Tag 2.0.3

git-svn-id: http://svn.automattic.com/wordpress/tags/2.0.3@3837 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/admin-db.php

@@ -92,16 +92,19 @@ function wp_insert_category($catarr) {
 	else
 		$update = false;
 
-	$cat_name = wp_specialchars($cat_name);
-
+	$cat_name = apply_filters('pre_category_name', $cat_name);
+	
 	if (empty ($category_nicename))
 		$category_nicename = sanitize_title($cat_name);
 	else
 		$category_nicename = sanitize_title($category_nicename);
+	$category_nicename = apply_filters('pre_category_nicename', $category_nicename);
 
 	if (empty ($category_description))
 		$category_description = '';
+	$category_description = apply_filters('pre_category_description', $category_description);
 
+	$category_parent = (int) $category_parent;
 	if (empty ($category_parent))
 		$category_parent = 0;
 

wp-admin/admin-functions.php

@@ -43,6 +43,12 @@ function write_post() {
 	if ('static' == $_POST['post_status'] && !current_user_can('edit_pages'))
 		die(__('This user cannot edit pages.'));
 
+	if (!isset ($_POST['comment_status']))
+		$_POST['comment_status'] = 'closed';
+
+	if (!isset ($_POST['ping_status']))
+		$_POST['ping_status'] = 'closed';
+
 	if (!empty ($_POST['edit_date'])) {
 		$aa = $_POST['aa'];
 		$mm = $_POST['mm'];
@@ -84,12 +90,12 @@ function relocate_children($old_ID, $new_ID) {
 function fix_attachment_links($post_ID) {
 	global $wp_rewrite;
 
-	$post = & get_post($post_ID);
+	$post = & get_post($post_ID, ARRAY_A);
 
 	$search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie";
 
 	// See if we have any rel="attachment" links
-	if ( 0 == preg_match_all($search, $post->post_content, $anchor_matches, PREG_PATTERN_ORDER) )
+	if ( 0 == preg_match_all($search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER) )
 		return;
 
 	$i = 0;
@@ -101,9 +107,11 @@ function fix_attachment_links($post_ID) {
 		$id = $id_matches[2];
 
 		// While we have the attachment ID, let's adopt any orphans.
-		$attachment = & get_post($id);
-		if ( ! is_object(get_post($attachment->post_parent)) ) {
-			$attachment->post_parent = $post_ID;
+		$attachment = & get_post($id, ARRAY_A);
+		if ( ! empty($attachment) && ! is_object(get_post($attachment['post_parent'])) ) {
+			$attachment['post_parent'] = $post_ID;
+			// Escape data pulled from DB.
+			$attachment = add_magic_quotes($attachment);
 			wp_update_post($attachment);
 		}
 
@@ -112,7 +120,10 @@ function fix_attachment_links($post_ID) {
 		++$i;
 	}
 
-	$post->post_content = str_replace($post_search, $post_replace, $post->post_content);
+	$post['post_content'] = str_replace($post_search, $post_replace, $post['post_content']);
+
+	// Escape data pulled from DB.
+	$post = add_magic_quotes($post);
 
 	return wp_update_post($post);
 }
@@ -512,7 +523,7 @@ function checked($checked, $current) {
 
 function return_categories_list($parent = 0) {
 	global $wpdb;
-	return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC LIMIT 100");
+	return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC");
 }
 
 function sort_cats($cat1, $cat2) {
@@ -582,14 +593,13 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
 		foreach ($categories as $category) {
 			if ($category->category_parent == $parent) {
 				$category->cat_name = wp_specialchars($category->cat_name);
-				$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
 				$pad = str_repeat('&#8212; ', $level);
 				if ( current_user_can('manage_categories') ) {
 					$edit = "<a href='categories.php?action=edit&amp;cat_ID=$category->cat_ID' class='edit'>".__('Edit')."</a></td>";
 					$default_cat_id = get_option('default_category');
-					
+
 					if ($category->cat_ID != $default_cat_id)
-						$edit .= "<td><a href='categories.php?action=delete&amp;cat_ID=$category->cat_ID' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '".sprintf(__("You are about to delete the category &quot;%s&quot;.  All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>";
+						$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category &quot;%s&quot;.  All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>";
 					else
 						$edit .= "<td style='text-align:center'>".__("Default");
 				}
@@ -599,7 +609,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
 				$class = ('alternate' == $class) ? '' : 'alternate';
 				echo "<tr id='cat-$category->cat_ID' class='$class'><th scope='row'>$category->cat_ID</th><td>$pad $category->cat_name</td>
 								<td>$category->category_description</td>
-								<td>$count</td>
+								<td>$category->category_count</td>
 								<td>$edit</td>
 								</tr>";
 				cat_rows($category->cat_ID, $level +1, $categories);
@@ -633,7 +643,7 @@ function page_rows($parent = 0, $level = 0, $pages = 0) {
     <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 
 	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
     <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $id) .  "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
   </tr> 
 
 <?php
@@ -1757,6 +1767,7 @@ function wp_handle_upload(&$file, $overrides = false) {
 			else
 				$filename = str_replace("$number$ext", ++$number . $ext, $filename);
 		}
+		$filename = preg_replace('#\.(?![^.]+$)#', '-', $filename);
 	}
 
 	// Move the file to the uploads dir

wp-admin/admin-header.php

@@ -3,7 +3,8 @@
 if (!isset($_GET["page"])) require_once('admin.php');
 if ( $editing ) {
 	$dbx_js = true;
-	$cat_js = true;
+	if ( current_user_can('manage_categories') )
+		$cat_js = true;
 }
 if ( $list_js || $cat_js )
 	$sack_js = true;

wp-admin/admin.php

@@ -17,7 +17,7 @@ nocache_headers();
 
 update_category_cache();
 
-get_currentuserinfo();
+wp_get_current_user();
 
 $posts_per_page = get_settings('posts_per_page');
 $what_to_show = get_settings('what_to_show');
@@ -61,7 +61,7 @@ if (isset($_GET['page'])) {
 		}
 		
 		if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page"))
-			die(sprintf(__('Cannot load %s.'), $plugin_page));
+			die(sprintf(__('Cannot load %s.'), htmlentities($plugin_page)));
 
 		if (! isset($_GET['noheader']))
 			require_once(ABSPATH . '/wp-admin/admin-header.php');

wp-admin/cat-js.php

@@ -144,9 +144,9 @@ function ajaxNewCat() {
 	var split_cats = new Array(1);
 	var catString = '';
 
-	catString = 'ajaxnewcat=' + encodeURIComponent(newcat.value);
+	catString = ajaxCat.encVar('ajaxnewcat', newcat.value) + '&' + ajaxCat.encVar('cookie', document.cookie);
 	ajaxCat.requestFile = 'edit-form-ajax-cat.php';
-	ajaxCat.method = 'GET';
+	ajaxCat.method = 'POST';
 	ajaxCat.onLoading = newCatLoading;
 	ajaxCat.onLoaded = newCatLoaded;
 	ajaxCat.onInteractive = newCatInteractive;
@@ -175,4 +175,4 @@ function myPload( str ) {
 	if ( currentElement != "" )
 		fixedExplode[count] = currentElement;
 	return fixedExplode;
-}
+}

wp-admin/categories.php

@@ -25,6 +25,8 @@ switch($action) {
 
 case 'addcat':
 
+	check_admin_referer('add-category');
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin’ uh?'));
 	
@@ -34,13 +36,12 @@ case 'addcat':
 break;
 
 case 'delete':
-
-	check_admin_referer();
+	$cat_ID = (int) $_GET['cat_ID'];
+	check_admin_referer('delete-category_' .  $cat_ID);
 
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin’ uh?'));
 
-	$cat_ID = (int) $_GET['cat_ID'];
 	$cat_name = get_catname($cat_ID);
 
 	if ( 1 == $cat_ID )
@@ -62,6 +63,7 @@ case 'edit':
 <div class="wrap">
  <h2><?php _e('Edit Category') ?></h2>
  <form name="editcat" action="categories.php" method="post">
+	  <?php wp_nonce_field('update-category_' .  $category->cat_ID); ?>
 	  <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 		<tr>
 		  <th width="33%" scope="row"><?php _e('Category name:') ?></th>
@@ -94,6 +96,9 @@ case 'edit':
 break;
 
 case 'editedcat':
+	$cat_ID = (int) $_POST['cat_ID'];
+	check_admin_referer('update-category_' . $cat_ID);
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));
 	
@@ -146,7 +151,7 @@ cat_rows();
 <div class="wrap">
     <h2><?php _e('Add New Category') ?></h2>
     <form name="addcat" id="addcat" action="categories.php" method="post">
-        
+    <?php wp_nonce_field('add-category'); ?>
         <p><?php _e('Name:') ?><br />
         <input type="text" name="cat_name" value="" /></p>
         <p><?php _e('Category parent:') ?><br />

wp-admin/edit-comments.php

@@ -39,6 +39,8 @@ function checkAll(form)
 <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
 <?php
 if ( !empty( $_POST['delete_comments'] ) ) :
+	check_admin_referer('bulk-comments');
+
 	$i = 0;
 	foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
 		$comment = (int) $comment;
@@ -96,13 +98,13 @@ if ('view' == $mode) {
         <p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');  
 			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 				echo " | <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
-				echo " | <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars( $comment->comment_author, 1 ))  . "' );\">" . __('Delete Comment') . "</a> &#8212; ";
+				echo ' | <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
 			} // end if any comments to show
 			// Get post title
 			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 				$post_title = $wpdb->get_var("SELECT post_title FROM $wpdb->posts WHERE ID = $comment->comment_post_ID");
 				$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
-				?> <a href="post.php?action=edit&amp;post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post &#8220;%s&#8221;'), stripslashes($post_title)); ?></a>
+				?> | <a href="post.php?action=edit&amp;post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post &#8220;%s&#8221;'), stripslashes($post_title)); ?></a>
 				<?php } ?>
 			 | <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a></p>
 		</li>
@@ -124,8 +126,9 @@ if ('view' == $mode) {
 } elseif ('edit' == $mode) {
 
 	if ($comments) {
-		echo '<form name="deletecomments" id="deletecomments" action="" method="post"> 
-		<table width="100%" cellpadding="3" cellspacing="3">
+		echo '<form name="deletecomments" id="deletecomments" action="" method="post"> ';
+		wp_nonce_field('bulk-comments');
+		echo '<table width="100%" cellpadding="3" cellspacing="3">
   <tr>
     <th scope="col">*</th>
     <th scope="col">' .  __('Name') . '</th>
@@ -148,13 +151,13 @@ if ('view' == $mode) {
     <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 	echo "<a href='post.php?action=editcomment&amp;comment=$comment->comment_ID' class='edit'>" .  __('Edit') . "</a>"; } ?></td>
     <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
-            echo "<a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\"    class='delete'>" . __('Delete') . "</a>"; } ?></td>
+            echo "<a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return confirm('" . __("You are about to delete this comment.\\n  \'Cancel\' to stop, \'OK\' to delete.") . "')\"    class='delete'>" . __('Delete') . "</a>"; } ?></td>
   </tr>
 		<?php 
 		} // end foreach
 	?></table>
     <p><a href="javascript:;" onclick="checkAll(document.getElementById('deletecomments')); return false; "><?php _e('Invert Checkbox Selection') ?></a></p>
-            <p class="submit"><input type="submit" name="Submit" value="<?php _e('Delete Checked Comments') ?> &raquo;" onclick="return confirm('<?php _e("You are about to delete these comments permanently \\n  \'Cancel\' to stop, \'OK\' to delete.") ?>')" />	</p>
+            <p class="submit"><input type="submit" name="Submit" value="<?php _e('Delete Checked Comments') ?> &raquo;" onclick="return confirm('<?php _e("You are about to delete these comments permanently.\\n  \'Cancel\' to stop, \'OK\' to delete.") ?>')" />	</p>
   </form>
 <?php
 	} else {

wp-admin/edit-form-advanced.php

@@ -22,9 +22,11 @@ if (0 == $post_ID) {
 	$form_action = 'post';
 	$temp_ID = -1 * time();
 	$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
+	wp_nonce_field('add-post');
 } else {
 	$form_action = 'editpost';
 	$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+	wp_nonce_field('update-post_' .  $post_ID);
 }
 
 $form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
@@ -220,7 +222,7 @@ else
 <?php
 if (current_user_can('upload_files')) {
 	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
-	$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
+	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )
 		echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
@@ -264,8 +266,8 @@ if($metadata = has_meta($post_ID)) {
 
 </div>
 
-<?php if ('edit' == $action) : ?>
-<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "')\""; ?> />
+<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
+<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}\""; ?> />
 <?php endif; ?>
 
 </div>

wp-admin/edit-form-ajax-cat.php

@@ -3,16 +3,16 @@ require_once('../wp-config.php');
 require_once('admin-functions.php');
 require_once('admin-db.php');
 
-get_currentuserinfo();
-
 if ( !current_user_can('manage_categories') )
 	die('-1');
+if ( !check_ajax_referer() )
+	die('-1');
 
 function get_out_now() { exit; }
 
 add_action('shutdown', 'get_out_now', -1);
 
-$names = explode(',', rawurldecode($_GET['ajaxnewcat']) );
+$names = explode(',', rawurldecode($_POST['ajaxnewcat']) );
 $ids   = array();
 
 foreach ($names as $cat_name) {
@@ -34,4 +34,4 @@ $return = join(',', $ids);
 
 die( (string) $return );
 
-?>
+?>

wp-admin/edit-form-comment.php

@@ -6,6 +6,7 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment-
 ?>
 
 <form name="post" action="post.php" method="post" id="post">
+<?php wp_nonce_field('update-comment' . $comment->comment_ID) ?>
 <div class="wrap">
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />

wp-admin/edit-link-form.php

@@ -4,11 +4,13 @@ if ( ! empty($link_id) ) {
 	$heading = __('Edit a link:');
 	$submit_text = __('Save Changes »');
 	$form = '<form action="" method="post" name="editlink" id="editlink">'; 
+	$nonce_action = 'update-bookmark_' . $link_id;
 } else {
 	$editing = false;
 	$heading = __('<strong>Add</strong> a link:');
 	$submit_text = __('Add Link &raquo;');
 	$form = '<form name="addlink" method="post" action="link-manager.php">';
+	$nonce_action = 'add-bookmark';
 }
 
 function xfn_check($class, $value = '', $type = 'check') {
@@ -33,6 +35,7 @@ function xfn_check($class, $value = '', $type = 'check') {
 
 <div class="wrap"> 
   <?php echo $form ?>
+  <?php wp_nonce_field($nonce_action); ?>
   <h2><?php echo $heading ?></h2>
 <fieldset class="options">
     <legend><?php _e('Basics') ?></legend>

wp-admin/edit-page-form.php

@@ -5,11 +5,13 @@
 <?php
 if (0 == $post_ID) {
 	$form_action = 'post';
+	$nonce_action = 'add-post';
 	$temp_ID = -1 * time();
 	$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
 } else {
 	$form_action = 'editpost';
-	$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+	$nonce_action = 'update-post_' . $post_ID;
+	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
 $sendto = $_SERVER['HTTP_REFERER'];
@@ -23,6 +25,8 @@ $sendto = wp_specialchars( $sendto );
 <form name="post" action="post.php" method="post" id="post">
 
 <?php
+wp_nonce_field($nonce_action);
+
 if (isset($mode) && 'bookmarklet' == $mode) {
     echo '<input type="hidden" name="mode" value="bookmarklet" />';
 }
@@ -186,7 +190,7 @@ else
 <?php
 if (current_user_can('upload_files')) {
 	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
-	$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
+	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )
 		echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';

wp-admin/edit-pages.php

@@ -43,7 +43,7 @@ if ($posts) {
 if ( isset($_GET['s']) ) {
 foreach ( $posts as $post ) : 
 	$class = ('alternate' != $class) ? 'alternate' : ''; ?>
-  <tr id='page-<?php echo $id; ?>' class='<?php echo $class; ?>'> 
+  <tr id='page-<?php echo $post->ID; ?>' class='<?php echo $class; ?>'> 
     <th scope="row"><?php echo $post->ID; ?></th> 
     <td>
       <?php echo $pad; ?><?php the_title() ?> 
@@ -51,8 +51,8 @@ foreach ( $posts as $post ) :
     <td><?php the_author() ?></td>
     <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 
 	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
   </tr>
 <?php
 endforeach;

wp-admin/edit.php

@@ -210,7 +210,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 
 	case 'control_delete':
 		?>
-		<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
+		<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td>
 		<?php
 		break;
 
@@ -262,12 +262,13 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
   <?php 
 			if ( current_user_can('edit_post', $post->ID) ) {
 				echo "[ <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" .  __('Edit') . "</a>";
-				echo " - <a href=\"post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> ";
+				echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "');\">" . __('Delete') . '</a> ';
+
 				if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
 					if ('approved' == wp_get_comment_status($comment->comment_ID)) {
-						echo " - <a href=\"post.php?action=unapprovecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> ";
+						echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> ';
 					} else {
-						echo " - <a href=\"post.php?action=approvecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">" . __('Approve') . "</a> ";
+						echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '">' . __('Approve') . '</a> ';
 					}
 				}
 				echo "]";

wp-admin/import/blogger.php

@@ -599,6 +599,8 @@ class Blogger_Import {
 		}
 		
 		if ( isset($_GET['noheader']) ) {
+			header('Content-Type: text/html; charset=utf-8');
+
 			$this->import = get_settings('import-blogger');
 
 			if ( false === $this->import ) {

wp-admin/import/mt.php

@@ -193,7 +193,7 @@ class MT_Import {
 
 				// We want the excerpt
 				preg_match("|-----\nEXCERPT:(.*)|s", $post, $excerpt);
-				$excerpt = $wpdb->escape(trim($excerpt[1]));
+				$post_excerpt = $wpdb->escape(trim($excerpt[1]));
 				$post = preg_replace("|(-----\nEXCERPT:.*)|s", '', $post);
 
 				// We're going to put extended body into main body with a more tag

wp-admin/inline-uploading.php

@@ -34,16 +34,20 @@ break;
 
 case 'delete':
 
+check_admin_referer('inlineuploading');
+
 if ( !current_user_can('edit_post', (int) $attachment) )
 	die(__('You are not allowed to delete this attachment.').' <a href="'.basename(__FILE__)."?post=$post&amp;all=$all&amp;action=upload\">".__('Go back').'</a>');
 
 wp_delete_attachment($attachment);
 
-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start");
+header("Location: " . basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start");
 die;
 
 case 'save':
 
+check_admin_referer('inlineuploading');
+
 $overrides = array('action'=>'save');
 
 $file = wp_handle_upload($_FILES['image'], $overrides);
@@ -98,7 +102,7 @@ if ( preg_match('!^image/!', $attachment['post_mime_type']) ) {
 	add_post_meta($id, '_wp_attachment_metadata', array());
 }
 
-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=0");
+header("Location: " . basename(__FILE__) . "?post=$post&all=$all&action=view&start=0");
 die();
 
 case 'upload':
@@ -137,7 +141,7 @@ if ( '' == $sort )
 $attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_status = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A);
 
 if ( count($attachments) == 0 ) {
-	header("Location: ".basename(__FILE__)."?post=$post&action=upload");
+	header("Location: " . basename(__FILE__) ."?post=$post&action=upload" );
 	die;
 } elseif ( count($attachments) > $num ) {
 	$next = $start + count($attachments) - $num;
@@ -211,7 +215,7 @@ var icon = new Array();
 		</noscript>
 ";
 		$send_delete_cancel = "<a onclick=\"sendToEditor({$ID});return false;\" href=\"javascript:void()\">$__send_to_editor</a>
-<a onclick=\"return confirm('$__confirmdelete')\" href=\"".basename(__FILE__)."?action=delete&amp;attachment={$ID}&amp;all=$all&amp;start=$start&amp;post=$post\">$__delete</a>
+<a onclick=\"return confirm('$__confirmdelete')\" href=\"" . wp_nonce_url( basename(__FILE__) . "?action=delete&amp;attachment={$ID}&amp;all=$all&amp;start=$start&amp;post=$post", inlineuploading) . "\">$__delete</a>
 		<a onclick=\"popup.style.display='none';return false;\" href=\"javascript:void()\">$__close</a>
 ";
 		$uwidth_sum += 128;
@@ -639,25 +643,25 @@ th {
 </head>
 <body>
 <ul id="upload-menu">
-<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__); ?>?action=upload&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $start; ?>"><?php _e('Upload'); ?></a></li>
+<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__) . "?action=upload&amp;post=$post&amp;all=$all&amp;start=$start"; ?>"><?php _e('Upload'); ?></a></li>
 <?php if ( $attachments = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?>
-<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&amp;post=<?php echo $post; ?>&amp;all=false"><?php _e('Browse'); ?></a></li>
+<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__) . "?action=view&amp;post=$post&amp;all=false"; ?>"><?php _e('Browse'); ?></a></li>
 <?php } ?>
 <?php if ($wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment'")) { ?>
-<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&amp;post=<?php echo $post; ?>&amp;all=true"><?php _e('Browse All'); ?></a></li>
+<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__) . "?action=view&amp;post=$post&amp;all=true"; ?>"><?php _e('Browse All'); ?></a></li>
 <?php } ?>
 <li> </li>
 <?php if ( $action == 'view' ) { ?>
 <?php if ( false !== $back ) : ?>
-<li class="spacer"><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=0" title="<?php _e('First'); ?>">|&laquo;</a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $back; ?>"">&laquo; <?php _e('Back'); ?></a></li>
+<li class="spacer"><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=0"; ?>" title="<?php _e('First'); ?>">|&laquo;</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=$back"; ?>">&laquo; <?php _e('Back'); ?></a></li>
 <?php else : ?>
 <li class="inactive spacer">|&laquo;</li>
 <li class="inactive">&laquo; <?php _e('Back'); ?></li>
 <?php endif; ?>
 <?php if ( false !== $next ) : ?>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $next; ?>"><?php _e('Next'); ?> &raquo;</a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;last=true" title="<?php _e('Last'); ?>">&raquo;|</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=$next"; ?>"><?php _e('Next &raquo;'); ?></a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;last=true"; ?>" title="<?php _e('Last'); ?>">&raquo;|</a></li>
 <?php else : ?>
 <li class="inactive"><?php _e('Next'); ?> &raquo;</li>
 <li class="inactive">&raquo;|</li>
@@ -695,6 +699,7 @@ th {
 <input type="hidden" name="post" value="<?php echo $post; ?>" />
 <input type="hidden" name="all" value="<?php echo $all; ?>" />
 <input type="hidden" name="start" value="<?php echo $start; ?>" />
+<?php wp_nonce_field( 'inlineuploading' ); ?>
 <div id="submit">
 <input type="submit" value="<?php _e('Upload'); ?>" />
 <?php if ( !empty($all) ) : ?>

wp-admin/link-categories.php

@@ -26,6 +26,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 switch ($action) {
   case 'addcat':
   {
+      check_admin_referer('add-link-category');
+
       if ( !current_user_can('manage_links') )
           die (__("Cheatin' uh ?"));
 
@@ -80,7 +82,9 @@ switch ($action) {
   } // end addcat
   case 'Delete':
   {
-    $cat_id = (int) $_GET['cat_id'];
+   	$cat_id = (int) $_GET['cat_id'];
+    check_admin_referer('delete-link-category_' . $cat_id);
+
     $cat_name=get_linkcatname($cat_id);
 
     if ($cat_id=="1")
@@ -112,6 +116,7 @@ switch ($action) {
   <h2><?php printf(__('Edit &#8220%s&#8221; Category'), wp_specialchars($row->cat_name)); ?></h2>
 
   <form name="editcat" method="post">
+  <?php wp_nonce_field('update-link-category_' . $row->cat_id) ?>
       <input type="hidden" name="action" value="editedcat" />
       <input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" />
 <fieldset class="options">
@@ -199,14 +204,15 @@ switch ($action) {
   } // end Edit
   case "editedcat":
   {
+    $cat_id = (int)$_POST["cat_id"];
+    check_admin_referer('update-link-category_' . $cat_id);
+
     if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
 
     $submit=$_POST["submit"];
     if (isset($submit)) {
 
-    $cat_id = (int)$_POST["cat_id"];
-
     $cat_name= wp_specialchars($_POST["cat_name"]);
     $auto_toggle = $_POST["auto_toggle"];
     if ($auto_toggle != 'Y') {
@@ -350,7 +356,7 @@ foreach ($results as $row) {
                 <td nowrap="nowrap"><?php echo htmlentities($row->text_after_all)?></td>
                 <td><?php echo $row->list_limit ?></td>
                 <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Edit" class="edit"><?php _e('Edit') ?></a></td>
-                <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Delete" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
+                <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" "onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
               </tr>
 <?php
         ++$i;
@@ -365,6 +371,7 @@ foreach ($results as $row) {
 
 <div class="wrap">
     <form name="addcat" method="post">
+    <?php wp_nonce_field('add-link-category'); ?>
       <input type="hidden" name="action" value="addcat" />
 	  <h2><?php _e('Add a Link Category:') ?></h2>
 <fieldset class="options">

wp-admin/link-import.php

@@ -24,6 +24,7 @@ switch ($step) {
 <div class="wrap">
 <h2><?php _e('Import your blogroll from another system') ?> </h2>
 <form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
+<?php wp_nonce_field('import-bookmarks') ?>
 
 <p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?>
 <div style="width: 70%; margin: auto; height: 8em;">
@@ -63,6 +64,8 @@ foreach ($categories as $category) {
             } // end case 0
 
     case 1: {
+		check_admin_referer('import-bookmarks');
+
                 include_once('admin-header.php');
                 if ( !current_user_can('manage_links') )
                     die (__("Cheatin' uh ?"));

wp-admin/link-manager.php

@@ -39,7 +39,7 @@ if ('' != $_POST['linkcheck']) $linkcheck = $_POST[linkcheck];
 switch ($action) {
   case 'assign':
   {
-    check_admin_referer();
+	check_admin_referer('bulk-bookmarks');
 
     // check the current user's level first.
     if ( !current_user_can('manage_links') )
@@ -67,7 +67,7 @@ switch ($action) {
   }
   case 'visibility':
   {
-    check_admin_referer();
+  	check_admin_referer('bulk-bookmarks');
 
     // check the current user's level first.
     if ( !current_user_can('manage_links') )
@@ -104,7 +104,7 @@ switch ($action) {
   }
   case 'move':
   {
-    check_admin_referer();
+	check_admin_referer('bulk-bookmarks');
 
     // check the current user's level first.
     if ( !current_user_can('manage_links') )
@@ -125,7 +125,7 @@ switch ($action) {
 
   case 'Add':
   {
-    check_admin_referer();
+  	check_admin_referer('add-bookmark');
 
 	add_link();
 	
@@ -135,8 +135,8 @@ switch ($action) {
 
   case 'editlink':
   {
- 
-	check_admin_referer();
+	$link_id = (int) $_POST['link_id'];
+	check_admin_referer('update-bookmark' . $link_id);
  	
 	if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
 		$cat_id = $links_show_cat_id;
@@ -147,7 +147,6 @@ switch ($action) {
 	}
 	$links_show_cat_id = $cat_id;
 
-	$link_id = (int) $_POST['link_id'];
 	edit_link($link_id);
 	
     setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
@@ -157,13 +156,12 @@ switch ($action) {
 
   case 'Delete':
   {
-    check_admin_referer();
+	$link_id = (int) $_GET['link_id'];
+	check_admin_referer('delete-bookmark' . $link_id);
 
     if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
 
-    $link_id = (int) $_GET['link_id'];
-
 	wp_delete_link($link_id);
 	
     if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
@@ -320,6 +318,7 @@ function checkAll(form)
 <form name="links" id="links" method="post" action="">
 <div class="wrap">
 
+    <?php wp_nonce_field('bulk-bookmarks') ?>
     <input type="hidden" name="link_id" value="" />
     <input type="hidden" name="action" value="" />
     <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
@@ -383,11 +382,12 @@ LINKS;
 
             if ($show_buttons) {
         echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=linkedit" class="edit">' . __('Edit') . '</a></td>';
-        echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=Delete"' .  " onclick=\"return deleteSomething( 'link', $link->link_id , '" . sprintf(__("You are about to delete the &quot;%s&quot; link to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($link->link_name,1), wp_specialchars($link->link_url)) . '\' );" class="delete">' . __('Delete') . '</a></td>';
+ 		echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; bookmark to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
         echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>';
             } else {
               echo "<td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td>\n";
             }
+
 		echo "\n    </tr>\n";
         }
     }

wp-admin/list-manipulation.js

@@ -33,13 +33,13 @@ function ajaxDelete(what, id) {
 	ajaxDel.onLoaded = function() { ajaxDel.myResponseElement.innerHTML = 'Data Sent...'; };
 	ajaxDel.onInteractive = function() { ajaxDel.myResponseElement.innerHTML = 'Processing Data...'; };
 	ajaxDel.onCompletion = function() { removeThisItem( what + '-' + id ); };
-	ajaxDel.runAJAX('action=delete-' + what + '&id=' + id);
+	ajaxDel.runAJAX('action=delete-' + what + '&id=' + id + '&' + ajaxDel.encVar('cookie', document.cookie));
 	return false;
 }
 
 function removeThisItem(id) {
 	var response = ajaxDel.response;
-	if ( isNaN(response) ) { alert(response); }
+	if ( isNaN(response) ) { ajaxDel.myResponseElement.innerHTML = response; return false; }
 	response = parseInt(response, 10);
 	if ( -1 == response ) { ajaxDel.myResponseElement.innerHTML = "You don't have permission to do that."; }
 	else if ( 0 == response ) { ajaxDel.myResponseElement.interHTML = "Something odd happened.  Try refreshing the page? Either that or what you tried to delete never existed in the first place."; }

wp-admin/list-manipulation.php

@@ -2,10 +2,12 @@
 require_once('../wp-config.php');
 require_once('admin-functions.php');
 require_once('admin-db.php');
+header("Content-type: text/plain", true);
 
-get_currentuserinfo();
 if ( !is_user_logged_in() )
 	die('-1');
+if ( !check_ajax_referer() )
+	die('-1');
 
 function grab_results() {
 	global $ajax_results;
@@ -15,15 +17,13 @@ function grab_results() {
 function get_out_now() { exit; }
 add_action('shutdown', 'get_out_now', -1);
 
-//	check_admin_referer();
-
 switch ( $_POST['action'] ) :
 case 'delete-link' :
 	$id = (int) $_POST['id'];
 	if ( !current_user_can('manage_links') )
 		die ('-1');
 
-	if ( $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$id'") )
+	if ( wp_delete_link($id) ) 
 		die('1');
 	else	die('0');
 	break;

wp-admin/menu-header.php

@@ -52,4 +52,10 @@ endforeach;
 ?>
 
 </ul>
-<?php endif; ?>
+<?php
+
+endif; 
+
+do_action('admin_notices');
+
+?>

wp-admin/moderation.php

@@ -32,6 +32,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer('moderate-comments');
+
 	if ( ! current_user_can('moderate_comments') )
 	die('<p>'.__('Your level is not high enough to moderate comments.').'</p>');
 
@@ -130,6 +132,7 @@ if ($comments) {
 ?>
     <h2><?php _e('Moderation Queue') ?></h2>
     <form name="approval" action="moderation.php" method="post">
+    <?php wp_nonce_field('moderate-comments') ?>
     <input type="hidden" name="action" value="update" />
     <ol id="the-list" class="commentlist">
 <?php
@@ -148,7 +151,7 @@ $i = 0;
 echo '<a href="post.php?action=editcomment&amp;comment='.$comment->comment_ID.'">' . __('Edit') . '</a> | ';?>
 <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a> | 
 <?php 
-echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($comment->comment_author, 1)) . "' );\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
+echo " <a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
 	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
 	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
 	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>

wp-admin/options-discussion.php

@@ -21,6 +21,7 @@ if ($action == 'retrospam') {
 <div class="wrap"> 
 <h2><?php _e('Discussion Options') ?></h2> 
 <form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
 <fieldset class="options">
 <legend><?php _e('Usual settings for an article:<br /><small><em>(These settings may be overridden for individual articles.)</em></small>') ?></legend> 
 <ul> 

wp-admin/options-general.php

@@ -10,6 +10,7 @@ include('./admin-header.php');
 <div class="wrap">
 <h2><?php _e('General Options') ?></h2>
 <form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
 <table class="optiontable"> 
 <tr valign="top"> 
 <th scope="row"><?php _e('Weblog title:') ?></th> 

wp-admin/options-misc.php

@@ -11,7 +11,7 @@ include('admin-header.php');
 <div class="wrap"> 
 <h2><?php _e('Miscellaneous Options') ?></h2> 
 <form method="post" action="options.php">
-
+<?php wp_nonce_field('update-options') ?>
 <fieldset class="options">
 <legend><?php _e('Uploading'); ?></legend>
 <table class="editform optiontable">

wp-admin/options-permalink.php

@@ -57,7 +57,9 @@ include('admin-header.php');
 
 $home_path = get_home_path();
 
-if ( isset($_POST) ) {
+if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) {
+	check_admin_referer('update-permalink');
+
 	if ( isset($_POST['permalink_structure']) ) {
 		$permalink_structure = $_POST['permalink_structure'];
 		if (! empty($permalink_structure) )
@@ -115,6 +117,7 @@ $structures = array(
 	);
 ?>
 <form name="form" action="options-permalink.php" method="post"> 
+<?php wp_nonce_field('update-permalink') ?>
 <h3><?php _e('Common options:'); ?></h3>
 <p>
 	<label>
@@ -163,6 +166,7 @@ checked="checked"
 <?php if ( $permalink_structure && !$usingpi && !$writable ) : ?>
   <p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a>, we could do this automatically, but it isn&#8217;t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
 <form action="options-permalink.php" method="post">
+<?php wp_nonce_field('update-permalink') ?>
    <p>
 <textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>
 </textarea>

wp-admin/options-reading.php

@@ -9,7 +9,9 @@ include('admin-header.php');
 
 <div class="wrap"> 
 <h2><?php _e('Reading Options') ?></h2> 
-<form name="form1" method="post" action="options.php"> 
+<form name="form1" method="post" action="options.php">
+<?php wp_nonce_field('update-options') ?>
+
 <fieldset class="options"> 
 <legend><?php _e('Blog Pages') ?></legend> 
 <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 

wp-admin/options-writing.php

@@ -10,6 +10,7 @@ include('admin-header.php');
 <div class="wrap"> 
 <h2><?php _e('Writing Options') ?></h2> 
 <form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
 <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
 <tr valign="top"> 
 <th width="33%" scope="row"> <?php _e('Size of the post box:') ?></th> 

wp-admin/options.php

@@ -29,7 +29,7 @@ switch($action) {
 case 'update':
 	$any_changed = 0;
 	
-	check_admin_referer();
+	check_admin_referer('update-options');
 
 	if (!$_POST['page_options']) {
 		foreach ($_POST as $key => $value) {
@@ -68,8 +68,6 @@ case 'update':
 			if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) {
 				// If home changed, write rewrite rules to new location.
 				$wp_rewrite->flush_rules();
-				// Get currently logged in user and password.
-				get_currentuserinfo();
 				// Clear cookies for old paths.
 				wp_clearcookie();
 				// Set cookies for new paths.
@@ -91,6 +89,7 @@ default:
 <div class="wrap">
   <h2><?php _e('All options'); ?></h2>
   <form name="form" action="options.php" method="post">
+  <?php wp_nonce_field('update-options') ?>
   <input type="hidden" name="action" value="update" />
   <table width="98%">
 <?php

wp-admin/page-new.php

@@ -13,8 +13,6 @@ require_once('admin-header.php');
 <?php
 if ( current_user_can('edit_pages') ) {
 	$action = 'post';
-	get_currentuserinfo();
-	
 	$post = get_default_post_to_edit();
 	$post->post_status = 'static';
 

wp-admin/plugin-editor.php

@@ -34,6 +34,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer('edit-plugin_' . $file);
+
 	if ( !current_user_can('edit_plugins') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
@@ -95,6 +97,7 @@ if ($plugin_files) :
 </div>
 	<?php	if (!$error) { ?> 
   <form name="template" id="template" action="plugin-editor.php" method="post">
+  <?php wp_nonce_field('edit-plugin_' . $file) ?>
 		 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 
      <input type="hidden" name="action" value="update" /> 
      <input type="hidden" name="file" value="<?php echo $file ?>" /> 

wp-admin/plugins.php

@@ -2,9 +2,8 @@
 require_once('admin.php');
 
 if ( isset($_GET['action']) ) {
-	check_admin_referer();
-	
 	if ('activate' == $_GET['action']) {
+		check_admin_referer('activate-plugin_' . $_GET['plugin']);
 		$current = get_settings('active_plugins');
 		if (!in_array($_GET['plugin'], $current)) {
 			$current[] = trim( $_GET['plugin'] );
@@ -15,6 +14,7 @@ if ( isset($_GET['action']) ) {
 		}
 		header('Location: plugins.php?activate=true');
 	} else if ('deactivate' == $_GET['action']) {
+		check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
 		$current = get_settings('active_plugins');
 		array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
 		update_option('active_plugins', $current);
@@ -98,11 +98,11 @@ if (empty($plugins)) {
 		$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
 
 		if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
-			$action = "<a href='plugins.php?action=deactivate&amp;plugin=$plugin_file' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
+			$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&amp;plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
 			$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
 			$style .= $style == 'alternate' ? ' active' : 'active';
 		} else {
-			$action = "<a href='plugins.php?action=activate&amp;plugin=$plugin_file' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
+			$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
 		}
 		$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
 		if ($style != '') $style = 'class="' . $style . '"';

wp-admin/post.php

@@ -30,7 +30,8 @@ $editing = true;
 
 switch($action) {
 case 'post':
-
+	check_admin_referer('add-post');
+	
 	$post_ID = write_post();
 
 	// Redirect.
@@ -88,6 +89,8 @@ case 'edit':
 case 'editattachment':
 	$post_id = (int) $_POST['post_ID'];
 
+	check_admin_referer('update-attachment_' . $post_id);
+
 	// Don't let these be changed
 	unset($_POST['guid']);
 	$_POST['post_status'] = 'attachment';
@@ -102,6 +105,9 @@ case 'editattachment':
 		add_post_meta($post_id, '_wp_attachment_metadata', $newmeta);
 
 case 'editpost':
+	$post_ID = (int) $_POST['post_ID'];
+	check_admin_referer('update-post_' . $post_ID);
+	
 	$post_ID = edit_post();
 
 	if ($_POST['save']) {
@@ -125,9 +131,8 @@ case 'editpost':
 	break;
 
 case 'delete':
-	check_admin_referer();
-
 	$post_id = (isset($_GET['post']))  ? intval($_GET['post']) : intval($_POST['post_ID']);
+	check_admin_referer('delete-post_' . $post_id);
 
 	$post = & get_post($post_id);
 	
@@ -198,6 +203,7 @@ case 'confirmdeletecomment':
 	echo "<input type='hidden' name='p' value='$p' />\n";
 	echo "<input type='hidden' name='comment' value='{$comment->comment_ID}' />\n";
 	echo "<input type='hidden' name='noredir' value='1' />\n";
+	wp_nonce_field('delete-comment_' .  $comment->comment_ID);
 	echo "<input type='submit' value='" . __('Yes') . "' />";
 	echo "&nbsp;&nbsp;";
 	echo "<input type='button' value='" . __('No') . "' onclick=\"self.location='". get_settings('siteurl') ."/wp-admin/edit.php?p=$p&amp;c=1#comments';\" />\n";
@@ -207,10 +213,9 @@ case 'confirmdeletecomment':
 	break;
 
 case 'deletecomment':
-
-	check_admin_referer();
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('delete-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
@@ -238,10 +243,9 @@ case 'deletecomment':
 	break;
 
 case 'unapprovecomment':
-
-	check_admin_referer();
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('unapprove-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
@@ -266,8 +270,8 @@ case 'unapprovecomment':
 	break;
 
 case 'mailapprovecomment':
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('approve-comment_' . $comment);
 
 	if ( ! $comment = get_comment($comment) )
 			 die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
@@ -286,8 +290,9 @@ case 'mailapprovecomment':
 	break;
 
 case 'approvecomment':
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('approve-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
@@ -317,6 +322,8 @@ case 'approvecomment':
 
 case 'editedcomment':
 
+	check_admin_referer('update-comment');
+
 	edit_comment();
 
 	$referredby = $_POST['referredby'];

wp-admin/profile-update.php

@@ -2,7 +2,7 @@
 
 require_once('admin.php');
 
-check_admin_referer();
+check_admin_referer('update-profile_' . $user_ID);
 
 if ( !$_POST )
 	die( __('No post?') );

wp-admin/profile.php

@@ -19,6 +19,7 @@ $bookmarklet_height= 440;
 <div class="wrap">
 <h2><?php _e('Your Profile and Personal Options'); ?></h2>
 <form name="profile" id="your-profile" action="profile-update.php" method="post">
+<?php wp_nonce_field('update-profile_' . $user_ID) ?>
 <p>
 <input type="hidden" name="from" value="profile" />
 <input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />

wp-admin/templates.php

@@ -36,6 +36,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer('edit-file_' . $file);
+
 	if ( ! current_user_can('edit_files') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
@@ -126,6 +128,7 @@ endif;
 </div>
 <?php if (!$error) { ?>
   <form name="template" id="template" action="templates.php" method="post"> 
+  <?php wp_nonce_field('edit-file_' . $file) ?>
      <div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea> 
      <input type="hidden" name="action" value="update" /> 
      <input type="hidden" name="file" value="<?php echo $file ?>" /> 

wp-admin/theme-editor.php

@@ -47,6 +47,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer('edit-theme_' . $file . $theme);
+
 	if ( !current_user_can('edit_themes') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
@@ -129,6 +131,7 @@ if ($allowed_files) :
 	if (!$error) {
 	?> 
   <form name="template" id="template" action="theme-editor.php" method="post">
+  <?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
 		 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 
      <input type="hidden" name="action" value="update" /> 
      <input type="hidden" name="file" value="<?php echo $file ?>" /> 

wp-admin/themes.php

@@ -2,7 +2,7 @@
 require_once('admin.php');
 
 if ( isset($_GET['action']) ) {
-	check_admin_referer();
+	check_admin_referer('switch-theme_' . $_GET['template']);
 	
 	if ('activate' == $_GET['action']) {
 		if ( isset($_GET['template']) )
@@ -69,7 +69,7 @@ foreach ($theme_names as $theme_name) {
 	$author = $themes[$theme_name]['Author'];
 	$screenshot = $themes[$theme_name]['Screenshot'];
 	$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
-	$activate_link = "themes.php?action=activate&template=$template&stylesheet=$stylesheet";
+	$activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme_' . $template);
 ?>
 <div class="available-theme">
 <h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>

wp-admin/upgrade-schema.php

@@ -229,6 +229,9 @@ function populate_options() {
 		add_option('uploads_use_yearmonth_folders', 1);
 		add_option('upload_path', 'wp-content/uploads');
 	}
+	
+	// 2.0.3
+	add_option('secret', md5(uniqid(microtime())));
 
 	// Delete unused options
 	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog');

wp-admin/upgrade.php

@@ -75,10 +75,13 @@ switch($step) {
 	break;
 	
 	case 1:
-	wp_cache_flush();
-	make_db_current_silent();
-	upgrade_all();
-	wp_cache_flush();
+	$wp_current_db_version = __get_option('db_version');
+	if ( $wp_db_version != $wp_current_db_version ) {
+		wp_cache_flush();
+		make_db_current_silent();
+		upgrade_all();
+		wp_cache_flush();
+	}
 
 	if ( empty( $_GET['backto'] ) )
 		$backto = __get_option('home');

wp-admin/user-edit.php

@@ -32,6 +32,8 @@ break;
 
 case 'update':
 
+check_admin_referer('update-user_' . $user_id);
+
 $errors = array();
 
 if (!current_user_can('edit_users'))
@@ -71,6 +73,7 @@ if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permi
 <h2><?php _e('Edit User'); ?></h2>
 
 <form name="profile" id="your-profile" action="user-edit.php" method="post">
+<?php wp_nonce_field('update-user_' . $user_ID) ?>
 <p>
 <input type="hidden" name="from" value="profile" />
 <input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />

wp-admin/users.php

@@ -11,7 +11,7 @@ $update = '';
 switch ($action) {
 
 case 'promote':
-	check_admin_referer();
+	check_admin_referer('bulk-users');
 
 	if (empty($_POST['users'])) {
 		header('Location: users.php');
@@ -39,7 +39,7 @@ break;
 
 case 'dodelete':
 
-	check_admin_referer();
+	check_admin_referer('delete-users');
 
 	if ( empty($_POST['users']) ) {
 		header('Location: users.php');
@@ -72,7 +72,7 @@ break;
 
 case 'delete':
 
-	check_admin_referer();
+	check_admin_referer('bulk-users');
 
 	if (empty($_POST['users'])) {
 		header('Location: users.php');
@@ -86,6 +86,7 @@ case 'delete':
 	include ('admin-header.php');
 ?>
 <form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('delete-users') ?>
 <div class="wrap">
 <h2><?php _e('Delete Users'); ?></h2>
 <p><?php _e('You have specified these users for deletion:'); ?></p>
@@ -131,7 +132,7 @@ case 'delete':
 break;
 
 case 'adduser':
-	check_admin_referer();
+	check_admin_referer('add-user');
 	
 	$errors = add_user();
 	
@@ -200,6 +201,7 @@ default:
 	?>
 	
 <form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('bulk-users') ?>
 <div class="wrap">
 	<h2><?php _e('User List by Role'); ?></h2>
   <table cellpadding="3" cellspacing="3" width="100%">
@@ -280,6 +282,7 @@ $role_select .= '</select>';
 <h2><?php _e('Add New User') ?></h2>
 <?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'</p>'; ?>
 <form action="" method="post" name="adduser" id="adduser">
+  <?php wp_nonce_field('add-user') ?>
   <table class="editform" width="100%" cellspacing="2" cellpadding="5">
     <tr>
       <th scope="row" width="33%"><?php _e('Nickname') ?>

wp-comments-post.php

@@ -24,11 +24,11 @@ $comment_author_url   = trim($_POST['url']);
 $comment_content      = trim($_POST['comment']);
 
 // If the user is logged in
-get_currentuserinfo();
-if ( $user_ID ) :
-	$comment_author       = $wpdb->escape($user_identity);
-	$comment_author_email = $wpdb->escape($user_email);
-	$comment_author_url   = $wpdb->escape($user_url);
+$user = wp_get_current_user();
+if ( $user->ID ) :
+	$comment_author       = $wpdb->escape($user->display_name);
+	$comment_author_email = $wpdb->escape($user->user_email);
+	$comment_author_url   = $wpdb->escape($user->user_url);
 else :
 	if ( get_option('comment_registration') )
 		die( __('Sorry, you must be logged in to post a comment.') );
@@ -36,7 +36,7 @@ endif;
 
 $comment_type = '';
 
-if ( get_settings('require_name_email') && !$user_ID ) {
+if ( get_settings('require_name_email') && !$user->ID ) {
 	if ( 6 > strlen($comment_author_email) || '' == $comment_author )
 		die( __('Error: please fill the required fields (name, email).') );
 	elseif ( !is_email($comment_author_email))
@@ -48,16 +48,17 @@ if ( '' == $comment_content )
 
 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');
 
-wp_new_comment( $commentdata );
+$comment_id = wp_new_comment( $commentdata );
 
-if ( !$user_ID ) :
-	setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie('comment_author_url_' . COOKIEHASH, stripslashes($comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+if ( !$user->ID ) :
+	$comment = get_comment($comment_id);
+	setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+	setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+	setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
 endif;
 
 $location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; 
 
 wp_redirect( $location );
 
-?>
+?>

wp-content/plugins/wp-db-backup.php

@@ -36,13 +36,13 @@ class wpdbBackup {
 	}
 
 	function wpdbBackup() {
-				
 		add_action('wp_cron_daily', array(&$this, 'wp_cron_daily'));
 
 		$this->backup_dir = trailingslashit($this->backup_dir);
 		$this->basename = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', __FILE__);
 	
 		if (isset($_POST['do_backup'])) {
+			if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
 			switch($_POST['do_backup']) {
 			case 'backup':
 				$this->perform_backup();
@@ -52,8 +52,10 @@ class wpdbBackup {
 				break;				
 			}
 		} elseif (isset($_GET['fragment'] )) {
+			if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
 			add_action('init', array(&$this, 'init'));
 		} elseif (isset($_GET['backup'] )) {
+			if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
 			add_action('init', array(&$this, 'init'));
 		} else {
 			add_action('admin_menu', array(&$this, 'admin_menu'));
@@ -61,10 +63,7 @@ class wpdbBackup {
 	}
 	
 	function init() {
-		global $user_level;
-		get_currentuserinfo();
-
-		if ($user_level < 9) die(__('Need higher user level.'));
+		if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
 
 		if (isset($_GET['backup'])) {
 			$via = isset($_GET['via']) ? $_GET['via'] : 'http';
@@ -307,7 +306,7 @@ class wpdbBackup {
 		
 		$core_tables = $_POST['core_tables'];
 		$this->backup_file = $this->db_backup($core_tables, $also_backup);
-		if (FALSE !== $backup_file) {
+		if (FALSE !== $this->backup_file) {
 			if ('smtp' == $_POST['deliver']) {
 				$this->deliver_backup ($this->backup_file, $_POST['deliver'], $_POST['backup_recipient']);
 			} elseif ('http' == $_POST['deliver']) {
@@ -884,6 +883,11 @@ class wpdbBackup {
 	} // wp_cron_db_backup
 }
 
-$mywpdbbackup = new wpdbBackup();
+function wpdbBackup_init() {
+	global $mywpdbbackup;
+	$mywpdbbackup = new wpdbBackup(); 	
+}
+
+add_action('plugins_loaded', 'wpdbBackup_init');
 
 ?>

wp-includes/cache.php

@@ -47,8 +47,8 @@ function wp_cache_set($key, $data, $flag = '', $expire = 0) {
 	return $wp_object_cache->set($key, $data, $flag, $expire);
 }
 
-define('CACHE_SERIAL_HEADER', "<?php\n//");
-define('CACHE_SERIAL_FOOTER', "\n?".">");
+define('CACHE_SERIAL_HEADER', "<?php\n/*");
+define('CACHE_SERIAL_FOOTER', "*/\n?".">");
 
 class WP_Object_Cache {
 	var $cache_dir;
@@ -64,6 +64,7 @@ class WP_Object_Cache {
 	var $cold_cache_hits = 0;
 	var $warm_cache_hits = 0;
 	var $cache_misses = 0;
+	var $secret = '';
 
 	function acquire_lock() {
 		// Acquire a write lock. 
@@ -103,7 +104,7 @@ class WP_Object_Cache {
 
 		if ( ! $this->acquire_lock() )
 			return false;
-		
+
 		$this->rm_cache_dir();
 		$this->cache = array ();
 		$this->dirty_objects = array ();
@@ -142,7 +143,7 @@ class WP_Object_Cache {
 			return false;
 		}
 
-		$cache_file = $this->cache_dir.$this->get_group_dir($group)."/".md5($id.DB_PASSWORD).'.php';
+		$cache_file = $this->cache_dir.$this->get_group_dir($group)."/".$this->hash($id).'.php';
 		if (!file_exists($cache_file)) {
 			$this->non_existant_objects[$group][$id] = true;
 			$this->cache_misses += 1;
@@ -158,7 +159,7 @@ class WP_Object_Cache {
 			return false;
 		}
 
-		$this->cache[$group][$id] = unserialize(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER)));
+		$this->cache[$group][$id] = unserialize(base64_decode(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER))));
 		if (false === $this->cache[$group][$id])
 			$this->cache[$group][$id] = '';
 
@@ -173,6 +174,14 @@ class WP_Object_Cache {
 		return "{$this->blog_id}/$group";
 	}
 
+	function hash($data) {
+		if ( function_exists('hash_hmac') ) {
+			return hash_hmac('md5', $data, $this->secret);
+		} else {
+			return md5($data . $this->secret);
+		}
+	}
+
 	function load_group_from_db($group) {
 		global $wpdb;
 
@@ -332,7 +341,7 @@ class WP_Object_Cache {
 
 			$ids = array_unique($ids);
 			foreach ($ids as $id) {
-				$cache_file = $group_dir.md5($id.DB_PASSWORD).'.php';
+				$cache_file = $group_dir.$this->hash($id).'.php';
 
 				// Remove the cache file if the key is not set.
 				if (!isset ($this->cache[$group][$id])) {
@@ -342,7 +351,7 @@ class WP_Object_Cache {
 				}
 
 				$temp_file = tempnam($group_dir, 'tmp');
-				$serial = CACHE_SERIAL_HEADER.serialize($this->cache[$group][$id]).CACHE_SERIAL_FOOTER;
+				$serial = CACHE_SERIAL_HEADER.base64_encode(serialize($this->cache[$group][$id])).CACHE_SERIAL_FOOTER;
 				$fd = @fopen($temp_file, 'w');
 				if ( false === $fd ) {
 					$errors++;
@@ -400,6 +409,9 @@ class WP_Object_Cache {
 		if (defined('DISABLE_CACHE'))
 			return;
 
+		if ( ! defined('ENABLE_CACHE') )
+			return;
+
 		// Disable the persistent cache if safe_mode is on.
 		if ( ini_get('safe_mode') && ! defined('ENABLE_CACHE') )
 			return;
@@ -421,7 +433,12 @@ class WP_Object_Cache {
 		if (defined('CACHE_EXPIRATION_TIME'))
 			$this->expiration_time = CACHE_EXPIRATION_TIME;
 
-		$this->blog_id = md5($blog_id);
+		if ( defined('WP_SECRET') )
+			$this->secret = WP_SECRET;
+		else
+			$this->secret = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
+
+		$this->blog_id = $this->hash($blog_id);
 	}
 }
 ?>

wp-includes/capabilities.php

@@ -309,7 +309,7 @@ function map_meta_cap($cap, $user_id) {
 
 // Capability checking wrapper around the global $current_user object.
 function current_user_can($capability) {
-	global $current_user;
+	$current_user = wp_get_current_user();
 
 	$args = array_slice(func_get_args(), 1);
 	$args = array_merge(array($capability), $args);

wp-includes/classes.php

@@ -616,7 +616,7 @@ class WP_Query {
 		$join = apply_filters('posts_join', $join);
 
 		// Paging
-		if (empty($q['nopaging']) && ! $this->is_single) {
+		if (empty($q['nopaging']) && ! $this->is_single && ! $this->is_page) {
 			$page = $q['paged'];
 			if (empty($page)) {
 				$page = 1;
@@ -654,7 +654,7 @@ class WP_Query {
 		$this->posts = $wpdb->get_results($this->request);
 
 		// Check post status to determine if post should be displayed.
-		if ($this->is_single) {
+		if ( !empty($this->posts) && $this->is_single ) {
 			$status = get_post_status($this->posts[0]);
 			if ( ('publish' != $status) && ('static' != $status) ) {
 				if ( ! (isset($user_ID) && ('' != intval($user_ID))) ) {
@@ -826,7 +826,7 @@ class retrospam_mgr {
 					if ( empty( $word ) )
 						continue;
 					$fulltext = strtolower($comment->email.' '.$comment->url.' '.$comment->ip.' '.$comment->text);
-					if( strpos( $fulltext, strtolower($word) ) != FALSE ) {
+					if( false !== strpos( $fulltext, strtolower($word) ) ) {
 						$this->found_comments[] = $comment->ID;
 						break;
 					}
@@ -1321,7 +1321,7 @@ class WP_Rewrite {
 		$root_rewrite = apply_filters('root_rewrite_rules', $root_rewrite);
 
 		// Comments
-		$comments_rewrite = $this->generate_rewrite_rules($this->root . $this->comments_base, true, true, true);
+		$comments_rewrite = $this->generate_rewrite_rules($this->root . $this->comments_base, true, true, true, false);
 		$comments_rewrite = apply_filters('comments_rewrite_rules', $comments_rewrite);
 
 		// Search
@@ -1604,7 +1604,6 @@ class WP {
 	}
 
 	function send_headers() {
-		global $current_user;
 		@header('X-Pingback: '. get_bloginfo('pingback_url'));
 		if ( is_user_logged_in() )
 			nocache_headers();
@@ -1681,7 +1680,7 @@ class WP {
 	}
 
 	function init() {
-		get_currentuserinfo();
+		wp_get_current_user();
 	}
 
 	function query_posts() {

wp-includes/comment-functions.php

@@ -7,9 +7,25 @@ function comments_template( $file = '/comments.php' ) {
 
 	if ( is_single() || is_page() || $withcomments ) :
 		$req = get_settings('require_name_email');
-		$comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : '';
-		$comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : '';
-		$comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : '';
+		$comment_author = '';
+		if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
+			$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
+			$comment_author = stripslashes($comment_author);
+			$comment_author = wp_specialchars($comment_author, true);
+		}
+		$comment_author_email = '';
+		if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
+			$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
+			$comment_author_email = stripslashes($comment_author_email);
+			$comment_author_email = wp_specialchars($comment_author_email, true);		
+		}
+		$comment_author_url = '';
+		if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
+			$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
+			$comment_author_url = stripslashes($comment_author_url);
+			$comment_author_url = wp_specialchars($comment_author_url, true);		
+		}
+
 	if ( empty($comment_author) ) {
 		$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
 	} else {
@@ -18,8 +34,6 @@ function comments_template( $file = '/comments.php' ) {
 		$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date");
 	}
 
-	get_currentuserinfo();
-
 	define('COMMENTS_TEMPLATE', true);
 	$include = apply_filters('comments_template', TEMPLATEPATH . $file );
 	if ( file_exists( $include ) )
@@ -169,6 +183,8 @@ function wp_update_comment($commentarr) {
 	// Merge old and new fields with new fields overwriting old ones.
 	$commentarr = array_merge($comment, $commentarr);
 
+	$commentarr = wp_filter_comment( $commentarr );
+
 	// Now extract the merged array.
 	extract($commentarr);
 
@@ -884,6 +900,8 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
 
 function get_approved_comments($post_id) {
 	global $wpdb;
+
+	$post_id = (int) $post_id;
 	return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date");
 }
 

wp-includes/default-filters.php

@@ -49,6 +49,40 @@ add_filter('comment_text', 'convert_smilies', 20);
 
 add_filter('comment_excerpt', 'convert_chars');
 
+// Categories
+add_filter('pre_category_name', 'strip_tags');
+add_filter('pre_category_name', 'trim');
+add_filter('pre_category_name', 'wp_filter_kses');
+add_filter('pre_category_name', 'wp_specialchars', 30);
+add_filter('pre_category_description', 'wp_filter_kses');
+
+// Users
+add_filter('pre_user_display_name', 'strip_tags');
+add_filter('pre_user_display_name', 'trim');
+add_filter('pre_user_display_name', 'wp_filter_kses');
+add_filter('pre_user_display_name', 'wp_specialchars', 30);
+add_filter('pre_user_first_name', 'strip_tags');
+add_filter('pre_user_first_name', 'trim');
+add_filter('pre_user_first_name', 'wp_filter_kses');
+add_filter('pre_user_first_name', 'wp_specialchars', 30);
+add_filter('pre_user_last_name', 'strip_tags');
+add_filter('pre_user_last_name', 'trim');
+add_filter('pre_user_last_name', 'wp_filter_kses');
+add_filter('pre_user_last_name', 'wp_specialchars', 30);
+add_filter('pre_user_nickname', 'strip_tags');
+add_filter('pre_user_nickname', 'trim');
+add_filter('pre_user_nickname', 'wp_filter_kses');
+add_filter('pre_user_nickname', 'wp_specialchars', 30);
+add_filter('pre_user_description', 'strip_tags');
+add_filter('pre_user_description', 'trim');
+add_filter('pre_user_description', 'wp_filter_kses');
+add_filter('pre_user_description', 'wp_specialchars', 30);
+add_filter('pre_user_url', 'strip_tags');
+add_filter('pre_user_url', 'trim');
+add_filter('pre_user_url', 'clean_url');
+add_filter('pre_user_email', 'trim');
+add_filter('pre_user_email', 'sanitize_email');
+
 // Places to balance tags on input
 add_filter('content_save_pre', 'balanceTags', 50);
 add_filter('excerpt_save_pre', 'balanceTags', 50);

wp-includes/functions-compat.php

@@ -97,4 +97,17 @@ if (!function_exists('array_change_key_case')) {
     }
 }
 
+// From php.net
+if(!function_exists('http_build_query')) {
+   function http_build_query( $formdata, $numeric_prefix = null, $key = null ) {
+       $res = array();
+       foreach ((array)$formdata as $k=>$v) {
+           $tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k);
+           if ($key) $tmp_key = $key.'['.$tmp_key.']';
+           $res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) );
+       }
+       $separator = ini_get('arg_separator.output');
+       return implode($separator, $res);
+   }
+}
 ?>

wp-includes/functions-formatting.php

@@ -41,7 +41,7 @@ function wptexturize($text) {
 		} else {
 			$next = true;
 		}
-		$curl = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&$1', $curl);
+		$curl = preg_replace('/&([^#])(?![a-zA-Z1-4]{1,8};)/', '&$1', $curl);
 		$output .= $curl;
 	}
 	return $output;
@@ -274,7 +274,7 @@ function sanitize_user( $username, $strict = false ) {
 
 	// If strict, reduce to ASCII for max portability.
 	if ( $strict )
-		$username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username);
+		$username = preg_replace('|[^a-z0-9 _.\-@]|i', '', $username);
 
 	return apply_filters('sanitize_user', $username, $raw_username, $strict);
 }
@@ -997,10 +997,7 @@ function ent2ncr($text) {
 		'♦' => '♦'
 	);
 
-	foreach ($to_ncr as $entity => $ncr) {
-		$text = str_replace($entity, $ncr, $text);
-	}
-	return $text;
+	return str_replace( array_keys($to_ncr), array_values($to_ncr), $text );
 }
 
 function wp_richedit_pre($text) {
@@ -1018,4 +1015,9 @@ function wp_richedit_pre($text) {
 	return apply_filters('richedit_pre', $output);
 }
 
+// Escape single quotes, specialchar double quotes, and fix line endings.
+function js_escape($text) {
+	$text = wp_specialchars($text, 'double');
+	return preg_replace("/\r?\n/", "\\n", addslashes($text));	
+}
 ?>

wp-includes/functions-post.php

@@ -352,7 +352,7 @@ function wp_delete_attachment($postid) {
 	global $wpdb;
 	$postid = (int) $postid;
 
-	if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
+	if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
 		return $post;
 
 	if ( 'attachment' != $post->post_status )
@@ -361,17 +361,17 @@ function wp_delete_attachment($postid) {
 	$meta = get_post_meta($postid, '_wp_attachment_metadata', true);
 	$file = get_post_meta($postid, '_wp_attached_file', true);
 
-	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
+	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
+	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
+	$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
+	$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
 
 	if ( ! empty($meta['thumb']) ) {
 		// Don't delete the thumb if another attachment uses it
-		if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid"))
+		if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
 			@ unlink(str_replace(basename($file), $meta['thumb'], $file));
 	}
 
@@ -456,9 +456,11 @@ function wp_update_post($postarr = array()) {
 function wp_get_post_cats($blogid = '1', $post_ID = 0) {
 	global $wpdb;
 	
+	$post_ID = (int) $post_ID;
+
 	$sql = "SELECT category_id 
 		FROM $wpdb->post2cat 
-		WHERE post_id = $post_ID 
+		WHERE post_id = '$post_ID' 
 		ORDER BY category_id";
 
 	$result = $wpdb->get_col($sql);

wp-includes/functions.php

@@ -32,10 +32,10 @@ function mysql2date($dateformatstring, $mysqlstring, $translate = true) {
 		$dateweekday = $weekday[date('w', $i)];
 		$dateweekday_abbrev = $weekday_abbrev[$dateweekday];
 		$dateformatstring = ' '.$dateformatstring;
-		$dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit($dateweekday_abbrev), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit($datemonth_abbrev), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])D/", "\${1}".backslashit($dateweekday_abbrev), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])F/", "\${1}".backslashit($datemonth), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])l/", "\${1}".backslashit($dateweekday), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])M/", "\${1}".backslashit($datemonth_abbrev), $dateformatstring);
 
 		$dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1);
 	}
@@ -71,10 +71,10 @@ function date_i18n($dateformatstring, $unixtimestamp) {
 		$dateweekday = $weekday[date('w', $i)];
 		$dateweekday_abbrev = $weekday_abbrev[$dateweekday];
 		$dateformatstring = ' '.$dateformatstring;
-		$dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit($dateweekday_abbrev), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit($datemonth_abbrev), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])D/", "\${1}".backslashit($dateweekday_abbrev), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])F/", "\${1}".backslashit($datemonth), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])l/", "\${1}".backslashit($dateweekday), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])M/", "\${1}".backslashit($datemonth_abbrev), $dateformatstring);
 		$dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1);
 	}
 	$j = @date($dateformatstring, $i);
@@ -305,10 +305,10 @@ function get_option($option) {
 }
 
 function get_user_option( $option, $user = 0 ) {
-	global $wpdb, $current_user;
+	global $wpdb;
 	
 	if ( empty($user) )
-		$user = $current_user;
+		$user = wp_get_current_user();
 	else
 		$user = get_userdata($user);
 
@@ -364,6 +364,7 @@ function update_option($option_name, $newvalue) {
 		return true;
 	}
 
+	$_newvalue = $newvalue;
 	if ( is_array($newvalue) || is_object($newvalue) )
 		$newvalue = serialize($newvalue);
 
@@ -373,7 +374,7 @@ function update_option($option_name, $newvalue) {
 	$option_name = $wpdb->escape($option_name);
 	$wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'");
 	if ( $wpdb->rows_affected == 1 ) {
-		do_action("update_option_{$option_name}", $oldvalue, $newvalue);
+		do_action("update_option_{$option_name}", array('old'=>$oldvalue, 'new'=>$_newvalue));
 		return true;
 	}
 	return false;
@@ -1090,15 +1091,13 @@ function wp_get_http_headers( $url, $red = 1 ) {
 		$headers["$key"] = $matches[2][$i];
 	}
 
-    $code = preg_replace('/.*?(\d{3}).*/i', '$1', $response);
-    
-    $headers['status_code'] = $code;
-    
-    if ( '302' == $code || '301' == $code )
-        return wp_get_http_headers( $url, ++$red );
-
 	preg_match('/.*([0-9]{3}).*/', $response, $return);
 	$headers['response'] = $return[1]; // HTTP response code eg 204, 200, 404
+
+    $code = $headers['response'];
+    if ( ('302' == $code || '301' == $code) && isset($headers['location']) )
+        return wp_get_http_headers( $headers['location'], ++$red );
+
 	return $headers;
 }
 
@@ -1146,6 +1145,28 @@ function setup_postdata($post) {
 	return true;
 }
 
+// Setup global user vars.  Used by set_current_user() for back compat.
+function setup_userdata($user_id = '') {
+	global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity;
+
+	if ( '' == $user_id )
+		$user = wp_get_current_user();
+	else 
+		$user = new WP_User($user_id);
+
+	if ( 0 == $user->ID )
+		return;
+
+	$userdata = $user->data;
+	$user_login	= $user->user_login;
+	$user_level	= $user->user_level;
+	$user_ID	= $user->ID;
+	$user_email	= $user->user_email;
+	$user_url	= $user->user_url;
+	$user_pass_md5	= md5($user->user_pass);
+	$user_identity	= $user->display_name;
+}
+
 function is_new_day() {
 	global $day, $previousday;
 	if ( $day != $previousday ) {
@@ -2287,4 +2308,12 @@ function get_num_queries() {
 	return $wpdb->num_queries;
 }
 
+function wp_nonce_url($actionurl, $action = -1) {
+	return add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl);
+}
+
+function wp_nonce_field($action = -1) {
+	echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
+}
+
 ?>

wp-includes/js/tinymce/langs/en.js

@@ -1,22 +1,30 @@
 // UK lang variables
 
-tinyMCELang['lang_bold_desc'] = 'Bold (Alt+b)';
-tinyMCELang['lang_italic_desc'] = 'Italic (Alt+i)';
+if (navigator.userAgent.indexOf('Mac OS') != -1) {
+// Mac OS browsers use Ctrl to hit accesskeys
+	var metaKey = 'Ctrl';
+}
+else {
+	var metaKey = 'Alt';
+}
+
+tinyMCELang['lang_bold_desc'] = 'Bold (' + metaKey + '+b)';
+tinyMCELang['lang_italic_desc'] = 'Italic (' + metaKey + '+i)';
 tinyMCELang['lang_underline_desc'] = 'Underline';
-tinyMCELang['lang_striketrough_desc'] = 'Striketrough (Alt-d)';
-tinyMCELang['lang_justifyleft_desc'] = 'Align left (Alt-f)';
-tinyMCELang['lang_justifycenter_desc'] = 'Align center (Alt-c)';
-tinyMCELang['lang_justifyright_desc'] = 'Align right (Alt-r)';
+tinyMCELang['lang_striketrough_desc'] = 'Striketrough (' + metaKey + '-d)';
+tinyMCELang['lang_justifyleft_desc'] = 'Align left (' + metaKey + '-f)';
+tinyMCELang['lang_justifycenter_desc'] = 'Align center (' + metaKey + '-c)';
+tinyMCELang['lang_justifyright_desc'] = 'Align right (' + metaKey + '-r)';
 tinyMCELang['lang_justifyfull_desc'] = 'Align full';
-tinyMCELang['lang_bullist_desc'] = 'Unordered list (Alt-l)';
-tinyMCELang['lang_numlist_desc'] = 'Ordered list (Alt-o)';
-tinyMCELang['lang_outdent_desc'] = 'Outdent (Alt-w)';
-tinyMCELang['lang_indent_desc'] = 'Indent/Blockquote (Alt-q)';
-tinyMCELang['lang_undo_desc'] = 'Undo (Alt-u)';
-tinyMCELang['lang_redo_desc'] = 'Redo (Alt-y)';
-tinyMCELang['lang_link_desc'] = 'Insert/edit link (Alt-a)';
-tinyMCELang['lang_unlink_desc'] = 'Unlink (Alt-s)';
-tinyMCELang['lang_image_desc'] = 'Insert/edit image (Alt-m)';
+tinyMCELang['lang_bullist_desc'] = 'Unordered list (' + metaKey + '-l)';
+tinyMCELang['lang_numlist_desc'] = 'Ordered list (' + metaKey + '-o)';
+tinyMCELang['lang_outdent_desc'] = 'Outdent (' + metaKey + '-w)';
+tinyMCELang['lang_indent_desc'] = 'Indent/Blockquote (' + metaKey + '-q)';
+tinyMCELang['lang_undo_desc'] = 'Undo (' + metaKey + '-u)';
+tinyMCELang['lang_redo_desc'] = 'Redo (' + metaKey + '-y)';
+tinyMCELang['lang_link_desc'] = 'Insert/edit link (' + metaKey + '-a)';
+tinyMCELang['lang_unlink_desc'] = 'Unlink (' + metaKey + '-s)';
+tinyMCELang['lang_image_desc'] = 'Insert/edit image (' + metaKey + '-m)';
 tinyMCELang['lang_cleanup_desc'] = 'Cleanup messy code';
 tinyMCELang['lang_focus_alert'] = 'A editor instance must be focused before using this command.';
 tinyMCELang['lang_edit_confirm'] = 'Do you want to use the WYSIWYG mode for this textarea?';

wp-includes/js/tinymce/plugins/wordpress/langs/en.js

@@ -1,7 +1,15 @@
 // EN lang variables
 
+if (navigator.userAgent.indexOf('Mac OS') != -1) {
+// Mac OS browsers use Ctrl to hit accesskeys
+	var metaKey = 'Ctrl';
+}
+else {
+	var metaKey = 'Alt';
+}
+
 tinyMCE.addToLang('',{
-wordpress_more_button : 'Split post with More tag (Alt-t)',
+wordpress_more_button : 'Split post with More tag (' + metaKey + '-t)',
 wordpress_page_button : 'Split post with Page tag',
 wordpress_more_alt : 'More...',
 wordpress_page_alt : '...page...'

wp-includes/js/tinymce/tiny_mce_gzip.php

@@ -76,15 +76,32 @@
 
 	// Load theme, language pack and theme language packs
 	$theme = apply_filters('mce_theme', 'advanced');
+
 	echo wp_compact_tinymce_js(file_get_contents(realpath("themes/" . $theme . "/editor_template.js")));
-	echo wp_translate_tinymce_lang(file_get_contents(realpath("themes/" . $theme . "/langs/en.js")));
-	echo wp_translate_tinymce_lang(file_get_contents(realpath("langs/en.js")));
+
+	// Get the WordPress locale
+	$locale = get_locale();
+
+	$themeLanguageFile = realpath("themes/" . $theme . "/langs/" . $locale . ".js");
+
+	if (!file_exists($themeLanguageFile))
+		$themeLanguageFile = realpath("themes/" . $theme . "/langs/en.js");
+	echo wp_translate_tinymce_lang(file_get_contents($themeLanguageFile));
+
+	$tinymceLanguageFile = realpath("langs/" . $locale . ".js");
+
+	if (!file_exists($tinymceLanguageFile))
+		$tinymceLanguageFile = realpath("langs/en.js");
+	echo wp_translate_tinymce_lang(file_get_contents($tinymceLanguageFile));
 
 	// Load all plugins and their language packs
-	$plugins = apply_filters('mce_plugins', array('wordpress', 'autosave', 'wphelp'));
+	$plugins = apply_filters('mce_plugins', array('wordpress', 'autosave','wphelp'));
+
 	foreach ($plugins as $plugin) {
 		$pluginFile = realpath("plugins/" . $plugin . "/editor_plugin.js");
-		$languageFile = realpath("plugins/" . $plugin . "/langs/en.js");
+		$languageFile = realpath("plugins/" . $plugin . "/langs/" . $locale . ".js");
+		if (!file_exists($languageFile))
+			$languageFile = realpath("plugins/" . $plugin . "/langs/en.js");
 
 		if ($pluginFile)
 			echo file_get_contents($pluginFile);
@@ -105,7 +122,7 @@
 			. 'title[dir<ltr?rtl|lang],tr[abbr|align<center?char?justify?left?right|bgcolor|char|charoff|class|rowspan|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title|valign<baseline?bottom?middle?top],tt[class|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title],u[class|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title],ul[class|compact<compact|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title|type],var[class|dir<ltr?rtl|id|lang|onclick|ondblclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|style|title]';
 	else // Use a much smaller set
 		$valid_elements = '-a[id|href|title|rel],-strong/b,-em/i,-strike,-del,-u,p[class|align|dir],-ol,-ul,-li,br,img[class|src|alt|title|width|height|align],-sub,-sup,-blockquote[dir],-table[border|cellspacing|cellpadding|width|height|class|align|dir],thead[class|rowspan|width|height|align|valign|dir],tr[class|rowspan|width|height|align|valign|dir],th[dir|class|colspan|rowspan|width|height|align|valign|scope],td[dir|class|colspan|rowspan|width|height|align|valign],-div[dir|class|align],-span[class|align],-pre[class],-code[class],-address,-h1[class|align|dir],-h2[class|align|dir],-h3[class|align|dir],-h4[class|align|dir],-h5[class|align|dir],-h6[class|align|dir],hr';
-	$valid_elements = apply_filters('mce_valid_elements', $valid_elements); 
+	$valid_elements = apply_filters('mce_valid_elements', $valid_elements);
 	$plugins = implode($plugins, ',');
 	$mce_buttons = apply_filters('mce_buttons', array('bold', 'italic', 'strikethrough', 'separator', 'bullist', 'numlist', 'outdent', 'indent', 'separator', 'justifyleft', 'justifycenter', 'justifyright' ,'separator', 'link', 'unlink', 'image', 'wordpress', 'separator', 'undo', 'redo', 'code', 'wphelp'));
 	$mce_buttons = implode($mce_buttons, ',');
@@ -140,6 +157,7 @@ initArray = {
 	convert_newlines_to_brs : false,
 	remove_linebreaks : true,
 	save_callback : "wp_save_callback",
+	document_base_url : "<?php echo trailingslashit(get_bloginfo('home')); ?>",
 	valid_elements : "<?php echo $valid_elements; ?>",
 <?php do_action('mce_options'); ?>
 	plugins : "<?php echo $plugins; ?>"

wp-includes/kses.php

@@ -528,16 +528,11 @@ function kses_init_filters() {
 }
 
 function kses_init() {
-	global $current_user;
-
 	remove_filter('pre_comment_author', 'wp_filter_kses');
 	remove_filter('pre_comment_content', 'wp_filter_kses');
 	remove_filter('content_save_pre', 'wp_filter_post_kses');
 	remove_filter('title_save_pre', 'wp_filter_kses');
 
-	if (! defined('XMLRPC_REQUEST') )
-		get_currentuserinfo();
-
 	if (current_user_can('unfiltered_html') == false)
 		kses_init_filters();
 }

wp-includes/links.php

@@ -445,9 +445,10 @@ function get_links_withrating($category = -1, $before = '', $after = '<br />',
  **                uses 0
  */
 function get_linkcatname($id = 0) {
+    $id = (int) $id;
     global $wpdb;
     $cat_name = '';
-    if ('' != $id) {
+    if ( !empty($id) ) {
         $cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->linkcategories WHERE cat_id=$id");
     }
     return $cat_name;
@@ -562,4 +563,4 @@ function get_links_list($order = 'name', $hide_if_empty = 'obsolete') {
 	}
 }
 
-?>
+?>

wp-includes/pluggable-functions.php

@@ -5,21 +5,20 @@
 
 if ( !function_exists('set_current_user') ) :
 function set_current_user($id, $name = '') {
-	global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
+	return wp_set_current_user($id, $name);
+}
+endif;
 
-	$current_user	= '';
+if ( !function_exists('wp_set_current_user') ) :
+function wp_set_current_user($id, $name = '') {
+	global $current_user;
 
-	$current_user	= new WP_User($id, $name);
+	if ( isset($current_user) && ($id == $current_user->ID) )
+		return $current_user;
 
-	$userdata	= get_userdatabylogin($user_login);
+	$current_user = new WP_User($id, $name);
 
-	$user_login	= $userdata->user_login;
-	$user_level	= $userdata->user_level;
-	$user_ID	= $userdata->ID;
-	$user_email	= $userdata->user_email;
-	$user_url	= $userdata->user_url;
-	$user_pass_md5	= md5($userdata->user_pass);
-	$user_identity	= $userdata->display_name;
+	setup_userdata($current_user->ID);
 
 	do_action('set_current_user');
 
@@ -27,30 +26,34 @@ function set_current_user($id, $name = '') {
 }
 endif;
 
+if ( !function_exists('wp_get_current_user') ) :
+function wp_get_current_user() {
+	global $current_user;
+
+	get_currentuserinfo();
+
+	return $current_user;
+}
+endif;
 
 if ( !function_exists('get_currentuserinfo') ) :
 function get_currentuserinfo() {
-	global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
+	global $current_user;
 
 	if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
 		return false;
 
+	if ( ! empty($current_user) )
+		return;
+
 	if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) || 
 		!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
-		$current_user = new WP_User(0);
+		wp_set_current_user(0);
 		return false;
 	}
-	$user_login  = $_COOKIE[USER_COOKIE];
-	$userdata    = get_userdatabylogin($user_login);
-	$user_level  = $userdata->user_level;
-	$user_ID     = $userdata->ID;
-	$user_email  = $userdata->user_email;
-	$user_url    = $userdata->user_url;
-	$user_pass_md5 = md5($userdata->user_pass);
-	$user_identity = $userdata->display_name;
 
-	if ( empty($current_user) )
-		$current_user = new WP_User($user_ID);
+	$user_login = $_COOKIE[USER_COOKIE];
+	wp_set_current_user(0, $user_login);
 }
 endif;
 
@@ -201,10 +204,11 @@ endif;
 
 if ( !function_exists('is_user_logged_in') ) :
 function is_user_logged_in() {
-	global $current_user;
+	$user = wp_get_current_user();
 	
-	if ( $current_user->id == 0 )
+	if ( $user->id == 0 )
 		return false;
+
 	return true;
 }
 endif;
@@ -224,12 +228,49 @@ function auth_redirect() {
 endif;
 
 if ( !function_exists('check_admin_referer') ) :
-function check_admin_referer() {
+function check_admin_referer($action = -1) {
+	global $pagenow;
 	$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
 	$referer = strtolower($_SERVER['HTTP_REFERER']);
-	if (!strstr($referer, $adminurl))
-		die(__('Sorry, you need to <a href="http://codex.wordpress.org/Enable_Sending_Referrers">enable sending referrers</a> for this feature to work.'));
+	if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
+		!(-1 == $action && strstr($referer, $adminurl)) ) {
+		
+		$html  = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n";
+		$html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";
+		$html .= "</head>\n<body>\n";
+		if ( $_POST ) {
+			$q = http_build_query($_POST);
+			$q = explode( ini_get('arg_separator.output'), $q);
+			$html .= "\t<form method='post' action='$pagenow'>\n";
+			foreach ( (array) $q as $a ) {
+				$v = substr(strstr($a, '='), 1);
+				$k = substr($a, 0, -(strlen($v)+1));
+				$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
+			}
+			$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
+			$html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n";
+		} else {
+			$html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n";
+		}
+		$html .= "</body>\n</html>";
+
+		die($html);
+	}
 	do_action('check_admin_referer');
+}endif;
+
+if ( !function_exists('check_ajax_referer') ) :
+function check_ajax_referer() {
+	$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
+	foreach ( $cookie as $tasty ) {
+		if ( false !== strpos($tasty, USER_COOKIE) )
+			$user = substr(strstr($tasty, '='), 1);
+		if ( false !== strpos($tasty, PASS_COOKIE) )
+			$pass = substr(strstr($tasty, '='), 1);
+	}
+	if ( wp_login( $user, $pass, true ) )
+		return true;
+	return false;
 }
 endif;
 
@@ -248,6 +289,16 @@ function wp_redirect($location) {
 }
 endif;
 
+if ( !function_exists('wp_get_cookie_login') ):
+function wp_get_cookie_login() {
+	if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) )
+		return false;
+
+	return array('login' => $_COOKIE[USER_COOKIE],	'password' => $_COOKIE[PASS_COOKIE]);
+}
+
+endif;
+
 if ( !function_exists('wp_setcookie') ) :
 function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
 	if ( !$already_md5 )
@@ -429,4 +480,51 @@ function wp_new_user_notification($user_id, $plaintext_pass = '') {
 }
 endif;
 
+if ( !function_exists('wp_verify_nonce') ) :
+function wp_verify_nonce($nonce, $action = -1) {
+	$user = wp_get_current_user();
+	$uid = $user->id;
+
+	$i = ceil(time() / 43200);
+
+	//Allow for expanding range, but only do one check if we can
+	if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
+		return true;
+	return false;
+}
+endif;
+
+if ( !function_exists('wp_create_nonce') ) :
+function wp_create_nonce($action = -1) {
+	$user = wp_get_current_user();
+	$uid = $user->id;
+
+	$i = ceil(time() / 43200);
+	
+	return substr(wp_hash($i . $action . $uid), -12, 10);
+}
+endif;
+
+if ( !function_exists('wp_salt') ) :
+function wp_salt() {
+	$salt = get_option('secret');
+	if ( empty($salt) )
+		$salt = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
+
+	return $salt;
+}
+endif;
+
+if ( !function_exists('wp_hash') ) :
+function wp_hash($data) {
+	$salt = wp_salt();
+
+	if ( function_exists('hash_hmac') ) {
+		return hash_hmac('md5', $data, $salt);
+	} else {
+		return md5($data . $salt);
+	}
+}
+endif;
+
 ?>

wp-includes/registration-functions.php

@@ -27,6 +27,7 @@ function wp_insert_user($userdata) {
 
 	// Are we updating or creating?
 	if ( !empty($ID) ) {
+		$ID = (int) $ID;
 		$update = true;
 	} else {
 		$update = false;
@@ -35,16 +36,40 @@ function wp_insert_user($userdata) {
 	}
 	
 	$user_login = sanitize_user($user_login, true);
+	$user_login = apply_filters('pre_user_login', $user_login);
 
 	if ( empty($user_nicename) )
 		$user_nicename = sanitize_title( $user_login );
+	$user_nicename = apply_filters('pre_user_nicename', $user_nicename);
+
+	if ( empty($user_url) )
+		$user_url = '';
+	$user_url = apply_filters('pre_user_url', $user_url);
+
+	if ( empty($user_email) )
+		$user_email = '';
+	$user_email = apply_filters('pre_user_email', $user_email);
 
 	if ( empty($display_name) )
 		$display_name = $user_login;
-		
+	$display_name = apply_filters('pre_user_display_name', $display_name);
+
 	if ( empty($nickname) )
 		$nickname = $user_login;
-			
+	$nickname = apply_filters('pre_user_nickname', $nickname);
+
+	if ( empty($first_name) )
+		$first_name = '';
+	$first_name = apply_filters('pre_user_first_name', $first_name);
+
+	if ( empty($last_name) )
+		$last_name = '';
+	$last_name = apply_filters('pre_user_last_name', $last_name);
+
+	if ( empty($description) )
+		$description = '';
+	$description = apply_filters('pre_user_description', $description);
+
 	if ( empty($user_registered) )
 		$user_registered = gmdate('Y-m-d H:i:s');
 
@@ -93,7 +118,7 @@ function wp_insert_user($userdata) {
 }
 
 function wp_update_user($userdata) {
-	global $wpdb, $current_user;
+	global $wpdb;
 
 	$ID = (int) $userdata['ID'];
 	
@@ -114,6 +139,7 @@ function wp_update_user($userdata) {
 	$user_id = wp_insert_user($userdata);
 
 	// Update the cookies if the password changed.	
+	$current_user = wp_get_current_user();
 	if( $current_user->id == $ID ) {
 		if ( isset($plaintext_pass) ) {
 			wp_clearcookie();

wp-includes/template-functions-general.php

@@ -27,10 +27,7 @@ function get_sidebar() {
 
 
 function wp_loginout() {
-	global $user_ID;
-	get_currentuserinfo();
-
-	if ('' == $user_ID)
+	if ( ! is_user_logged_in() )
 		$link = '<a href="' . get_settings('siteurl') . '/wp-login.php">' . __('Login') . '</a>';
 	else
 		$link = '<a href="' . get_settings('siteurl') . '/wp-login.php?action=logout">' . __('Logout') . '</a>';
@@ -40,16 +37,15 @@ function wp_loginout() {
 
 
 function wp_register( $before = '<li>', $after = '</li>' ) {
-	global $user_ID;
 
-	get_currentuserinfo();
-
-	if ( '' == $user_ID && get_settings('users_can_register') )
-		$link = $before . '<a href="' . get_settings('siteurl') . '/wp-register.php">' . __('Register') . '</a>' . $after;
-	elseif ( '' == $user_ID && !get_settings('users_can_register') )
-		$link = '';
-	else
+	if ( ! is_user_logged_in() ) {
+		if ( get_settings('users_can_register') )
+			$link = $before . '<a href="' . get_settings('siteurl') . '/wp-register.php">' . __('Register') . '</a>' . $after;
+		else
+			$link = '';
+	} else {
 		$link = $before . '<a href="' . get_settings('siteurl') . '/wp-admin/">' . __('Site Admin') . '</a>' . $after;
+	}
 
 	echo apply_filters('register', $link);
 }
@@ -62,7 +58,9 @@ function wp_meta() {
 
 function bloginfo($show='') {
 	$info = get_bloginfo($show);
-	if ( ! (strstr($info, 'url') || strstr($info, 'directory')) ) {
+	if (!strstr($show, 'url') && //don't filter URLs
+		!strstr($show, 'directory') &&
+		!strstr($show, 'home')) {
 		$info = apply_filters('bloginfo', $info, $show);
 		$info = convert_chars($info);
 	}
@@ -482,7 +480,8 @@ function get_calendar($daylength = 1) {
 
 	if ( $previous ) {
 		echo "\n\t\t".'<td abbr="' . $month[zeroise($previous->month, 2)] . '" colspan="3" id="prev"><a href="' .
-		get_month_link($previous->year, $previous->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $month[zeroise($previous->month, 2)], date('Y', mktime(0, 0 , 0, $previous->month, 1, $previous->year))) . '">&laquo; ' . $month_abbrev[$month[zeroise($previous->month, 2)]] . '</a></td>';
+		get_month_link($previous->year, $previous->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $month[zeroise($previous->month, 2)],
+			date('Y', mktime(0, 0 , 0, $previous->month, 1, $previous->year))) . '">&laquo; ' . $month_abbrev[$month[zeroise($previous->month, 2)]] . '</a></td>';
 	} else {
 		echo "\n\t\t".'<td colspan="3" id="prev" class="pad">&nbsp;</td>';
 	}
@@ -491,8 +490,8 @@ function get_calendar($daylength = 1) {
 
 	if ( $next ) {
 		echo "\n\t\t".'<td abbr="' . $month[zeroise($next->month, 2)] . '" colspan="3" id="next"><a href="' .
-		get_month_link($next->year, $next->month) . '" title="View posts for ' . $month[zeroise($next->month, 2)] . ' ' .
-		date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year)) . '">' . $month_abbrev[$month[zeroise($next->month, 2)]] . ' &raquo;</a></td>';
+		get_month_link($next->year, $next->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $month[zeroise($next->month, 2)],
+			date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) . '">' . $month_abbrev[$month[zeroise($next->month, 2)]] . ' &raquo;</a></td>';
 	} else {
 		echo "\n\t\t".'<td colspan="3" id="next" class="pad">&nbsp;</td>';
 	}
@@ -506,8 +505,8 @@ function get_calendar($daylength = 1) {
 
 	// Get days with posts
 	$dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date)
-		FROM $wpdb->posts WHERE MONTH(post_date) = $thismonth
-		AND YEAR(post_date) = $thisyear
+		FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth'
+		AND YEAR(post_date) = '$thisyear'
 		AND post_status = 'publish'
 		AND post_date < '" . current_time('mysql') . '\'', ARRAY_N);
 	if ( $dayswithposts ) {

wp-includes/template-functions-links.php

@@ -62,14 +62,15 @@ function get_permalink($id = 0) {
 
 		$authordata = get_userdata($post->post_author);
 		$author = $authordata->user_nicename;
+		$date = explode(" ",date('Y m d H i s', $unixtime));
 		$rewritereplace = 
 		array(
-			date('Y', $unixtime),
-			date('m', $unixtime),
-			date('d', $unixtime),
-			date('H', $unixtime),
-			date('i', $unixtime),
-			date('s', $unixtime),
+			$date[0],
+			$date[1],
+			$date[2],
+			$date[3],
+			$date[4],
+			$date[5],
 			$post->post_name,
 			$post->ID,
 			$category,
@@ -205,13 +206,10 @@ function get_feed_link($feed='rss2') {
 }
 
 function edit_post_link($link = 'Edit This', $before = '', $after = '') {
-	global $user_ID, $post;
+	global $post;
 
-	get_currentuserinfo();
-
-	if ( !user_can_edit_post($user_ID, $post->ID) ) {
+	if ( ! current_user_can('edit_post', $post->ID) )
 		return;
-	}
 
 	if ( is_attachment() )
 		return;
@@ -223,11 +221,9 @@ function edit_post_link($link = 'Edit This', $before = '', $after = '') {
 }
 
 function edit_comment_link($link = 'Edit This', $before = '', $after = '') {
-	global $user_ID, $post, $comment;
+	global $post, $comment;
 
-	get_currentuserinfo();
-
-	if ( !user_can_edit_post_comments($user_ID, $post->ID) )
+	if ( ! current_user_can('edit_post', $post->ID) )
 		return;
 
 	$location = get_settings('siteurl') . "/wp-admin/post.php?action=editcomment&comment=$comment->comment_ID";

wp-includes/vars.php

@@ -92,16 +92,6 @@ if (!isset($wpsmiliestrans)) {
 	);
 }
 
-// sorts the smilies' array
-if (!function_exists('smiliescmp')) {
-function smiliescmp ($a, $b) {
-	if (strlen($a) == strlen($b)) {
-		return strcmp($a, $b);
-	}
-		return (strlen($a) > strlen($b)) ? -1 : 1;
-	}
-}
-uksort($wpsmiliestrans, 'smiliescmp');
 
 // generates smilies' search & replace arrays
 foreach($wpsmiliestrans as $smiley => $img) {

wp-includes/version.php

@@ -2,7 +2,7 @@
 
 // This just holds the version number, in a separate file so we can bump it without cluttering the SVN
 
-$wp_version = '2.0.1';
-$wp_db_version = 3437;
+$wp_version = '2.0.3';
+$wp_db_version = 3440;
 
-?>
+?>

wp-login.php

@@ -177,12 +177,12 @@ default:
 		$user_login = sanitize_user( $user_login );
 		$user_pass  = $_POST['pwd'];
 		$rememberme = $_POST['rememberme'];
-	} elseif ( !empty($_COOKIE) ) {
-		if ( !empty($_COOKIE[USER_COOKIE]) )
-			$user_login = $_COOKIE[USER_COOKIE];
-		if ( !empty($_COOKIE[PASS_COOKIE]) ) {
-			$user_pass = $_COOKIE[PASS_COOKIE];
+	} else {
+		$cookie_login = wp_get_cookie_login();
+		if ( ! empty($cookie_login) ) {
 			$using_cookie = true;
+			$user_login = $cookie_login['login'];
+			$user_pass = $cookie_login['password'];
 		}
 	}
 

wp-register.php

@@ -25,10 +25,13 @@ case 'register':
 		$errors['user_email'] = __('<strong>ERROR</strong>: Please type your e-mail address.');
 	} else if (!is_email($user_email)) {
 		$errors['user_email'] = __('<strong>ERROR</strong>: The email address isn&#8217;t correct.');
+		$user_email = '';
 	}
 
-	if ( ! validate_username($user_login) )
+	if ( ! validate_username($user_login) ) {
 		$errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.');
+		$user_login = '';
+	}
 
 	if ( username_exists( $user_login ) )
 		$errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');
@@ -67,9 +70,9 @@ case 'register':
 
 <div id="login"> 
 	<h2><?php _e('Registration Complete') ?></h2>
-	<p><?php printf(__('Username: %s'), "<strong>$user_login</strong>") ?><br />
+	<p><?php printf(__('Username: %s'), "<strong>" . wp_specialchars($user_login) . "</strong>") ?><br />
 	<?php printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>') ?> <br />
-	<?php printf(__('E-mail: %s'), "<strong>$user_email</strong>") ?></p>
+	<?php printf(__('E-mail: %s'), "<strong>" . wp_specialchars($user_email) . "</strong>") ?></p>
 	<p class="submit"><a href="wp-login.php"><?php _e('Login'); ?> &raquo;</a></p>
 </div>
 </body>
@@ -110,8 +113,8 @@ default:
 <?php endif; ?>
 <form method="post" action="wp-register.php" id="registerform">
 	<p><input type="hidden" name="action" value="register" />
-	<label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo $user_login; ?>" /><br /></p>
-	<p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo $user_email; ?>" /></p>
+	<label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo wp_specialchars($user_login); ?>" /><br /></p>
+	<p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo wp_specialchars($user_email); ?>" /></p>
 	<p><?php _e('A password will be emailed to you.') ?></p>
 	<p class="submit"><input type="submit" value="<?php _e('Register') ?> &raquo;" id="submit" name="submit" /></p>
 </form>

wp-settings.php

@@ -190,7 +190,6 @@ if ( get_magic_quotes_gpc() ) {
 	$_GET    = stripslashes_deep($_GET   );
 	$_POST   = stripslashes_deep($_POST  );
 	$_COOKIE = stripslashes_deep($_COOKIE);
-	$_SERVER = stripslashes_deep($_SERVER);
 }
 
 // Escape with wpdb.