,15 +61,12 @@ class gettext_reader {
   * @return Integer from the Stream
   */
  function readint() {
-      $stream = $this->STREAM->read(4);
      if ($this->BYTEORDER == 0) {
        // low endian
-        $unpacked = unpack('V',$stream);
-        return array_shift($unpacked);
+        return array_shift(unpack('V', $this->STREAM->read(4)));
      } else {
        // big endian
-        $unpacked = unpack('N',$stream);
-        return array_shift($unpacked);
+        return array_shift(unpack('N', $this->STREAM->read(4)));
      }
    }

@@ -97,7 +94,7 @@ class gettext_reader {
   */
  function gettext_reader($Reader, $enable_cache = true) {
    // If there isn't a StreamReader, turn on short circuit mode.
-    if (! $Reader) {
+    if (! $Reader || isset($Reader->error) ) {
      $this->short_circuit = true;
      return;
    }
@@ -105,16 +102,16 @@ class gettext_reader {
    // Caching can be turned off
    $this->enable_cache = $enable_cache;

-    // $MAGIC1 = (int)0x950412de; //bug in PHP 5
+    // $MAGIC1 = (int)0x950412de; //bug in PHP 5.0.2, see https://savannah.nongnu.org/bugs/?func=detailitem&item_id=10565
    $MAGIC1 = (int) - 1794895138;
    // $MAGIC2 = (int)0xde120495; //bug
    $MAGIC2 = (int) - 569244523;

    $this->STREAM = $Reader;
    $magic = $this->readint();
-    if ($magic == $MAGIC1) {
+    if ($magic == ($MAGIC1 & 0xFFFFFFFF)) { // to make sure it works for 64-bit platforms
      $this->BYTEORDER = 0;
-    } elseif ($magic == $MAGIC2) {
+    } elseif ($magic == ($MAGIC2 & 0xFFFFFFFF)) {
      $this->BYTEORDER = 1;
    } else {
      $this->error = 1; // not MO file
@@ -282,7 +279,7 @@ class gettext_reader {
      } else {
        $header = $this->get_translation_string(0);
      }
-      if (eregi("plural-forms: (.*)\n", $header, $regs))
+      if (eregi("plural-forms: ([^\n]*)\n", $header, $regs))
        $expr = $regs[1];
      else
        $expr = "nplurals=2; plural=n == 1 ? 0 : 1;";
@@ -308,7 +305,7 @@ class gettext_reader {
    $plural = 0;

    eval("$string");
-    if ($plural >= $total) $plural = 0;
+    if ($plural >= $total) $plural = $total - 1;
    return $plural;
  }

--- a/wp-includes/js/tinymce/langs/en.js
+++ b/wp-includes/js/tinymce/langs/en.js
@@ -1,22 +1,30 @@
 // UK lang variables

-tinyMCELang['lang_bold_desc'] = 'Bold (Alt+b)';
-tinyMCELang['lang_italic_desc'] = 'Italic (Alt+i)';
+if (navigator.userAgent.indexOf('Mac OS') != -1) {
+// Mac OS browsers use Ctrl to hit accesskeys
+	var metaKey = 'Ctrl';
+}
+else {
+	var metaKey = 'Alt';
+}
+
+tinyMCELang['lang_bold_desc'] = 'Bold (' + metaKey + '+b)';
+tinyMCELang['lang_italic_desc'] = 'Italic (' + metaKey + '+i)';
 tinyMCELang['lang_underline_desc'] = 'Underline';
-tinyMCELang['lang_striketrough_desc'] = 'Striketrough (Alt-d)';
-tinyMCELang['lang_justifyleft_desc'] = 'Align left (Alt-f)';
-tinyMCELang['lang_justifycenter_desc'] = 'Align center (Alt-c)';
-tinyMCELang['lang_justifyright_desc'] = 'Align right (Alt-r)';
+tinyMCELang['lang_striketrough_desc'] = 'Striketrough (' + metaKey + '-d)';
+tinyMCELang['lang_justifyleft_desc'] = 'Align left (' + metaKey + '-f)';
+tinyMCELang['lang_justifycenter_desc'] = 'Align center (' + metaKey + '-c)';
+tinyMCELang['lang_justifyright_desc'] = 'Align right (' + metaKey + '-r)';
 tinyMCELang['lang_justifyfull_desc'] = 'Align full';
-tinyMCELang['lang_bullist_desc'] = 'Unordered list (Alt-l)';
-tinyMCELang['lang_numlist_desc'] = 'Ordered list (Alt-o)';
-tinyMCELang['lang_outdent_desc'] = 'Outdent (Alt-w)';
-tinyMCELang['lang_indent_desc'] = 'Indent/Blockquote (Alt-q)';
-tinyMCELang['lang_undo_desc'] = 'Undo (Alt-u)';
-tinyMCELang['lang_redo_desc'] = 'Redo (Alt-y)';
-tinyMCELang['lang_link_desc'] = 'Insert/edit link (Alt-a)';
-tinyMCELang['lang_unlink_desc'] = 'Unlink (Alt-s)';
-tinyMCELang['lang_image_desc'] = 'Insert/edit image (Alt-m)';
+tinyMCELang['lang_bullist_desc'] = 'Unordered list (' + metaKey + '-l)';
+tinyMCELang['lang_numlist_desc'] = 'Ordered list (' + metaKey + '-o)';
+tinyMCELang['lang_outdent_desc'] = 'Outdent (' + metaKey + '-w)';
+tinyMCELang['lang_indent_desc'] = 'Indent/Blockquote (' + metaKey + '-q)';
+tinyMCELang['lang_undo_desc'] = 'Undo (' + metaKey + '-u)';
+tinyMCELang['lang_redo_desc'] = 'Redo (' + metaKey + '-y)';
+tinyMCELang['lang_link_desc'] = 'Insert/edit link (' + metaKey + '-a)';
+tinyMCELang['lang_unlink_desc'] = 'Unlink (' + metaKey + '-s)';
+tinyMCELang['lang_image_desc'] = 'Insert/edit image (' + metaKey + '-m)';
 tinyMCELang['lang_cleanup_desc'] = 'Cleanup messy code';
 tinyMCELang['lang_focus_alert'] = 'A editor instance must be focused before using this command.';
 tinyMCELang['lang_edit_confirm'] = 'Do you want to use the WYSIWYG mode for this textarea?';
--- a/wp-includes/js/tinymce/plugins/wordpress/langs/en.js
+++ b/wp-includes/js/tinymce/plugins/wordpress/langs/en.js
@@ -1,7 +1,15 @@
 // EN lang variables

+if (navigator.userAgent.indexOf('Mac OS') != -1) {
+// Mac OS browsers use Ctrl to hit accesskeys
+	var metaKey = 'Ctrl';
+}
+else {
+	var metaKey = 'Alt';
+}
+
 tinyMCE.addToLang('',{
-wordpress_more_button : 'Split post with More tag (Alt-t)',
+wordpress_more_button : 'Split post with More tag (' + metaKey + '-t)',
 wordpress_page_button : 'Split post with Page tag',
 wordpress_more_alt : 'More...',
 wordpress_page_alt : '...page...'
--- a/wp-includes/js/tinymce/tiny_mce_gzip.php
+++ b/wp-includes/js/tinymce/tiny_mce_gzip.php
@@ -76,15 +76,32 @@

 	// Load theme, language pack and theme language packs
 	$theme = apply_filters('mce_theme', 'advanced');
+
 	echo wp_compact_tinymce_js(file_get_contents(realpath("themes/" . $theme . "/editor_template.js")));
-	echo wp_translate_tinymce_lang(file_get_contents(realpath("themes/" . $theme . "/langs/en.js")));
-	echo wp_translate_tinymce_lang(file_get_contents(realpath("langs/en.js")));
+
+	// Get the WordPress locale
+	$locale = get_locale();
+
+	$themeLanguageFile = realpath("themes/" . $theme . "/langs/" . $locale . ".js");
+
+	if (!file_exists($themeLanguageFile))
+		$themeLanguageFile = realpath("themes/" . $theme . "/langs/en.js");
+	echo wp_translate_tinymce_lang(file_get_contents($themeLanguageFile));
+
+	$tinymceLanguageFile = realpath("langs/" . $locale . ".js");
+
+	if (!file_exists($tinymceLanguageFile))
+		$tinymceLanguageFile = realpath("langs/en.js");
+	echo wp_translate_tinymce_lang(file_get_contents($tinymceLanguageFile));

 	// Load all plugins and their language packs
-	$plugins = apply_filters('mce_plugins', array('wordpress', 'autosave', 'wphelp'));
+	$plugins = apply_filters('mce_plugins', array('wordpress', 'autosave','wphelp'));
+
 	foreach ($plugins as $plugin) {
 		$pluginFile = realpath("plugins/" . $plugin . "/editor_plugin.js");
-		$languageFile = realpath("plugins/" . $plugin . "/langs/en.js");
+		$languageFile = realpath("plugins/" . $plugin . "/langs/" . $locale . ".js");
+		if (!file_exists($languageFile))
+			$languageFile = realpath("plugins/" . $plugin . "/langs/en.js");

 		if ($pluginFile)
 			echo file_get_contents($pluginFile);
@@ -105,7 +122,7 @@
 			. 'title[dir<ltr?rtl|lang],tr[abbr|align<center?char?justify?left?right|bgcolor|char|charoff|class|rowspan|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title|valign<baseline?bottom?middle?top],tt[class|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title],u[class|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title],ul[class|compact<compact|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title|type],var[class|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title]';
 	else // Use a much smaller set
 		$valid_elements = '-a[id|href|title|rel],-strong/b,-em/i,-strike,-del,-u,p[class|align|dir],-ol,-ul,-li,br,img[class|src|alt|title|width|height|align],-sub,-sup,-blockquote[dir],-table[border|cellspacing|cellpadding|width|height|class|align|dir],thead[class|rowspan|width|height|align|valign|dir],tr[class|rowspan|width|height|align|valign|dir],th[dir|class|colspan|rowspan|width|height|align|valign|scope],td[dir|class|colspan|rowspan|width|height|align|valign],-div[dir|class|align],-span[class|align],-pre[class],-code[class],-address,-h1[class|align|dir],-h2[class|align|dir],-h3[class|align|dir],-h4[class|align|dir],-h5[class|align|dir],-h6[class|align|dir],hr';
-	$valid_elements = apply_filters('mce_valid_elements', $valid_elements); 
+	$valid_elements = apply_filters('mce_valid_elements', $valid_elements);
 	$plugins = implode($plugins, ',');
 	$mce_buttons = apply_filters('mce_buttons', array('bold', 'italic', 'strikethrough', 'separator', 'bullist', 'numlist', 'outdent', 'indent', 'separator', 'justifyleft', 'justifycenter', 'justifyright' ,'separator', 'link', 'unlink', 'image', 'wordpress', 'separator', 'undo', 'redo', 'code', 'wphelp'));
 	$mce_buttons = implode($mce_buttons, ',');
@@ -140,6 +157,7 @@ initArray = {
 	convert_newlines_to_brs : false,
 	remove_linebreaks : true,
 	save_callback : "wp_save_callback",
+	document_base_url : "<?php echo trailingslashit(get_bloginfo('home')); ?>",
 	valid_elements : "<?php echo $valid_elements; ?>",
 <?php do_action('mce_options'); ?>
 	plugins : "<?php echo $plugins; ?>"
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -1,8 +1,8 @@
 <?php

 // Added wp_ prefix to avoid conflicts with existing kses users
-# kses 0.2.1 - HTML/XHTML filter that only allows some elements and attributes
-# Copyright (C) 2002, 2003  Ulf Harnhammar
+# kses 0.2.2 - HTML/XHTML filter that only allows some elements and attributes
+# Copyright (C) 2002, 2003, 2005  Ulf Harnhammar
 # *** CONTACT INFORMATION ***
 #
 # E-mail:      metaur at users dot sourceforge dot net
@@ -113,7 +113,7 @@ function wp_kses_split2($string, $allowed_html, $allowed_protocols)
 	$elem = $matches[2];
 	$attrlist = $matches[3];

-	if (!@ is_array($allowed_html[strtolower($elem)]))
+	if (!@isset($allowed_html[strtolower($elem)]))
 		return '';
 	# They are using a not allowed HTML element

@@ -366,6 +366,7 @@ function wp_kses_bad_protocol($string, $allowed_protocols)
 ###############################################################################
 {
 	$string = wp_kses_no_null($string);
+	$string = preg_replace('/\xad+/', '', $string); # deals with Opera "feature"
 	$string2 = $string.'a';

 	while ($string != $string2) {
@@ -378,7 +379,7 @@ function wp_kses_bad_protocol($string, $allowed_protocols)

 function wp_kses_no_null($string)
 ###############################################################################
-# This function removes any NULL or chr(173) characters in $string.
+# This function removes any NULL characters in $string.
 ###############################################################################
 {
 	$string = preg_replace('/\0+/', '', $string);
@@ -454,6 +455,8 @@ function wp_kses_bad_protocol_once2($string, $allowed_protocols)
 	$string2 = wp_kses_decode_entities($string);
 	$string2 = preg_replace('/\s/', '', $string2);
 	$string2 = wp_kses_no_null($string2);
+	$string2 = preg_replace('/\xad+/', '', $string2);
+	# deals with Opera "feature"
 	$string2 = strtolower($string2);

 	$allowed = false;
@@ -528,16 +531,11 @@ function kses_init_filters() {
 }

 function kses_init() {
-	global $current_user;
-
 	remove_filter('pre_comment_author', 'wp_filter_kses');
 	remove_filter('pre_comment_content', 'wp_filter_kses');
 	remove_filter('content_save_pre', 'wp_filter_post_kses');
 	remove_filter('title_save_pre', 'wp_filter_kses');

-	if (! defined('XMLRPC_REQUEST') )
-		get_currentuserinfo();
-
 	if (current_user_can('unfiltered_html') == false)
 		kses_init_filters();
 }
--- a/wp-includes/links.php
+++ b/wp-includes/links.php
@@ -445,9 +445,10 @@ function get_links_withrating($category = -1, $before = '', $after = '<br />',
 **                uses 0
 */
 function get_linkcatname($id = 0) {
+    $id = (int) $id;
    global $wpdb;
    $cat_name = '';
-    if ('' != $id) {
+    if ( !empty($id) ) {
        $cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->linkcategories WHERE cat_id=$id");
    }
    return $cat_name;
@@ -562,4 +563,4 @@ function get_links_list($order = 'name', $hide_if_empty = 'obsolete') {
 	}
 }

-?>
+?>
--- a/wp-includes/pluggable-functions.php
+++ b/wp-includes/pluggable-functions.php
@@ -5,21 +5,20 @@

 if ( !function_exists('set_current_user') ) :
 function set_current_user($id, $name = '') {
-	global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
+	return wp_set_current_user($id, $name);
+}
+endif;

-	$current_user	= '';
+if ( !function_exists('wp_set_current_user') ) :
+function wp_set_current_user($id, $name = '') {
+	global $current_user;

-	$current_user	= new WP_User($id, $name);
+	if ( isset($current_user) && ($id == $current_user->ID) )
+		return $current_user;

-	$userdata	= get_userdatabylogin($user_login);
+	$current_user = new WP_User($id, $name);

-	$user_login	= $userdata->user_login;
-	$user_level	= $userdata->user_level;
-	$user_ID	= $userdata->ID;
-	$user_email	= $userdata->user_email;
-	$user_url	= $userdata->user_url;
-	$user_pass_md5	= md5($userdata->user_pass);
-	$user_identity	= $userdata->display_name;
+	setup_userdata($current_user->ID);

 	do_action('set_current_user');

@@ -27,30 +26,34 @@ function set_current_user($id, $name = '') {
 }
 endif;

+if ( !function_exists('wp_get_current_user') ) :
+function wp_get_current_user() {
+	global $current_user;
+
+	get_currentuserinfo();
+
+	return $current_user;
+}
+endif;

 if ( !function_exists('get_currentuserinfo') ) :
 function get_currentuserinfo() {
-	global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
+	global $current_user;

 	if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
 		return false;

+	if ( ! empty($current_user) )
+		return;
+
 	if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) || 
 		!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
-		$current_user = new WP_User(0);
+		wp_set_current_user(0);
 		return false;
 	}
-	$user_login  = $_COOKIE[USER_COOKIE];
-	$userdata    = get_userdatabylogin($user_login);
-	$user_level  = $userdata->user_level;
-	$user_ID     = $userdata->ID;
-	$user_email  = $userdata->user_email;
-	$user_url    = $userdata->user_url;
-	$user_pass_md5 = md5($userdata->user_pass);
-	$user_identity = $userdata->display_name;

-	if ( empty($current_user) )
-		$current_user = new WP_User($user_ID);
+	$user_login = $_COOKIE[USER_COOKIE];
+	wp_set_current_user(0, $user_login);
 }
 endif;

@@ -201,10 +204,11 @@ endif;

 if ( !function_exists('is_user_logged_in') ) :
 function is_user_logged_in() {
-	global $current_user;
+	$user = wp_get_current_user();
 	
-	if ( $current_user->id == 0 )
+	if ( $user->id == 0 )
 		return false;
+
 	return true;
 }
 endif;
@@ -217,19 +221,37 @@ function auth_redirect() {
 			 (empty($_COOKIE[USER_COOKIE])) ) {
 		nocache_headers();
 	
-		header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
+		wp_redirect(get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
 		exit();
 	}
 }
 endif;

 if ( !function_exists('check_admin_referer') ) :
-function check_admin_referer() {
+function check_admin_referer($action = -1) {
 	$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
-	$referer = strtolower($_SERVER['HTTP_REFERER']);
-	if (!strstr($referer, $adminurl))
-		die(__('Sorry, you need to <a href="http://codex.wordpress.org/Enable_Sending_Referrers">enable sending referrers</a> for this feature to work.'));
-	do_action('check_admin_referer');
+	$referer = strtolower(wp_get_referer());
+	if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
+		!(-1 == $action && strstr($referer, $adminurl)) ) {
+		wp_nonce_ays($action);
+		die();
+	}
+	do_action('check_admin_referer', $action);
+}
+endif;
+
+if ( !function_exists('check_ajax_referer') ) :
+function check_ajax_referer() {
+	$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
+	foreach ( $cookie as $tasty ) {
+		if ( false !== strpos($tasty, USER_COOKIE) )
+			$user = urldecode(substr(strstr($tasty, '='), 1)); // Nasty double encoding
+		if ( false !== strpos($tasty, PASS_COOKIE) )
+			$pass = urldecode(substr(strstr($tasty, '='), 1));
+	}
+	if ( wp_login( $user, $pass, true ) )
+		return true;
+	return false;
 }
 endif;

@@ -239,7 +261,10 @@ if ( !function_exists('wp_redirect') ) :
 function wp_redirect($location) {
 	global $is_IIS;

-	$location = str_replace( array("\n", "\r"), '', $location);
+	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
+
+	$strip = array('%0d', '%0a');
+	$location = str_replace($strip, '', $location);

 	if ($is_IIS)
 		header("Refresh: 0;url=$location");
@@ -248,6 +273,16 @@ function wp_redirect($location) {
 }
 endif;

+if ( !function_exists('wp_get_cookie_login') ):
+function wp_get_cookie_login() {
+	if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) )
+		return false;
+
+	return array('login' => $_COOKIE[USER_COOKIE],	'password' => $_COOKIE[PASS_COOKIE]);
+}
+
+endif;
+
 if ( !function_exists('wp_setcookie') ) :
 function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
 	if ( !$already_md5 )
@@ -429,4 +464,51 @@ function wp_new_user_notification($user_id, $plaintext_pass = '') {
 }
 endif;

+if ( !function_exists('wp_verify_nonce') ) :
+function wp_verify_nonce($nonce, $action = -1) {
+	$user = wp_get_current_user();
+	$uid = $user->id;
+
+	$i = ceil(time() / 43200);
+
+	//Allow for expanding range, but only do one check if we can
+	if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
+		return true;
+	return false;
+}
+endif;
+
+if ( !function_exists('wp_create_nonce') ) :
+function wp_create_nonce($action = -1) {
+	$user = wp_get_current_user();
+	$uid = $user->id;
+
+	$i = ceil(time() / 43200);
+	
+	return substr(wp_hash($i . $action . $uid), -12, 10);
+}
+endif;
+
+if ( !function_exists('wp_salt') ) :
+function wp_salt() {
+	$salt = get_option('secret');
+	if ( empty($salt) )
+		$salt = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
+
+	return $salt;
+}
+endif;
+
+if ( !function_exists('wp_hash') ) :
+function wp_hash($data) {
+	$salt = wp_salt();
+
+	if ( function_exists('hash_hmac') ) {
+		return hash_hmac('md5', $data, $salt);
+	} else {
+		return md5($data . $salt);
+	}
+}
+endif;
+
 ?>
--- a/wp-includes/registration-functions.php
+++ b/wp-includes/registration-functions.php
@@ -27,6 +27,7 @@ function wp_insert_user($userdata) {

 	// Are we updating or creating?
 	if ( !empty($ID) ) {
+		$ID = (int) $ID;
 		$update = true;
 	} else {
 		$update = false;
@@ -35,16 +36,40 @@ function wp_insert_user($userdata) {
 	}
 	
 	$user_login = sanitize_user($user_login, true);
+	$user_login = apply_filters('pre_user_login', $user_login);

 	if ( empty($user_nicename) )
 		$user_nicename = sanitize_title( $user_login );
+	$user_nicename = apply_filters('pre_user_nicename', $user_nicename);
+
+	if ( empty($user_url) )
+		$user_url = '';
+	$user_url = apply_filters('pre_user_url', $user_url);
+
+	if ( empty($user_email) )
+		$user_email = '';
+	$user_email = apply_filters('pre_user_email', $user_email);

 	if ( empty($display_name) )
 		$display_name = $user_login;
-		
+	$display_name = apply_filters('pre_user_display_name', $display_name);
+
 	if ( empty($nickname) )
 		$nickname = $user_login;
-			
+	$nickname = apply_filters('pre_user_nickname', $nickname);
+
+	if ( empty($first_name) )
+		$first_name = '';
+	$first_name = apply_filters('pre_user_first_name', $first_name);
+
+	if ( empty($last_name) )
+		$last_name = '';
+	$last_name = apply_filters('pre_user_last_name', $last_name);
+
+	if ( empty($description) )
+		$description = '';
+	$description = apply_filters('pre_user_description', $description);
+
 	if ( empty($user_registered) )
 		$user_registered = gmdate('Y-m-d H:i:s');

@@ -93,7 +118,7 @@ function wp_insert_user($userdata) {
 }

 function wp_update_user($userdata) {
-	global $wpdb, $current_user;
+	global $wpdb;

 	$ID = (int) $userdata['ID'];
 	
@@ -114,6 +139,7 @@ function wp_update_user($userdata) {
 	$user_id = wp_insert_user($userdata);

 	// Update the cookies if the password changed.	
+	$current_user = wp_get_current_user();
 	if( $current_user->id == $ID ) {
 		if ( isset($plaintext_pass) ) {
 			wp_clearcookie();
--- a/wp-includes/streams.php
+++ b/wp-includes/streams.php
@@ -105,7 +105,14 @@ class FileReader {
  function read($bytes) {
    if ($bytes) {
      fseek($this->_fd, $this->_pos);
-      $data = fread($this->_fd, $bytes);
+
+      // PHP 5.1.1 does not read more than 8192 bytes in one fread()
+      // the discussions at PHP Bugs suggest it's the intended behaviour
+      while ($bytes > 0) {
+        $chunk  = fread($this->_fd, $bytes);
+        $data  .= $chunk;
+        $bytes -= strlen($chunk);
+      }
      $this->_pos = ftell($this->_fd);
      
      return $data;
--- a/wp-includes/template-functions-author.php
+++ b/wp-includes/template-functions-author.php
@@ -133,7 +133,7 @@ function the_author_posts_link($idmode='') {
 	echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
 }

-function get_author_link($echo = false, $author_id, $author_nicename) {
+function get_author_link($echo = false, $author_id, $author_nicename = '') {
 	global $wpdb, $wp_rewrite, $post, $cache_userdata;
 	$auth_ID = $author_id;
 	$link = $wp_rewrite->get_author_permastruct();
@@ -142,8 +142,11 @@ function get_author_link($echo = false, $author_id, $author_nicename) {
 		$file = get_settings('home') . '/';
 		$link = $file . '?author=' . $auth_ID;
 	} else {
-		if ( '' == $author_nicename )
-			$author_nicename = $cache_userdata[$author_id]->user_nicename;
+		if ( '' == $author_nicename ) {
+			$user = get_userdata($author_id);
+			if ( !empty($user->user_nicename) )
+				$author_nicename = $user->user_nicename;
+		}
 		$link = str_replace('%author%', $author_nicename, $link);
 		$link = get_settings('home') . trailingslashit($link);
 	}
--- a/wp-includes/template-functions-general.php
+++ b/wp-includes/template-functions-general.php
@@ -27,10 +27,7 @@ function get_sidebar() {


 function wp_loginout() {
-	global $user_ID;
-	get_currentuserinfo();
-
-	if ('' == $user_ID)
+	if ( ! is_user_logged_in() )
 		$link = '<a href="' . get_settings('siteurl') . '/wp-login.php">' . __('Login') . '</a>';
 	else
 		$link = '<a href="' . get_settings('siteurl') . '/wp-login.php?action=logout">' . __('Logout') . '</a>';
@@ -40,16 +37,15 @@ function wp_loginout() {


 function wp_register( $before = '<li>', $after = '</li>' ) {
-	global $user_ID;

-	get_currentuserinfo();
-
-	if ( '' == $user_ID && get_settings('users_can_register') )
-		$link = $before . '<a href="' . get_settings('siteurl') . '/wp-register.php">' . __('Register') . '</a>' . $after;
-	elseif ( '' == $user_ID && !get_settings('users_can_register') )
-		$link = '';
-	else
+	if ( ! is_user_logged_in() ) {
+		if ( get_settings('users_can_register') )
+			$link = $before . '<a href="' . get_settings('siteurl') . '/wp-register.php">' . __('Register') . '</a>' . $after;
+		else
+			$link = '';
+	} else {
 		$link = $before . '<a href="' . get_settings('siteurl') . '/wp-admin/">' . __('Site Admin') . '</a>' . $after;
+	}

 	echo apply_filters('register', $link);
 }
@@ -62,7 +58,9 @@ function wp_meta() {

 function bloginfo($show='') {
 	$info = get_bloginfo($show);
-	if ( ! (strstr($info, 'url') || strstr($info, 'directory')) ) {
+	if (!strstr($show, 'url') && //don't filter URLs
+		!strstr($show, 'directory') &&
+		!strstr($show, 'home')) {
 		$info = apply_filters('bloginfo', $info, $show);
 		$info = convert_chars($info);
 	}
@@ -401,9 +399,11 @@ function calendar_week_mod($num) {
 function get_calendar($daylength = 1) {
 	global $wpdb, $m, $monthnum, $year, $timedifference, $month, $month_abbrev, $weekday, $weekday_initial, $weekday_abbrev, $posts;

-	// Quick check. If we have no posts at all, abort!
+	$now = current_time('mysql');
+
+	// Quick check. If we have no posts yet published, abort!
 	if ( !$posts ) {
-		$gotsome = $wpdb->get_var("SELECT ID from $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date DESC LIMIT 1");
+		$gotsome = $wpdb->get_var("SELECT ID from $wpdb->posts WHERE post_status = 'publish' AND post_date < '$now' ORDER BY post_date DESC LIMIT 1");
 		if ( !$gotsome )
 			return;
 	}
@@ -449,6 +449,7 @@ function get_calendar($daylength = 1) {
 	$next = $wpdb->get_row("SELECT	DISTINCT MONTH(post_date) AS month, YEAR(post_date) AS year
 		FROM $wpdb->posts
 		WHERE post_date >	'$thisyear-$thismonth-01'
+		AND post_date < '$now'
 		AND MONTH( post_date ) != MONTH( '$thisyear-$thismonth-01' )
 		AND post_status = 'publish' 
 			ORDER	BY post_date ASC
@@ -482,7 +483,8 @@ function get_calendar($daylength = 1) {

 	if ( $previous ) {
 		echo "\n\t\t".'<td abbr="' . $month[zeroise($previous->month, 2)] . '" colspan="3" id="prev"><a href="' .
-		get_month_link($previous->year, $previous->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $month[zeroise($previous->month, 2)], date('Y', mktime(0, 0 , 0, $previous->month, 1, $previous->year))) . '">&laquo; ' . $month_abbrev[$month[zeroise($previous->month, 2)]] . '</a></td>';
+		get_month_link($previous->year, $previous->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $month[zeroise($previous->month, 2)],
+			date('Y', mktime(0, 0 , 0, $previous->month, 1, $previous->year))) . '">&laquo; ' . $month_abbrev[$month[zeroise($previous->month, 2)]] . '</a></td>';
 	} else {
 		echo "\n\t\t".'<td colspan="3" id="prev" class="pad">&nbsp;</td>';
 	}
@@ -491,8 +493,8 @@ function get_calendar($daylength = 1) {

 	if ( $next ) {
 		echo "\n\t\t".'<td abbr="' . $month[zeroise($next->month, 2)] . '" colspan="3" id="next"><a href="' .
-		get_month_link($next->year, $next->month) . '" title="View posts for ' . $month[zeroise($next->month, 2)] . ' ' .
-		date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year)) . '">' . $month_abbrev[$month[zeroise($next->month, 2)]] . ' &raquo;</a></td>';
+		get_month_link($next->year, $next->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $month[zeroise($next->month, 2)],
+			date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) . '">' . $month_abbrev[$month[zeroise($next->month, 2)]] . ' &raquo;</a></td>';
 	} else {
 		echo "\n\t\t".'<td colspan="3" id="next" class="pad">&nbsp;</td>';
 	}
@@ -506,8 +508,8 @@ function get_calendar($daylength = 1) {

 	// Get days with posts
 	$dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date)
-		FROM $wpdb->posts WHERE MONTH(post_date) = $thismonth
-		AND YEAR(post_date) = $thisyear
+		FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth'
+		AND YEAR(post_date) = '$thisyear'
 		AND post_status = 'publish'
 		AND post_date < '" . current_time('mysql') . '\'', ARRAY_N);
 	if ( $dayswithposts ) {
--- a/wp-includes/template-functions-links.php
+++ b/wp-includes/template-functions-links.php
@@ -62,14 +62,15 @@ function get_permalink($id = 0) {

 		$authordata = get_userdata($post->post_author);
 		$author = $authordata->user_nicename;
+		$date = explode(" ",date('Y m d H i s', $unixtime));
 		$rewritereplace = 
 		array(
-			date('Y', $unixtime),
-			date('m', $unixtime),
-			date('d', $unixtime),
-			date('H', $unixtime),
-			date('i', $unixtime),
-			date('s', $unixtime),
+			$date[0],
+			$date[1],
+			$date[2],
+			$date[3],
+			$date[4],
+			$date[5],
 			$post->post_name,
 			$post->ID,
 			$category,
@@ -205,13 +206,10 @@ function get_feed_link($feed='rss2') {
 }

 function edit_post_link($link = 'Edit This', $before = '', $after = '') {
-	global $user_ID, $post;
+	global $post;

-	get_currentuserinfo();
-
-	if ( !user_can_edit_post($user_ID, $post->ID) ) {
+	if ( ! current_user_can('edit_post', $post->ID) )
 		return;
-	}

 	if ( is_attachment() )
 		return;
@@ -223,11 +221,9 @@ function edit_post_link($link = 'Edit This', $before = '', $after = '') {
 }

 function edit_comment_link($link = 'Edit This', $before = '', $after = '') {
-	global $user_ID, $post, $comment;
+	global $post, $comment;

-	get_currentuserinfo();
-
-	if ( !user_can_edit_post_comments($user_ID, $post->ID) )
+	if ( ! current_user_can('edit_post', $post->ID) )
 		return;

 	$location = get_settings('siteurl') . "/wp-admin/post.php?action=editcomment&amp;comment=$comment->comment_ID";
--- a/wp-includes/vars.php
+++ b/wp-includes/vars.php
@@ -1,7 +1,7 @@
 <?php

 // On which page are we ?
-if (preg_match('#([^/]+.php)#', $PHP_SELF, $self_matches)) {
+if (preg_match('#([^/]+\.php)$#', $PHP_SELF, $self_matches)) {
 	$pagenow = $self_matches[1];
 } else if (strstr($PHP_SELF, '?')) {
 	$pagenow = explode('/', $PHP_SELF);
@@ -14,20 +14,18 @@ if (preg_match('#([^/]+.php)#', $PHP_SELF, $self_matches)) {

 // Simple browser detection
 $is_lynx = 0; $is_gecko = 0; $is_winIE = 0; $is_macIE = 0; $is_opera = 0; $is_NS4 = 0;
-if (!isset($HTTP_USER_AGENT)) {
-	$HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
-}
-if (preg_match('/Lynx/', $HTTP_USER_AGENT)) {
+
+if (preg_match('/Lynx/', $_SERVER['HTTP_USER_AGENT'])) {
 	$is_lynx = 1;
-} elseif (preg_match('/Gecko/', $HTTP_USER_AGENT)) {
+} elseif (preg_match('/Gecko/', $_SERVER['HTTP_USER_AGENT'])) {
 	$is_gecko = 1;
-} elseif ((preg_match('/MSIE/', $HTTP_USER_AGENT)) && (preg_match('/Win/', $HTTP_USER_AGENT))) {
+} elseif ((preg_match('/MSIE/', $_SERVER['HTTP_USER_AGENT'])) && (preg_match('/Win/', $_SERVER['HTTP_USER_AGENT']))) {
 	$is_winIE = 1;
-} elseif ((preg_match('/MSIE/', $HTTP_USER_AGENT)) && (preg_match('/Mac/', $HTTP_USER_AGENT))) {
+} elseif ((preg_match('/MSIE/', $_SERVER['HTTP_USER_AGENT'])) && (preg_match('/Mac/', $_SERVER['HTTP_USER_AGENT']))) {
 	$is_macIE = 1;
-} elseif (preg_match('/Opera/', $HTTP_USER_AGENT)) {
+} elseif (preg_match('/Opera/', $_SERVER['HTTP_USER_AGENT'])) {
 	$is_opera = 1;
-} elseif ((preg_match('/Nav/', $HTTP_USER_AGENT) ) || (preg_match('/Mozilla\/4\./', $HTTP_USER_AGENT))) {
+} elseif ((preg_match('/Nav/', $_SERVER['HTTP_USER_AGENT']) ) || (preg_match('/Mozilla\/4\./', $_SERVER['HTTP_USER_AGENT']))) {
 	$is_NS4 = 1;
 }
 $is_IE    = (($is_macIE) || ($is_winIE));
@@ -44,64 +42,53 @@ if ( isset($_SERVER['HTTP_PC_REMOTE_ADDR']) )
 // if the config file does not provide the smilies array, let's define it here
 if (!isset($wpsmiliestrans)) {
 	$wpsmiliestrans = array(
-	' :)'        => 'icon_smile.gif',
-	' :D'        => 'icon_biggrin.gif',
-	' :-D'       => 'icon_biggrin.gif',
-	':grin:'    => 'icon_biggrin.gif',
-	' :)'        => 'icon_smile.gif',
-	' :-)'       => 'icon_smile.gif',
-	':smile:'   => 'icon_smile.gif',
-	' :('        => 'icon_sad.gif',
-	' :-('       => 'icon_sad.gif',
-	':sad:'     => 'icon_sad.gif',
-	' :o'        => 'icon_surprised.gif',
-	' :-o'       => 'icon_surprised.gif',
-	':eek:'     => 'icon_surprised.gif',
-	' 8O'        => 'icon_eek.gif',
-	' 8-O'       => 'icon_eek.gif',
-	':shock:'   => 'icon_eek.gif',
-	' :?'        => 'icon_confused.gif',
-	' :-?'       => 'icon_confused.gif',
-	' :???:'     => 'icon_confused.gif',
-	' 8)'        => 'icon_cool.gif',
-	' 8-)'       => 'icon_cool.gif',
-	':cool:'    => 'icon_cool.gif',
-	':lol:'     => 'icon_lol.gif',
-	' :x'        => 'icon_mad.gif',
-	' :-x'       => 'icon_mad.gif',
-	':mad:'     => 'icon_mad.gif',
-	' :P'        => 'icon_razz.gif',
-	' :-P'       => 'icon_razz.gif',
-	':razz:'    => 'icon_razz.gif',
-	':oops:'    => 'icon_redface.gif',
-	':cry:'     => 'icon_cry.gif',
-	':evil:'    => 'icon_evil.gif',
-	':twisted:' => 'icon_twisted.gif',
-	':roll:'    => 'icon_rolleyes.gif',
-	':wink:'    => 'icon_wink.gif',
-	' ;)'        => 'icon_wink.gif',
-	' ;-)'       => 'icon_wink.gif',
-	':!:'       => 'icon_exclaim.gif',
-	':?:'       => 'icon_question.gif',
-	':idea:'    => 'icon_idea.gif',
-	':arrow:'   => 'icon_arrow.gif',
-	' :|'        => 'icon_neutral.gif',
-	' :-|'       => 'icon_neutral.gif',
-	':neutral:' => 'icon_neutral.gif',
-	':mrgreen:' => 'icon_mrgreen.gif',
+	':mrgreen:'	=> 'icon_mrgreen.gif',
+	':neutral:'	=> 'icon_neutral.gif',
+	':twisted:'	=> 'icon_twisted.gif',
+	':arrow:'	=> 'icon_arrow.gif',
+	':shock:'	=> 'icon_eek.gif',
+	':smile:'	=> 'icon_smile.gif',
+	' :???:'	=> 'icon_confused.gif',
+	':cool:'	=> 'icon_cool.gif',
+	':evil:'	=> 'icon_evil.gif',
+	':grin:'	=> 'icon_biggrin.gif',
+	':idea:'	=> 'icon_idea.gif',
+	':oops:'	=> 'icon_redface.gif',
+	':razz:'	=> 'icon_razz.gif',
+	':roll:'	=> 'icon_rolleyes.gif',
+	':wink:'	=> 'icon_wink.gif',
+	':cry:'		=> 'icon_cry.gif',
+	':eek:'		=> 'icon_surprised.gif',
+	':lol:'		=> 'icon_lol.gif',
+	':mad:'		=> 'icon_mad.gif',
+	':sad:'		=> 'icon_sad.gif',
+	' 8-)'		=> 'icon_cool.gif',
+	' 8-O'		=> 'icon_eek.gif',
+	' :-('		=> 'icon_sad.gif',
+	' :-)'		=> 'icon_smile.gif',
+	' :-?'		=> 'icon_confused.gif',
+	' :-D'		=> 'icon_biggrin.gif',
+	' :-P'		=> 'icon_razz.gif',
+	' :-o'		=> 'icon_surprised.gif',
+	' :-x'		=> 'icon_mad.gif',
+	' :-|'		=> 'icon_neutral.gif',
+	' ;-)'		=> 'icon_wink.gif',
+	' 8)'		=> 'icon_cool.gif',
+	' 8O'		=> 'icon_eek.gif',
+	' :('		=> 'icon_sad.gif',
+	' :)'		=> 'icon_smile.gif',
+	' :?'		=> 'icon_confused.gif',
+	' :D'		=> 'icon_biggrin.gif',
+	' :P'		=> 'icon_razz.gif',
+	' :o'		=> 'icon_surprised.gif',
+	' :x'		=> 'icon_mad.gif',
+	' :|'		=> 'icon_neutral.gif',
+	' ;)'		=> 'icon_wink.gif',
+	':!:'		=> 'icon_exclaim.gif',
+	':?:'		=> 'icon_question.gif',
 	);
 }

-// sorts the smilies' array
-if (!function_exists('smiliescmp')) {
-function smiliescmp ($a, $b) {
-	if (strlen($a) == strlen($b)) {
-		return strcmp($a, $b);
-	}
-		return (strlen($a) > strlen($b)) ? -1 : 1;
-	}
-}
-uksort($wpsmiliestrans, 'smiliescmp');

 // generates smilies' search & replace arrays
 foreach($wpsmiliestrans as $smiley => $img) {
--- a/Show More
+++ b/Show More