I hear tagging is hip

git-svn-id: http://svn.automattic.com/wordpress/tags/2.0.6@4683 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/admin-db.php

@@ -34,7 +34,7 @@ function get_editable_authors( $user_id ) {
 		return false;
 	} else {
 		$editable = join(',', $editable);
-		$authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable)" );
+		$authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" );
 	}
 
 	return apply_filters('get_editable_authors', $authors);
@@ -92,16 +92,19 @@ function wp_insert_category($catarr) {
 	else
 		$update = false;
 
-	$cat_name = wp_specialchars($cat_name);
-
+	$cat_name = apply_filters('pre_category_name', $cat_name);
+	
 	if (empty ($category_nicename))
 		$category_nicename = sanitize_title($cat_name);
 	else
 		$category_nicename = sanitize_title($category_nicename);
+	$category_nicename = apply_filters('pre_category_nicename', $category_nicename);
 
 	if (empty ($category_description))
 		$category_description = '';
+	$category_description = apply_filters('pre_category_description', $category_description);
 
+	$category_parent = (int) $category_parent;
 	if (empty ($category_parent))
 		$category_parent = 0;
 
@@ -153,7 +156,7 @@ function wp_delete_category($cat_ID) {
 	$cat_ID = (int) $cat_ID;
 
 	// Don't delete the default cat.
-	if (1 == $cat_ID)
+	if ($cat_ID == get_option('default_category'))
 		return 0;
 
 	$category = get_category($cat_ID);
@@ -167,7 +170,8 @@ function wp_delete_category($cat_ID) {
 	$wpdb->query("UPDATE $wpdb->categories SET category_parent = '$parent' WHERE category_parent = '$cat_ID'");
 
 	// TODO: Only set categories to general if they're not in another category already
-	$wpdb->query("UPDATE $wpdb->post2cat SET category_id='1' WHERE category_id='$cat_ID'");
+	$default_cat = get_option('default_category');
+	$wpdb->query("UPDATE $wpdb->post2cat SET category_id='$default_cat' WHERE category_id='$cat_ID'");
 
 	wp_cache_delete($cat_ID, 'category');
 	wp_cache_delete('all_category_ids', 'category');
@@ -262,23 +266,55 @@ function wp_insert_link($linkdata) {
 	extract($linkdata);
 
 	$update = false;
+
 	if ( !empty($link_id) )
 		$update = true;
 
+	if( trim( $link_name ) == '' )
+		return 0;
+	$link_name = apply_filters('pre_link_name', $link_name);
+
+	if( trim( $link_url ) == '' )
+		return 0;
+	$link_url = apply_filters('pre_link_url', $link_url);
+
 	if ( empty($link_rating) )
 		$link_rating = 0;	
+	else
+		$link_rating = (int) $link_rating;
+
+	if ( empty($link_image) )
+		$link_image = '';
+	$link_image = apply_filters('pre_link_image', $link_image);
 
 	if ( empty($link_target) )
 		$link_target = '';	
+	$link_target = apply_filters('pre_link_target', $link_target);
 
 	if ( empty($link_visible) )
 		$link_visible = 'Y';
-		
+	$link_visibile = preg_replace('/[^YNyn]/', '', $link_visible);
+
 	if ( empty($link_owner) )
 		$link_owner = $current_user->id;
+	else
+		$link_owner = (int) $link_owner;
 
 	if ( empty($link_notes) )
 		$link_notes = '';
+	$link_notes = apply_filters('pre_link_notes', $link_notes);
+
+	if ( empty($link_description) )
+		$link_description = '';
+	$link_description = apply_filters('pre_link_description', $link_description);
+
+	if ( empty($link_rss) )
+		$link_rss = '';
+	$link_rss = apply_filters('pre_link_rss', $link_rss);
+
+	if ( empty($link_rel) )
+		$link_rel = '';
+	$link_rel = apply_filters('pre_link_rel', $link_rel);
 
 	if ( $update ) {
 		$wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',

wp-admin/admin-footer.php

@@ -2,7 +2,7 @@
 <div id="footer"><p><a href="http://wordpress.org/" id="wordpress-logo"><img src="images/wordpress-logo.png" alt="WordPress" /></a></p>
 <p>
 <a href="http://codex.wordpress.org/"><?php _e('Documentation'); ?></a> &#8212; <a href="http://wordpress.org/support/"><?php _e('Support Forums'); ?></a> <br />
-<?php bloginfo('version'); ?> &#8212; <?php printf(__('%s seconds'), number_format(timer_stop(), 2)); ?>
+<?php bloginfo('version'); ?> &#8212; <?php printf(__('%s seconds'), timer_stop(0, 2)); ?>
 </p>
 
 </div>

wp-admin/admin-functions.php

@@ -43,6 +43,12 @@ function write_post() {
 	if ('static' == $_POST['post_status'] && !current_user_can('edit_pages'))
 		die(__('This user cannot edit pages.'));
 
+	if (!isset ($_POST['comment_status']))
+		$_POST['comment_status'] = 'closed';
+
+	if (!isset ($_POST['ping_status']))
+		$_POST['ping_status'] = 'closed';
+
 	if (!empty ($_POST['edit_date'])) {
 		$aa = $_POST['aa'];
 		$mm = $_POST['mm'];
@@ -84,12 +90,12 @@ function relocate_children($old_ID, $new_ID) {
 function fix_attachment_links($post_ID) {
 	global $wp_rewrite;
 
-	$post = & get_post($post_ID);
+	$post = & get_post($post_ID, ARRAY_A);
 
 	$search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie";
 
 	// See if we have any rel="attachment" links
-	if ( 0 == preg_match_all($search, $post->post_content, $anchor_matches, PREG_PATTERN_ORDER) )
+	if ( 0 == preg_match_all($search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER) )
 		return;
 
 	$i = 0;
@@ -101,9 +107,11 @@ function fix_attachment_links($post_ID) {
 		$id = $id_matches[2];
 
 		// While we have the attachment ID, let's adopt any orphans.
-		$attachment = & get_post($id);
-		if ( ! is_object(get_post($attachment->post_parent)) ) {
-			$attachment->post_parent = $post_ID;
+		$attachment = & get_post($id, ARRAY_A);
+		if ( ! empty($attachment) && ! is_object(get_post($attachment['post_parent'])) ) {
+			$attachment['post_parent'] = $post_ID;
+			// Escape data pulled from DB.
+			$attachment = add_magic_quotes($attachment);
 			wp_update_post($attachment);
 		}
 
@@ -112,7 +120,10 @@ function fix_attachment_links($post_ID) {
 		++$i;
 	}
 
-	$post->post_content = str_replace($post_search, $post_replace, $post->post_content);
+	$post['post_content'] = str_replace($post_search, $post_replace, $post['post_content']);
+
+	// Escape data pulled from DB.
+	$post = add_magic_quotes($post);
 
 	return wp_update_post($post);
 }
@@ -254,6 +265,8 @@ function get_post_to_edit($id) {
 	$post->post_title = format_to_edit($post->post_title);
 	$post->post_title = apply_filters('title_edit_pre', $post->post_title);
 
+    $post->post_password = format_to_edit($post->post_password); 
+
 	if ($post->post_status == 'static')
 		$post->page_template = get_post_meta($id, '_wp_page_template', true);
 
@@ -276,7 +289,7 @@ function get_default_post_to_edit() {
 	else if ( !empty($post_title) ) {
 		$text       = wp_specialchars(stripslashes(urldecode($_REQUEST['text'])));
 		$text       = funky_javascript_fix($text);
-		$popupurl   = wp_specialchars($_REQUEST['popupurl']);
+		$popupurl   = attribute_escape(stripslashes($_REQUEST['popupurl']));
         $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
     }
 
@@ -322,6 +335,23 @@ function get_category_to_edit($id) {
 	return $category;
 }
 
+function get_user_to_edit($user_id) {
+	$user = new WP_User($user_id);
+	$user->user_login   = attribute_escape($user->user_login);
+	$user->user_email   = attribute_escape($user->user_email);
+	$user->user_url     = attribute_escape($user->user_url);
+	$user->first_name   = attribute_escape($user->first_name);
+	$user->last_name    = attribute_escape($user->last_name);
+	$user->display_name = attribute_escape($user->display_name);
+	$user->nickname     = attribute_escape($user->nickname);
+	$user->aim          = attribute_escape($user->aim);
+	$user->yim          = attribute_escape($user->yim);
+	$user->jabber       = attribute_escape($user->jabber);
+	$user->description  =  wp_specialchars($user->description);
+
+	return $user;
+}
+
 // Creates a new user from the "Users" form using $_POST information.
 
 function add_user() {
@@ -350,7 +380,7 @@ function edit_user($user_id = 0) {
 	if (isset ($_POST['pass2']))
 		$pass2 = $_POST['pass2'];
 
-	if (isset ($_POST['role'])) {
+	if (isset ($_POST['role']) && current_user_can('edit_users')) {
 		if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
 			$user->role = $_POST['role'];
 	}
@@ -370,7 +400,7 @@ function edit_user($user_id = 0) {
 	if (isset ($_POST['display_name']))
 		$user->display_name = wp_specialchars(trim($_POST['display_name']));
 	if (isset ($_POST['description']))
-		$user->description = wp_specialchars(trim($_POST['description']));
+		$user->description = trim($_POST['description']);
 	if (isset ($_POST['jabber']))
 		$user->jabber = wp_specialchars(trim($_POST['jabber']));
 	if (isset ($_POST['aim']))
@@ -436,24 +466,27 @@ function edit_user($user_id = 0) {
 
 function get_link_to_edit($link_id) {
 	$link = get_link($link_id);
-	
-	$link->link_url = wp_specialchars($link->link_url, 1);
-	$link->link_name = wp_specialchars($link->link_name, 1);
-	$link->link_description = wp_specialchars($link->link_description);
-	$link->link_notes = wp_specialchars($link->link_notes);
-	$link->link_rss = wp_specialchars($link->link_rss);
-	
+
+	$link->link_url         = attribute_escape($link->link_url);
+	$link->link_name        = attribute_escape($link->link_name);
+	$link->link_image       = attribute_escape($link->link_image);
+	$link->link_description = attribute_escape($link->link_description);
+	$link->link_rss         = attribute_escape($link->link_rss);
+	$link->link_rel         = attribute_escape($link->link_rel);
+	$link->link_notes       =  wp_specialchars($link->link_notes);
+	$link->post_category    = $link->link_category;
+
 	return $link;
 }
 
 function get_default_link_to_edit() {
 	if ( isset($_GET['linkurl']) )
-		$link->link_url = wp_specialchars($_GET['linkurl'], 1);
+		$link->link_url = attribute_escape($_GET['linkurl']);
 	else
 		$link->link_url = '';
 	
 	if ( isset($_GET['name']) )
-		$link->link_name = wp_specialchars($_GET['name'], 1);
+		$link->link_name = attribute_escape($_GET['name']);
 	else
 		$link->link_name = '';
 		
@@ -512,7 +545,7 @@ function checked($checked, $current) {
 
 function return_categories_list($parent = 0) {
 	global $wpdb;
-	return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC LIMIT 100");
+	return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC");
 }
 
 function sort_cats($cat1, $cat2) {
@@ -582,14 +615,13 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
 		foreach ($categories as $category) {
 			if ($category->category_parent == $parent) {
 				$category->cat_name = wp_specialchars($category->cat_name);
-				$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
 				$pad = str_repeat('&#8212; ', $level);
 				if ( current_user_can('manage_categories') ) {
 					$edit = "<a href='categories.php?action=edit&amp;cat_ID=$category->cat_ID' class='edit'>".__('Edit')."</a></td>";
 					$default_cat_id = get_option('default_category');
-					
+
 					if ($category->cat_ID != $default_cat_id)
-						$edit .= "<td><a href='categories.php?action=delete&amp;cat_ID=$category->cat_ID' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '".sprintf(__("You are about to delete the category &quot;%s&quot;.  All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>";
+						$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category &quot;%s&quot;.  All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape($category->cat_name))."' );\" class='delete'>".__('Delete')."</a>";
 					else
 						$edit .= "<td style='text-align:center'>".__("Default");
 				}
@@ -599,7 +631,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
 				$class = ('alternate' == $class) ? '' : 'alternate';
 				echo "<tr id='cat-$category->cat_ID' class='$class'><th scope='row'>$category->cat_ID</th><td>$pad $category->cat_name</td>
 								<td>$category->category_description</td>
-								<td>$count</td>
+								<td>$category->category_count</td>
 								<td>$edit</td>
 								</tr>";
 				cat_rows($category->cat_ID, $level +1, $categories);
@@ -633,7 +665,7 @@ function page_rows($parent = 0, $level = 0, $pages = 0) {
     <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 
 	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
     <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $id) .  "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
   </tr> 
 
 <?php
@@ -816,6 +848,20 @@ function list_meta($meta) {
 			$style = '';
 		if ('_' == $entry['meta_key'] { 0 })
 			$style .= ' hidden';
+
+		if ( is_serialized($entry['meta_value']) ) {
+			if ( is_serialized_string($entry['meta_value']) ) {
+				// this is a serialized string, so we should display it
+				$entry['meta_value'] = maybe_unserialize($entry['meta_value']);
+			} else {
+				// this is a serialized array/object so we should NOT display it
+				--$count;
+				continue;
+			}
+		}
+
+		$entry['meta_key'] = attribute_escape( $entry['meta_key']);
+		$entry['meta_value'] = attribute_escape( $entry['meta_value']);
 		echo "
 			<tr class='$style'>
 				<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>
@@ -866,6 +912,7 @@ function meta_form() {
 <?php
 
 	foreach ($keys as $key) {
+		$key = attribute_escape($key);
 		echo "\n\t<option value='$key'>$key</option>";
 	}
 ?>
@@ -887,7 +934,8 @@ function add_meta($post_ID) {
 
 	$metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
 	$metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
-	$metavalue = $wpdb->escape(stripslashes(trim($_POST['metavalue'])));
+	$metavalue = maybe_serialize(stripslashes((trim($_POST['metavalue']))));
+	$metavalue = $wpdb->escape($metavalue);
 
 	if ( ('0' === $metavalue || !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) || !empty ($metakeyinput)) ) {
 		// We have a key/value pair. If both the select and the 
@@ -915,7 +963,9 @@ function delete_meta($mid) {
 
 function update_meta($mid, $mkey, $mvalue) {
 	global $wpdb;
-
+	$mvalue = maybe_serialize(stripslashes($mvalue));
+	$mvalue = $wpdb->escape($mvalue);
+	$mid = (int) $mid;
 	return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'");
 }
 
@@ -1071,15 +1121,13 @@ function save_mod_rewrite_rules() {
 }
 
 function the_quicktags() {
-	// Browser detection sucks, but until Safari supports the JS needed for this to work people just assume it's a bug in WP
-	if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Safari'))
 		echo '
 		<div id="quicktags">
 			<script src="../wp-includes/js/quicktags.js" type="text/javascript"></script>
 			<script type="text/javascript">if ( typeof tinyMCE == "undefined" || tinyMCE.configs.length < 1 ) edToolbar();</script>
 		</div>
 ';
-	else echo '
+	echo '
 <script type="text/javascript">
 function edInsertContent(myField, myValue) {
 	//IE support
@@ -1204,6 +1252,7 @@ function user_can_access_admin_page() {
 	global $pagenow;
 	global $menu;
 	global $submenu;
+	global $plugin_page;
 
 	$parent = get_admin_page_parent();
 
@@ -1219,15 +1268,23 @@ function user_can_access_admin_page() {
 	}
 
 	if (isset ($submenu[$parent])) {
-		foreach ($submenu[$parent] as $submenu_array) {
-			if ($submenu_array[2] == $pagenow) {
-				if (!current_user_can($submenu_array[1])) {
-					return false;
-				} else {
-					return true;
+		if ( isset($plugin_page) ) {
+			foreach ($submenu[$parent] as $submenu_array) {
+				if ( $submenu_array[2] == $plugin_page ) {
+					if (!current_user_can($submenu_array[1]))
+						return false;
 				}
 			}
 		}
+
+		foreach ($submenu[$parent] as $submenu_array) {		
+			if ($submenu_array[2] == $pagenow) {
+				if (!current_user_can($submenu_array[1]))
+					return false;
+				else
+					return true;
+			}
+		}
 	}
 
 	return true;
@@ -1472,23 +1529,23 @@ function get_plugin_data($plugin_file) {
 	preg_match("|Author:(.*)|i", $plugin_data, $author_name);
 	preg_match("|Author URI:(.*)|i", $plugin_data, $author_uri);
 	if (preg_match("|Version:(.*)|i", $plugin_data, $version))
-		$version = $version[1];
+		$version = trim($version[1]);
 	else
 		$version = '';
 
-	$description = wptexturize($description[1]);
+	$description = wptexturize(trim($description[1]));
 
 	$name = $plugin_name[1];
 	$name = trim($name);
 	$plugin = $name;
 	if ('' != $plugin_uri[1] && '' != $name) {
-		$plugin = '<a href="'.$plugin_uri[1].'" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
+		$plugin = '<a href="' . trim($plugin_uri[1]) . '" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
 	}
 
 	if ('' == $author_uri[1]) {
-		$author = $author_name[1];
+		$author = trim($author_name[1]);
 	} else {
-		$author = '<a href="'.$author_uri[1].'" title="'.__('Visit author homepage').'">'.$author_name[1].'</a>';
+		$author = '<a href="' . trim($author_uri[1]) . '" title="'.__('Visit author homepage').'">' . trim($author_name[1]) . '</a>';
 	}
 
 	return array ('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1]);
@@ -1528,25 +1585,23 @@ function get_plugins() {
 		}
 	}
 
-	if (!$plugins_dir || !$plugin_files) {
+	if ( !$plugins_dir || !$plugin_files )
 		return $wp_plugins;
-	}
 
-	sort($plugin_files);
-
-	foreach ($plugin_files as $plugin_file) {
+	foreach ( $plugin_files as $plugin_file ) {
 		if ( !is_readable("$plugin_root/$plugin_file"))
 			continue;
 
 		$plugin_data = get_plugin_data("$plugin_root/$plugin_file");
 
-		if (empty ($plugin_data['Name'])) {
+		if ( empty ($plugin_data['Name']) )
 			continue;
-		}
 
 		$wp_plugins[plugin_basename($plugin_file)] = $plugin_data;
 	}
 
+	uasort($wp_plugins, create_function('$a, $b', 'return strnatcasecmp($a["Name"], $b["Name"]);'));
+
 	return $wp_plugins;
 }
 
@@ -1654,45 +1709,6 @@ function wp_handle_upload(&$file, $overrides = false) {
 		__("Missing a temporary folder."),
 		__("Failed to write file to disk."));
 
-	// Accepted MIME types are set here as PCRE. Override with $override['mimes'].
-	$mimes = apply_filters('upload_mimes', array (
-		'jpg|jpeg|jpe' => 'image/jpeg',
-		'gif' => 'image/gif',
-		'png' => 'image/png',
-		'bmp' => 'image/bmp',
-		'tif|tiff' => 'image/tiff',
-		'ico' => 'image/x-icon',
-		'asf|asx|wax|wmv|wmx' => 'video/asf',
-		'avi' => 'video/avi',
-		'mov|qt' => 'video/quicktime',
-		'mpeg|mpg|mpe' => 'video/mpeg',
-		'txt|c|cc|h' => 'text/plain',
-		'rtx' => 'text/richtext',
-		'css' => 'text/css',
-		'htm|html' => 'text/html',
-		'mp3|mp4' => 'audio/mpeg',
-		'ra|ram' => 'audio/x-realaudio',
-		'wav' => 'audio/wav',
-		'ogg' => 'audio/ogg',
-		'mid|midi' => 'audio/midi',
-		'wma' => 'audio/wma',
-		'rtf' => 'application/rtf',
-		'js' => 'application/javascript',
-		'pdf' => 'application/pdf',
-		'doc' => 'application/msword',
-		'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
-		'wri' => 'application/vnd.ms-write',
-		'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
-		'mdb' => 'application/vnd.ms-access',
-		'mpp' => 'application/vnd.ms-project',
-		'swf' => 'application/x-shockwave-flash',
-		'class' => 'application/java',
-		'tar' => 'application/x-tar',
-		'zip' => 'application/zip',
-		'gz|gzip' => 'application/x-gzip',
-		'exe' => 'application/x-msdownload'
-	));
-
 	// All tests are on by default. Most can be turned off by $override[{test_name}] = false;
 	$test_form = true;
 	$test_size = true;
@@ -1720,17 +1736,11 @@ function wp_handle_upload(&$file, $overrides = false) {
 	if (! @ is_uploaded_file($file['tmp_name']) )
 		return $upload_error_handler($file, __('Specified file failed upload test.'));
 
-	// A correct MIME type will pass this test.
+	// A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter.
 	if ( $test_type ) {
-		$type = false;
-		$ext = false;
-		foreach ($mimes as $ext_preg => $mime_match) {
-			$ext_preg = '![^.]\.(' . $ext_preg . ')$!i';
-			if ( preg_match($ext_preg, $file['name'], $ext_matches) ) {
-				$type = $mime_match;
-				$ext = $ext_matches[1];
-			}
-		}
+		$wp_filetype = wp_check_filetype($file['name'], $mimes);
+
+		extract($wp_filetype);
 
 		if ( !$type || !$ext )
 			return $upload_error_handler($file, __('File type does not meet security guidelines. Try another.'));
@@ -1757,6 +1767,8 @@ function wp_handle_upload(&$file, $overrides = false) {
 			else
 				$filename = str_replace("$number$ext", ++$number . $ext, $filename);
 		}
+		$filename = str_replace($ext, '', $filename);
+		$filename = sanitize_title_with_dashes($filename) . $ext;
 	}
 
 	// Move the file to the uploads dir
@@ -1798,7 +1810,7 @@ o.action.value = 'view';
 o.submit();
 }
 </script>
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo $action ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo $action ?>">
 <label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
 <input type="hidden" name="action" value="save" />
 <div id="buttons">

wp-admin/admin-header.php

@@ -3,7 +3,8 @@
 if (!isset($_GET["page"])) require_once('admin.php');
 if ( $editing ) {
 	$dbx_js = true;
-	$cat_js = true;
+	if ( current_user_can('manage_categories') )
+		$cat_js = true;
 }
 if ( $list_js || $cat_js )
 	$sack_js = true;

wp-admin/admin.php

@@ -17,7 +17,7 @@ nocache_headers();
 
 update_category_cache();
 
-get_currentuserinfo();
+wp_get_current_user();
 
 $posts_per_page = get_settings('posts_per_page');
 $what_to_show = get_settings('what_to_show');
@@ -42,12 +42,15 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 
 $xfn_js = $sack_js = $list_js = $cat_js = $dbx_js = $editing = false;
 
-require(ABSPATH . '/wp-admin/menu.php');
-
-// Handle plugin admin pages.
 if (isset($_GET['page'])) {
 	$plugin_page = stripslashes($_GET['page']);
 	$plugin_page = plugin_basename($plugin_page);
+}
+
+require(ABSPATH . '/wp-admin/menu.php');
+
+// Handle plugin admin pages.
+if (isset($plugin_page)) {
 	$page_hook = get_plugin_page_hook($plugin_page, $pagenow);
 
 	if ( $page_hook ) {
@@ -61,7 +64,7 @@ if (isset($_GET['page'])) {
 		}
 		
 		if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page"))
-			die(sprintf(__('Cannot load %s.'), $plugin_page));
+			die(sprintf(__('Cannot load %s.'), htmlentities($plugin_page)));
 
 		if (! isset($_GET['noheader']))
 			require_once(ABSPATH . '/wp-admin/admin-header.php');
@@ -76,6 +79,9 @@ if (isset($_GET['page'])) {
 	
 	$importer = $_GET['import'];
 
+	if ( ! current_user_can('import') )
+		wp_die(__('You are not allowed to import.'));
+
 	if ( validate_file($importer) ) {
 		die(__('Invalid importer.'));
 	}

wp-admin/bookmarklet.php

@@ -37,7 +37,7 @@ else
 	
   
 $content  = wp_specialchars($_REQUEST['content']);
-$popupurl = wp_specialchars($_REQUEST['popupurl']);
+$popupurl = attribute_escape(stripslashes($_REQUEST['popupurl']));
     if ( !empty($content) ) {
         $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
     } else {

wp-admin/cat-js.php

@@ -144,9 +144,9 @@ function ajaxNewCat() {
 	var split_cats = new Array(1);
 	var catString = '';
 
-	catString = 'ajaxnewcat=' + encodeURIComponent(newcat.value);
+	catString = ajaxCat.encVar('ajaxnewcat', newcat.value) + '&' + ajaxCat.encVar('cookie', document.cookie);
 	ajaxCat.requestFile = 'edit-form-ajax-cat.php';
-	ajaxCat.method = 'GET';
+	ajaxCat.method = 'POST';
 	ajaxCat.onLoading = newCatLoading;
 	ajaxCat.onLoaded = newCatLoaded;
 	ajaxCat.onInteractive = newCatInteractive;
@@ -175,4 +175,4 @@ function myPload( str ) {
 	if ( currentElement != "" )
 		fixedExplode[count] = currentElement;
 	return fixedExplode;
-}
+}

wp-admin/categories.php

@@ -25,31 +25,34 @@ switch($action) {
 
 case 'addcat':
 
+	check_admin_referer('add-category');
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin’ uh?'));
 	
 	wp_insert_category($_POST);
 
-	header('Location: categories.php?message=1#addcat');
+	wp_redirect('categories.php?message=1#addcat');
+	exit;
 break;
 
 case 'delete':
-
-	check_admin_referer();
+	$cat_ID = (int) $_GET['cat_ID'];
+	check_admin_referer('delete-category_' .  $cat_ID);
 
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin’ uh?'));
 
-	$cat_ID = (int) $_GET['cat_ID'];
 	$cat_name = get_catname($cat_ID);
 
-	if ( 1 == $cat_ID )
+	// Don't delete the default cats.
+	if ( $cat_ID == get_option('default_category') )
 		die(sprintf(__("Can't delete the <strong>%s</strong> category: this is the default one"), $cat_name));
 
 	wp_delete_category($cat_ID);
 
-	header('Location: categories.php?message=2');
-
+	wp_redirect('categories.php?message=2');
+	exit;
 break;
 
 case 'edit':
@@ -62,15 +65,16 @@ case 'edit':
 <div class="wrap">
  <h2><?php _e('Edit Category') ?></h2>
  <form name="editcat" action="categories.php" method="post">
+	  <?php wp_nonce_field('update-category_' .  $category->cat_ID); ?>
 	  <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 		<tr>
 		  <th width="33%" scope="row"><?php _e('Category name:') ?></th>
-		  <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
+		  <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
 <input type="hidden" name="cat_ID" value="<?php echo $category->cat_ID ?>" /></td>
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Category slug:') ?></th>
-			<td><input name="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>
+			<td><input name="category_nicename" type="text" value="<?php echo attribute_escape($category->category_nicename); ?>" size="40" /></td>
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Category parent:') ?></th>
@@ -82,7 +86,7 @@ case 'edit':
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Description:') ?></th>
-			<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description, 1); ?></textarea></td>
+			<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td>
 		</tr>
 		</table>
 	  <p class="submit"><input type="submit" name="submit" value="<?php _e('Edit category') ?> &raquo;" /></p>
@@ -94,12 +98,16 @@ case 'edit':
 break;
 
 case 'editedcat':
+	$cat_ID = (int) $_POST['cat_ID'];
+	check_admin_referer('update-category_' . $cat_ID);
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));
 	
 	wp_update_category($_POST);
 
-	header('Location: categories.php?message=3');
+	wp_redirect('categories.php?message=3');
+	exit;
 break;
 
 default:
@@ -146,7 +154,7 @@ cat_rows();
 <div class="wrap">
     <h2><?php _e('Add New Category') ?></h2>
     <form name="addcat" id="addcat" action="categories.php" method="post">
-        
+    <?php wp_nonce_field('add-category'); ?>
         <p><?php _e('Name:') ?><br />
         <input type="text" name="cat_name" value="" /></p>
         <p><?php _e('Category parent:') ?><br />

wp-admin/edit-comments.php

@@ -7,7 +7,7 @@ $list_js = true;
 
 require_once('admin-header.php');
 if (empty($_GET['mode'])) $mode = 'view';
-else $mode = wp_specialchars($_GET['mode'], 1);
+else $mode = attribute_escape($_GET['mode']);
 ?>
 
 <script type="text/javascript">
@@ -30,7 +30,7 @@ function checkAll(form)
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Show Comments That Contain...') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
   <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
   <?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
@@ -39,6 +39,8 @@ function checkAll(form)
 <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
 <?php
 if ( !empty( $_POST['delete_comments'] ) ) :
+	check_admin_referer('bulk-comments');
+
 	$i = 0;
 	foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
 		$comment = (int) $comment;
@@ -96,13 +98,13 @@ if ('view' == $mode) {
         <p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');  
 			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 				echo " | <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
-				echo " | <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars( $comment->comment_author, 1 ))  . "' );\">" . __('Delete Comment') . "</a> &#8212; ";
+				echo ' | <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
 			} // end if any comments to show
 			// Get post title
 			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 				$post_title = $wpdb->get_var("SELECT post_title FROM $wpdb->posts WHERE ID = $comment->comment_post_ID");
 				$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
-				?> <a href="post.php?action=edit&amp;post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post &#8220;%s&#8221;'), stripslashes($post_title)); ?></a>
+				?> | <a href="post.php?action=edit&amp;post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post &#8220;%s&#8221;'), stripslashes($post_title)); ?></a>
 				<?php } ?>
 			 | <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a></p>
 		</li>
@@ -124,8 +126,9 @@ if ('view' == $mode) {
 } elseif ('edit' == $mode) {
 
 	if ($comments) {
-		echo '<form name="deletecomments" id="deletecomments" action="" method="post"> 
-		<table width="100%" cellpadding="3" cellspacing="3">
+		echo '<form name="deletecomments" id="deletecomments" action="" method="post"> ';
+		wp_nonce_field('bulk-comments');
+		echo '<table width="100%" cellpadding="3" cellspacing="3">
   <tr>
     <th scope="col">*</th>
     <th scope="col">' .  __('Name') . '</th>
@@ -148,13 +151,13 @@ if ('view' == $mode) {
     <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 	echo "<a href='post.php?action=editcomment&amp;comment=$comment->comment_ID' class='edit'>" .  __('Edit') . "</a>"; } ?></td>
     <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
-            echo "<a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\"    class='delete'>" . __('Delete') . "</a>"; } ?></td>
+            echo "<a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return confirm('" . __("You are about to delete this comment.\\n  \'Cancel\' to stop, \'OK\' to delete.") . "')\"    class='delete'>" . __('Delete') . "</a>"; } ?></td>
   </tr>
 		<?php 
 		} // end foreach
 	?></table>
     <p><a href="javascript:;" onclick="checkAll(document.getElementById('deletecomments')); return false; "><?php _e('Invert Checkbox Selection') ?></a></p>
-            <p class="submit"><input type="submit" name="Submit" value="<?php _e('Delete Checked Comments') ?> &raquo;" onclick="return confirm('<?php _e("You are about to delete these comments permanently \\n  \'Cancel\' to stop, \'OK\' to delete.") ?>')" />	</p>
+            <p class="submit"><input type="submit" name="Submit" value="<?php _e('Delete Checked Comments') ?> &raquo;" onclick="return confirm('<?php _e("You are about to delete these comments permanently.\\n  \'Cancel\' to stop, \'OK\' to delete.") ?>')" />	</p>
   </form>
 <?php
 	} else {

wp-admin/edit-form-advanced.php

@@ -22,9 +22,11 @@ if (0 == $post_ID) {
 	$form_action = 'post';
 	$temp_ID = -1 * time();
 	$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
+	wp_nonce_field('add-post');
 } else {
 	$form_action = 'editpost';
 	$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+	wp_nonce_field('update-post_' .  $post_ID);
 }
 
 $form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
@@ -37,7 +39,7 @@ if ('' != $post->pinged) {
 	$pings = '<p>'. __('Already pinged:') . '</p><ul>';
 	$already_pinged = explode("\n", trim($post->pinged));
 	foreach ($already_pinged as $pinged_url) {
-		$pings .= "\n\t<li>$pinged_url</li>";
+		$pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
 	}
 	$pings .= '</ul>';
 }
@@ -95,7 +97,7 @@ addLoadEvent(focusit);
 <div id="categorychecklist"><?php dropdown_categories(get_settings('default_category')); ?></div></div>
 </fieldset>
 
-<fieldset class="dbx-box">
+<fieldset id="poststatusdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Status') ?></h3> 
 <div class="dbx-content"><?php if ( current_user_can('publish_posts') ) : ?>
 <label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post->post_status, 'publish'); ?> /> <?php _e('Published') ?></label>
@@ -105,7 +107,7 @@ addLoadEvent(focusit);
 </fieldset>
 
 <?php if ( current_user_can('edit_posts') ) : ?>
-<fieldset class="dbx-box">
+<fieldset id="posttimestampdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3>
 <div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div>
 </fieldset>
@@ -149,12 +151,13 @@ endforeach;
  }
 ?>
 <?php the_quicktags(); ?>
+</fieldset>
 
 <div><textarea <?php if ( user_can_richedit() ) echo 'title="true" '; ?>rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="2" id="content"><?php echo user_can_richedit() ? wp_richedit_pre($post->post_content) : $post->post_content; ?></textarea></div>
 </fieldset>
 
 <script type="text/javascript">
-<!--
+// <![CDATA[
 edCanvas = document.getElementById('content');
 <?php if ( user_can_richedit() ) : ?>
 // This code is meant to allow tabbing from Title to Post (TinyMCE).
@@ -189,7 +192,7 @@ else
 			}
 		}
 <?php endif; ?>
-//-->
+// ]]>
 </script>
 
 <?php echo $form_pingback ?>
@@ -208,11 +211,11 @@ if ('publish' != $post->post_status || 0 == $post_ID) {
 ?>
 <input name="referredby" type="hidden" id="referredby" value="<?php 
 if ( !empty($_REQUEST['popupurl']) )
-	echo wp_specialchars($_REQUEST['popupurl']);
-else if ( url_to_postid($_SERVER['HTTP_REFERER']) == $post_ID )
+	echo attribute_escape(stripslashes($_REQUEST['popupurl']));
+else if ( url_to_postid(stripslashes(wp_get_referer())) == $post_ID )
 	echo 'redo';
 else
-	echo wp_specialchars($_SERVER['HTTP_REFERER']);
+	echo attribute_escape(stripslashes(wp_get_referer()));
 ?>" /></p>
 
 <?php do_action('edit_form_advanced'); ?>
@@ -220,32 +223,48 @@ else
 <?php
 if (current_user_can('upload_files')) {
 	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
-	$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
+	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )
-		echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+		echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
 }
 ?>
 
 <div id="advancedstuff" class="dbx-group" >
 
+<div class="dbx-b-ox-wrapper">
 <fieldset id="postexcerpt" class="dbx-box">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
+</div>
+<div class="dbx-c-ontent-wrapper">
 <div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
+</div>
 </fieldset>
+</div>
 
-<fieldset class="dbx-box">
+<div class="dbx-b-ox-wrapper">
+<fieldset id="trackbacksdiv" class="dbx-box">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
+</div>
+<div class="dbx-c-ontent-wrapper">
 <div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
 <?php 
 if ( ! empty($pings) )
 	echo $pings;
 ?>
 </div>
+</div>
 </fieldset>
+</div>
 
+<div class="dbx-b-ox-wrapper">
 <fieldset id="postcustom" class="dbx-box">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
+</div>
+<div class="dbx-c-ontent-wrapper">
 <div id="postcustomstuff" class="dbx-content">
 <?php 
 if($metadata = has_meta($post_ID)) {
@@ -258,14 +277,16 @@ if($metadata = has_meta($post_ID)) {
 	meta_form();
 ?>
 </div>
+</div>
 </fieldset>
+</div>
 
 <?php do_action('dbx_post_advanced'); ?>
 
 </div>
 
-<?php if ('edit' == $action) : ?>
-<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "')\""; ?> />
+<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
+<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
 
 </div>

wp-admin/edit-form-ajax-cat.php

@@ -3,16 +3,16 @@ require_once('../wp-config.php');
 require_once('admin-functions.php');
 require_once('admin-db.php');
 
-get_currentuserinfo();
-
 if ( !current_user_can('manage_categories') )
 	die('-1');
+if ( !check_ajax_referer() )
+	die('-1');
 
 function get_out_now() { exit; }
 
 add_action('shutdown', 'get_out_now', -1);
 
-$names = explode(',', rawurldecode($_GET['ajaxnewcat']) );
+$names = explode(',', rawurldecode($_POST['ajaxnewcat']) );
 $ids   = array();
 
 foreach ($names as $cat_name) {
@@ -34,4 +34,4 @@ $return = join(',', $ids);
 
 die( (string) $return );
 
-?>
+?>

wp-admin/edit-form-comment.php

@@ -6,6 +6,7 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment-
 ?>
 
 <form name="post" action="post.php" method="post" id="post">
+<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
@@ -88,7 +89,7 @@ else
 </script>
 
 <p class="submit"><input type="submit" name="editcomment" id="editcomment" value="<?php echo $submitbutton_text ?>" style="font-weight: bold;" tabindex="6" />
-  <input name="referredby" type="hidden" id="referredby" value="<?php echo $_SERVER['HTTP_REFERER']; ?>" />
+  <input name="referredby" type="hidden" id="referredby" value="<?php echo wp_get_referer(); ?>" />
 </p>
 
 </div>

wp-admin/edit-form.php

@@ -64,7 +64,7 @@ edCanvas = document.getElementById('content');
 <?php if ('bookmarklet' != $mode) {
       echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
   } ?>
-  <input name="referredby" type="hidden" id="referredby" value="<?php if (isset($_SERVER['HTTP_REFERER'])) echo urlencode($_SERVER['HTTP_REFERER']); ?>" />
+  <input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />
 </p>
 
 <?php do_action('simple_edit_form', ''); ?>

wp-admin/edit-link-form.php

@@ -4,11 +4,13 @@ if ( ! empty($link_id) ) {
 	$heading = __('Edit a link:');
 	$submit_text = __('Save Changes »');
 	$form = '<form action="" method="post" name="editlink" id="editlink">'; 
+	$nonce_action = 'update-bookmark_' . $link_id;
 } else {
 	$editing = false;
 	$heading = __('<strong>Add</strong> a link:');
 	$submit_text = __('Add Link &raquo;');
 	$form = '<form name="addlink" method="post" action="link-manager.php">';
+	$nonce_action = 'add-bookmark';
 }
 
 function xfn_check($class, $value = '', $type = 'check') {
@@ -33,6 +35,7 @@ function xfn_check($class, $value = '', $type = 'check') {
 
 <div class="wrap"> 
   <?php echo $form ?>
+  <?php wp_nonce_field($nonce_action); ?>
   <h2><?php echo $heading ?></h2>
 <fieldset class="options">
     <legend><?php _e('Basics') ?></legend>
@@ -84,7 +87,7 @@ function xfn_check($class, $value = '', $type = 'check') {
                 <input class="valinp" type="radio" name="friendship" value="contact" id="contact" <?php xfn_check('friendship', 'contact', 'radio'); ?> /> <?php _e('contact') ?></label>
                 <label for="acquaintance">
                 <input class="valinp" type="radio" name="friendship" value="acquaintance" id="acquaintance" <?php xfn_check('friendship', 'acquaintance', 'radio'); ?> />  <?php _e('acquaintance') ?></label>
-                <label id="friend">
+                <label for="friend">
                 <input class="valinp" type="radio" name="friendship" value="friend" id="friend" <?php xfn_check('friendship', 'friend', 'radio'); ?> /> <?php _e('friend') ?></label>
                 <label for="friendship">
                 <input name="friendship" type="radio" class="valinp" value="" id="friendship" <?php xfn_check('friendship', '', 'radio'); ?> /> <?php _e('none') ?></label>
@@ -227,7 +230,7 @@ function xfn_check($class, $value = '', $type = 'check') {
 <?php if ( $editing ) : ?>
           <input type="hidden" name="action" value="editlink" />
           <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
-          <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+          <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
           <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
 <?php else: ?>
        	<input type="hidden" name="action" value="Add" />

wp-admin/edit-page-form.php

@@ -5,40 +5,43 @@
 <?php
 if (0 == $post_ID) {
 	$form_action = 'post';
+	$nonce_action = 'add-post';
 	$temp_ID = -1 * time();
 	$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
 } else {
 	$form_action = 'editpost';
-	$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+	$nonce_action = 'update-post_' . $post_ID;
+	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
-$sendto = $_SERVER['HTTP_REFERER'];
+$sendto = attribute_escape(wp_get_referer());
 
 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
  	$sendto = 'redo';
-$sendto = wp_specialchars( $sendto );
 
 ?>
 
 <form name="post" action="post.php" method="post" id="post">
 
 <?php
+wp_nonce_field($nonce_action);
+
 if (isset($mode) && 'bookmarklet' == $mode) {
     echo '<input type="hidden" name="mode" value="bookmarklet" />';
 }
 ?>
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
-<input type="hidden" name="action" value='<?php echo $form_action ?>' />
+<input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' />
 <?php echo $form_extra ?>
 <input type="hidden" name="post_status" value="static" />
 
 <script type="text/javascript">
-<!--
+// <![CDATA[
 function focusit() { // focus on first input field
 	document.post.title.focus();
 }
 addLoadEvent(focusit);
-//-->
+// ]]>
 </script>
 <div id="poststuff">
 
@@ -70,7 +73,7 @@ addLoadEvent(focusit);
 </fieldset>
 
 <?php if ( 0 != count( get_page_templates() ) ) { ?>
-<fieldset id="pageparent" class="dbx-box">
+<fieldset id="pagetemplate" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Page Template:') ?></h3> 
 <div class="dbx-content"><p><select name="page_template">
 		<option value='default'><?php _e('Default Template'); ?></option>
@@ -186,10 +189,10 @@ else
 <?php
 if (current_user_can('upload_files')) {
 	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
-	$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
+	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )
-		echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+		echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
 }
 ?>
 
@@ -209,17 +212,19 @@ if($metadata = has_meta($post_ID)) {
 	meta_form();
 ?>
 </div>
+<div id="ajax-response"></div>
 </fieldset>
 
 <?php do_action('dbx_page_advanced'); ?>
 
 </div>
 
-<?php if ('edit' == $action) : ?>
-		<input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $wpdb->escape($post->post_title) ) . "')\""; ?> />
+<?php if ('edit' == $action) :
+	$delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?>
+	<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
+</div>
+
 </form>
 
 </div>
-
-</div>

wp-admin/edit-pages.php

@@ -13,7 +13,7 @@ require_once('admin-header.php');
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Search Pages&hellip;') ?></legend>
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
   </fieldset>
 </form>
@@ -43,7 +43,7 @@ if ($posts) {
 if ( isset($_GET['s']) ) {
 foreach ( $posts as $post ) : 
 	$class = ('alternate' != $class) ? 'alternate' : ''; ?>
-  <tr id='page-<?php echo $id; ?>' class='<?php echo $class; ?>'> 
+  <tr id='page-<?php echo $post->ID; ?>' class='<?php echo $class; ?>'> 
     <th scope="row"><?php echo $post->ID; ?></th> 
     <td>
       <?php echo $pad; ?><?php the_title() ?> 
@@ -51,8 +51,8 @@ foreach ( $posts as $post ) :
     <td><?php the_author() ?></td>
     <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 
 	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title('','',0))) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
   </tr>
 <?php
 endforeach;

wp-admin/edit.php

@@ -79,7 +79,7 @@ if ( is_month() ) {
 <form name="searchform" action="" method="get" style="float: left; width: 16em; margin-right: 3em;"> 
   <fieldset> 
   <legend><?php _e('Search Posts&hellip;') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
   </fieldset>
 </form>
@@ -210,7 +210,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 
 	case 'control_delete':
 		?>
-		<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
+		<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td>
 		<?php
 		break;
 
@@ -262,12 +262,13 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
   <?php 
 			if ( current_user_can('edit_post', $post->ID) ) {
 				echo "[ <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" .  __('Edit') . "</a>";
-				echo " - <a href=\"post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> ";
+				echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "');\">" . __('Delete') . '</a> ';
+
 				if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
 					if ('approved' == wp_get_comment_status($comment->comment_ID)) {
-						echo " - <a href=\"post.php?action=unapprovecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> ";
+						echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> ';
 					} else {
-						echo " - <a href=\"post.php?action=approvecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">" . __('Approve') . "</a> ";
+						echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '">' . __('Approve') . '</a> ';
 					}
 				}
 				echo "]";

wp-admin/import.php

@@ -36,7 +36,7 @@ if (empty ($importers)) {
 	$style = '';
 	foreach ($importers as $id => $data) {
 		$style = ('class="alternate"' == $style || 'class="alternate active"' == $style) ? '' : 'alternate';
-		$action = "<a href='admin.php?import=$id' title='{$data[1]}'>{$data[0]}</a>";
+		$action = "<a href='admin.php?import=$id' title='".wptexturize(strip_tags($data[1]))."'>{$data[0]}</a>";
 
 		if ($style != '')
 			$style = 'class="'.$style.'"';

wp-admin/import/blogger.php

@@ -7,14 +7,15 @@ class Blogger_Import {
 
 	// Shows the welcome screen and the magic iframe.
 	function greet() {
-		$title = __('Import Blogger');
-		$welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
+		$title = __('Import Old Blogger');
+		$welcome = __('Howdy! This importer allows you to import posts and comments from your Old Blogger account into your WordPress blog.');
 		$noiframes = __('This feature requires iframe support.');
 		$warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?');
 		$reset = __('Reset this importer');
 		$incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');
 
 		echo "<div class='wrap'><h2>$title</h2><p>$welcome</p>";
+		echo "<p>" . __('Please note that this importer <em>does not work with Blogger (using your Google account)</em>.') . "</p>";
 		if ( function_exists('curl_init') )
 			echo "<iframe src='admin.php?import=blogger&amp;noheader=true' height='350px' width = '99%'>$noiframes</iframe><p><a href='admin.php?import=blogger&amp;restart=true&amp;noheader=true' onclick='return confirm(\"$warning\")'>$reset</a></p>";
 		else
@@ -25,7 +26,7 @@ class Blogger_Import {
 	// Deletes saved data and redirect.
 	function restart() {
 		delete_option('import-blogger');
-		header("Location: admin.php?import=blogger");
+		wp_redirect("admin.php?import=blogger");
 		die();
 	}
 
@@ -135,13 +136,13 @@ class Blogger_Import {
 		curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
 		if ($header) curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
 		$response = curl_exec ($ch);
-	
+
 		if ($parse) {
 			$response = $this->parse_response($response);
 			$response['url'] = $url;
 			return $response;
 		}
-	
+
 		return $response;
 	}
 
@@ -210,10 +211,10 @@ class Blogger_Import {
 		$this->import['blogs'][$_GET['blog']]['nextstep'] = $step;
 		update_option('import-blogger', $this->import);
 	}
-	
+
 	// Redirects to next step
 	function do_next_step() {
-		header("Location: admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
+		wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
 		die();
 	}
 
@@ -224,13 +225,13 @@ class Blogger_Import {
 			if ( ! ( $_POST['user'] && $_POST['pass'] ) ) {
 				$this->login_form(__('The script will log into your Blogger account, change some settings so it can read your blog, and restore the original settings when it\'s done. Here\'s what you do:').'</p><ol><li>'.__('Back up your Blogger template.').'</li><li>'.__('Back up any other Blogger settings you might need later.').'</li><li>'.__('Log out of Blogger').'</li><li>'.__('Log in <em>here</em> with your Blogger username and password.').'</li><li>'.__('On the next screen, click one of your Blogger blogs.').'</li><li>'.__('Do not close this window or navigate away until the process is complete.').'</li></ol>');
 			}
-		
-			// Try logging in. If we get an array of cookies back, we at least connected.		
+
+			// Try logging in. If we get an array of cookies back, we at least connected.
 			$this->import['cookies'] = $this->login_blogger($_POST['user'], $_POST['pass']);
 			if ( !is_array( $this->import['cookies'] ) ) {
 				$this->login_form(__('Login failed. Please enter your credentials again.'));
 			}
-			
+
 			// Save the password so we can log the browser in when it's time to publish.
 			$this->import['pass'] = $_POST['pass'];
 			$this->import['user'] = $_POST['user'];
@@ -273,7 +274,7 @@ class Blogger_Import {
 				);
 			}
 			update_option('import-blogger', $this->import);
-			header("Location: admin.php?import=blogger&noheader=true&step=1");
+			wp_redirect("admin.php?import=blogger&noheader=true&step=1");
 		}
 		die();
 	}
@@ -341,7 +342,7 @@ class Blogger_Import {
 				$form = "<div style='height:0px;width:0px;overflow:hidden;'>";
 				$form.= $body;
 				$form.= "</div><script type='text/javascript'>forms=document.getElementsByTagName('form');for(i=0;i<forms.length;i++){if(forms[i].action.search('{$blog_opt}')){forms[i].submit();break;}}</script>";
-				$output.= '<p>'.sprintf('<strong>%s</strong> in progress, please wait...', $blog_opt)."</p>\n";
+				$output.= '<p>'.sprintf(__('<strong>%s</strong> in progress, please wait...'), $blog_opt)."</p>\n";
 			} else {
 				$output.= "<p>$blog_opt</p>\n";
 			}
@@ -395,7 +396,7 @@ class Blogger_Import {
 				update_option('import-blogger', $import);
 				$archive = $this->get_blogger($url);
 				if ( $archive['code'] > 200 )
-					continue;	
+					continue;
 				$posts = explode('<wordpresspost>', $archive['body']);
 				for ($i = 1; $i < count($posts); $i = $i + 1) {
 					$postparts = explode('<wordpresscomment>', $posts[$i]);
@@ -409,7 +410,7 @@ class Blogger_Import {
 					$post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3];
 					$post_author_name = $wpdb->escape(trim($postinfo[1]));
 					$post_author_email = $postinfo[5] ? $postinfo[5] : 'user@wordpress.org';
-	
+
 					if ( $this->lump_authors ) {
 						// Ignore Blogger authors. Use the current user_ID for all posts imported.
 						$post_author = $GLOBALS['user_ID'];
@@ -420,7 +421,7 @@ class Blogger_Import {
 							$user_email = $wpdb->escape($post_author_email);
 							$user_password = substr(md5(uniqid(microtime())), 0, 6);
 							$result = wp_create_user( $user_login, $user_password, $user_email );
-							$status.= sprintf('Registered user <strong>%s</strong>.', $user_login);
+							$status.= sprintf(__('Registered user <strong>%s</strong>.'), $user_login);
 							$this->import['blogs'][$_GET['blog']]['newusers'][] = $user_login;
 						}
 						$userdata = get_userdatabylogin( $post_author_name );
@@ -435,21 +436,21 @@ class Blogger_Import {
 					$posthour = zeroise($post_date_His[0], 2);
 					$postminute = zeroise($post_date_His[1], 2);
 					$postsecond = zeroise($post_date_His[2], 2);
-	
+
 					if (($post_date[2] == 'PM') && ($posthour != '12'))
 						$posthour = $posthour + 12;
 					else if (($post_date[2] == 'AM') && ($posthour == '12'))
 						$posthour = '00';
-	
+
 					$post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
-	
+
 					$post_content = addslashes($post_content);
 					$post_content = str_replace(array('<br>','<BR>','<br/>','<BR/>','<br />','<BR />'), "\n", $post_content); // the XHTML touch... ;)
-	
+
 					$post_title = addslashes($post_title);
-			
+
 					$post_status = 'publish';
-	
+
 					if ( $ID = post_exists($post_title, '', $post_date) ) {
 						$post_array[$i]['ID'] = $ID;
 						$skippedpostcount++;
@@ -509,7 +510,7 @@ class Blogger_Import {
 					}
 				}
 				$status = sprintf(__('%s post(s) parsed, %s skipped...'), $postcount,  $skippedpostcount).' '.
-					sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcoun, $skippedcommentcount).' '.
+					sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcount, $skippedcommentcount).' '.
 					' <strong>'.__('Done').'</strong>';
 				$import = $this->import;
 				$import['blogs'][$_GET['blog']]['archives']["$url"] = $status;
@@ -546,7 +547,7 @@ class Blogger_Import {
 						$response = $this->get_blogger("http://www.blogger.com/blog-publishing.g?blogID={$_GET['blog']}&publishMode={$optary['backup']['publishMode']}", $headers);
 						sleep(2);
 						if ( $response['code'] >= 400 )
-							die('<h1>Error restoring publishMode.</h1><p>Please tell the devs.</p>' . addslashes(print_r($response, 1)) );
+							die('<h1>'.__('Error restoring publishMode').'</h1><p>'.__('Please tell the devs.').'</p>' . addslashes(print_r($response, 1)) );
 					}
 				}
 				if ( $optary['backup'] != $optary['modify'] ) {
@@ -597,9 +598,11 @@ class Blogger_Import {
 		if ( $_GET['restart'] == 'true' ) {
 			$this->restart();
 		}
-		
+
 		if ( isset($_GET['noheader']) ) {
-			$this->import = get_settings('import-blogger');
+			header('Content-Type: text/html; charset=utf-8');
+
+			$this->import = get_option('import-blogger');
 
 			if ( false === $this->import ) {
 				$step = 0;
@@ -647,7 +650,7 @@ class Blogger_Import {
 					break;
 			}
 			die;
-			
+
 		} else {
 			$this->greet();
 		}
@@ -660,6 +663,6 @@ class Blogger_Import {
 
 $blogger_import = new Blogger_Import();
 
-register_importer('blogger', 'Blogger', __('Import posts and comments from a Blogger account'), array ($blogger_import, 'start'));
+register_importer('blogger', __('Old Blogger'), __('Import <strong>posts and comments</strong> from your Old Blogger account'), array ($blogger_import, 'start'));
 
 ?>

wp-admin/import/dotclear.php

@@ -626,26 +626,26 @@ class Dotclear_Import {
 		echo '<h3>'.__('Preserving Authors').'</h3>';
 		echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
 		echo '<h3>'.__('Textile').'</h3>';
-		echo '<p>'.__('Also, since you\'re coming from Dotclear, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/2004/04/19/wordpress-plugin-textile-20/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+		echo '<p>'.__('Also, since you\'re coming from Dotclear, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
 		echo '<h3>'.__('WordPress Resources').'</h3>';
 		echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
 		echo '<ul>';
 		echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
-		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums').'</li>';
+		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
 		echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
 		echo '</ul>';
-		echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
+		echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '../wp-login.php').'</p>';
 	}
 	
 	function db_form()
 	{
 		echo '<ul>';
-		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" /></li>', __('Dotclear Database User:'));
-		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" /></li>', __('Dotclear Database Password:'));
-		printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" /></li>', __('Dotclear Database Name:'));
-		printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" value="localhost" /></li>', __('Dotclear Database Host:'));
+		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Dotclear Database User:'));
+		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Dotclear Database Password:'));
+		printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" id="dbname" /></li>', __('Dotclear Database Name:'));
+		printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" id="dbhost" value="localhost" /></li>', __('Dotclear Database Host:'));
 		/* printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" /></li>', __('Dotclear Table prefix (if any):')); */
-		printf('<li><label for="dccharset">%s</label> <input type="text" name="dccharset" value="ISO-8859-15"/></li>', __('Originating character set:'));
+		printf('<li><label for="dccharset">%s</label> <input type="text" id="dccharset" name="dccharset" value="ISO-8859-15"/></li>', __('Originating character set:'));
 		echo '</ul>';
 	}
 	
@@ -737,5 +737,5 @@ class Dotclear_Import {
 }
 
 $dc_import = new Dotclear_Import();
-register_importer('dotclear', 'Dotclear', __('Import posts from a Dotclear Blog'), array ($dc_import, 'dispatch'));
+register_importer('dotclear', __('Dotclear'), __('Import posts from a Dotclear Blog'), array ($dc_import, 'dispatch'));
 ?>

wp-admin/import/greymatter.php

@@ -0,0 +1,313 @@
+<?php
+
+class GM_Import {
+
+	var $gmnames = array ();
+
+	function header() {
+		echo '<div class="wrap">';
+		echo '<h2>'.__('Import Greymatter').'</h2>';
+	}
+
+	function footer() {
+		echo '</div>';
+	}
+
+	function greet() {
+		$this->header();
+?>
+<p><?php _e('This is a basic GreyMatter to WordPress import script.') ?></p>
+<p><?php _e('What it does:') ?></p>
+<ul>
+<li><?php _e('Parses gm-authors.cgi to import (new) authors. Everyone is imported at level 1.') ?></li>
+<li><?php _e('Parses the entries cgi files to import posts, comments, and karma on posts (although karma is not used on WordPress yet).<br />If authors are found not to be in gm-authors.cgi, imports them at level 0.') ?></li>
+<li><?php _e("Detects duplicate entries or comments. If you don't import everything the first time, or this import should fail in the middle, duplicate entries will not be made when you try again.") ?></li>
+</ul>
+<p><?php _e('What it does not:') ?></p>
+<ul>
+<li><?php _e('Parse gm-counter.cgi, gm-banlist.cgi, gm-cplog.cgi (you can make a CP log hack if you really feel like it, but I question the need of a CP log).') ?></li>
+<li><?php _e('Import gm-templates.') ?></li>
+<li><?php _e("Doesn't keep entries on top.")?></li>
+</ul>
+<p>&nbsp;</p>
+
+<form name="stepOne" method="get">
+<input type="hidden" name="import" value="greymatter" />
+<input type="hidden" name="step" value="1" />
+<h3><?php _e('Second step: GreyMatter details:') ?></h3>
+<p><table cellpadding="0">
+<tr>
+<td><?php _e('Path to GM files:') ?></td>
+<td><input type="text" style="width:300px" name="gmpath" value="/home/my/site/cgi-bin/greymatter/" /></td>
+</tr>
+<tr>
+<td><?php _e('Path to GM entries:') ?></td>
+<td><input type="text" style="width:300px" name="archivespath" value="/home/my/site/cgi-bin/greymatter/archives/" /></td>
+</tr>
+<tr>
+<td colspan="2"><br /><?php _e("This importer will search for files 00000001.cgi to 000-whatever.cgi,<br />so you need to enter the number of the last GM post here.<br />(if you don't know that number, just log into your FTP and look it out<br />in the entries' folder)") ?></td>
+</tr>
+<tr>
+<td><?php _e("Last entry's number:") ?></td>
+<td><input type="text" name="lastentry" value="00000001" /></td>
+</tr>
+</table>
+</p>
+<p><?php _e("When you're ready, click OK to start importing: ") ?><input type="submit" name="submit" value="<?php _e('OK') ?>" class="search" /></p>
+</form>
+<p>&nbsp</p>
+<?php
+		$this->footer();
+	}
+
+
+
+	function gm2autobr($string) { // transforms GM's |*| into b2's <br />\n
+		$string = str_replace("|*|","<br />\n",$string);
+		return($string);
+	}
+	
+	function import() {
+		global $wpdb;
+	
+		$wpvarstoreset = array('gmpath', 'archivespath', 'lastentry');
+		for ($i=0; $i<count($wpvarstoreset); $i += 1) {
+			$wpvar = $wpvarstoreset[$i];
+			if (!isset($$wpvar)) {
+				if (empty($_POST["$wpvar"])) {
+					if (empty($_GET["$wpvar"])) {
+						$$wpvar = '';
+					} else {
+						$$wpvar = $_GET["$wpvar"];
+					}
+				} else {
+					$$wpvar = $_POST["$wpvar"];
+				}
+			}
+		}
+
+		if (!chdir($archivespath))
+			die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $archivespath));
+
+		if (!chdir($gmpath))
+			die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $gmpath));
+			
+		$this->header();
+?>
+<p><?php _e('The importer is running...') ?></p>
+<ul>
+<li><?php _e('importing users...') ?><ul><?php
+
+	chdir($gmpath);
+	$userbase = file("gm-authors.cgi");
+
+	foreach($userbase as $user) {
+		$userdata=explode("|", $user);
+
+		$user_ip="127.0.0.1";
+		$user_domain="localhost";
+		$user_browser="server";
+
+		$s=$userdata[4];
+		$user_joindate=substr($s,6,4)."-".substr($s,0,2)."-".substr($s,3,2)." 00:00:00";
+
+		$user_login=$wpdb->escape($userdata[0]);
+		$pass1=$wpdb->escape($userdata[1]);
+		$user_nickname=$wpdb->escape($userdata[0]);
+		$user_email=$wpdb->escape($userdata[2]);
+		$user_url=$wpdb->escape($userdata[3]);
+		$user_joindate=$wpdb->escape($user_joindate);
+
+		$user_id = username_exists($user_login);
+		if ($user_id) {
+			printf('<li>'.__('user %s').'<strong>'.__('Already exists').'</strong></li>', "<em>$user_login</em>");
+			$this->gmnames[$userdata[0]] = $user_id;
+			continue;
+		}
+
+		$user_info = array("user_login"=>"$user_login", "user_pass"=>"$pass1", "user_nickname"=>"$user_nickname", "user_email"=>"$user_email", "user_url"=>"$user_url", "user_ip"=>"$user_ip", "user_domain"=>"$user_domain", "user_browser"=>"$user_browser", "dateYMDhour"=>"$user_joindate", "user_level"=>"1", "user_idmode"=>"nickname");
+		$user_id = wp_insert_user($user_info);
+		$this->gmnames[$userdata[0]] = $user_id;
+		
+		printf('<li>'.__('user %s...').' <strong>'.__('Done').'</strong></li>', "<em>$user_login</em>");
+	}
+
+?></ul><strong><?php _e('Done') ?></strong></li>
+<li><?php _e('importing posts, comments, and karma...') ?><br /><ul><?php
+
+	chdir($archivespath);
+	
+	for($i = 0; $i <= $lastentry; $i = $i + 1) {
+		
+		$entryfile = "";
+		
+		if ($i<10000000) {
+			$entryfile .= "0";
+			if ($i<1000000) {
+				$entryfile .= "0";
+				if ($i<100000) {
+					$entryfile .= "0";
+					if ($i<10000) {
+						$entryfile .= "0";
+						if ($i<1000) {
+							$entryfile .= "0";
+							if ($i<100) {
+								$entryfile .= "0";
+								if ($i<10) {
+									$entryfile .= "0";
+		}}}}}}}
+
+		$entryfile .= "$i";
+
+		if (is_file($entryfile.".cgi")) {
+
+			$entry=file($entryfile.".cgi");
+			$postinfo=explode("|",$entry[0]);
+			$postmaincontent=$this->gm2autobr($entry[2]);
+			$postmorecontent=$this->gm2autobr($entry[3]);
+
+			$post_author=trim($wpdb->escape($postinfo[1]));
+
+			$post_title=$this->gm2autobr($postinfo[2]);
+			printf('<li>'.__('entry # %s : %s : by %s'), $entryfile, $post_title, $postinfo[1]);
+			$post_title=$wpdb->escape($post_title);
+
+			$postyear=$postinfo[6];
+			$postmonth=zeroise($postinfo[4],2);
+			$postday=zeroise($postinfo[5],2);
+			$posthour=zeroise($postinfo[7],2);
+			$postminute=zeroise($postinfo[8],2);
+			$postsecond=zeroise($postinfo[9],2);
+
+			if (($postinfo[10]=="PM") && ($posthour!="12"))
+				$posthour=$posthour+12;
+
+			$post_date="$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
+
+			$post_content=$postmaincontent;
+			if (strlen($postmorecontent)>3)
+				$post_content .= "<!--more--><br /><br />".$postmorecontent;
+			$post_content=$wpdb->escape($post_content);
+
+			$post_karma=$postinfo[12];
+
+			$post_status = 'publish'; //in greymatter, there are no drafts
+			$comment_status = 'open';
+			$ping_status = 'closed';
+			
+			if ($post_ID = post_exists($post_title, '', $post_date)) {
+				echo ' ';
+				_e('(already exists)');
+			} else {
+				//just so that if a post already exists, new users are not created by checkauthor
+				// we'll check the author is registered, or if it's a deleted author
+				$user_id = username_exists($post_author);
+				if (!$user_id) {	// if deleted from GM, we register the author as a level 0 user
+					$user_ip="127.0.0.1";
+					$user_domain="localhost";
+					$user_browser="server";
+					$user_joindate="1979-06-06 00:41:00";
+					$user_login=$wpdb->escape($post_author);
+					$pass1=$wpdb->escape("password");
+					$user_nickname=$wpdb->escape($post_author);
+					$user_email=$wpdb->escape("user@deleted.com");
+					$user_url=$wpdb->escape("");
+					$user_joindate=$wpdb->escape($user_joindate);
+					
+					$user_info = array("user_login"=>$user_login, "user_pass"=>$pass1, "user_nickname"=>$user_nickname, "user_email"=>$user_email, "user_url"=>$user_url, "user_ip"=>$user_ip, "user_domain"=>$user_domain, "user_browser"=>$user_browser, "dateYMDhour"=>$user_joindate, "user_level"=>0, "user_idmode"=>"nickname");
+					$user_id = wp_insert_user($user_info);
+					$this->gmnames[$postinfo[1]] = $user_id;
+					
+					echo ': ';
+					printf(__('registered deleted user %s at level 0 '), "<em>$user_login</em>");
+				}
+			
+				if (array_key_exists($postinfo[1], $this->gmnames)) {
+					$post_author = $this->gmnames[$postinfo[1]];
+				} else {
+					$post_author = $user_id;
+				}
+			
+				$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt');
+				$post_ID = wp_insert_post($postdata);
+			}
+
+			$c=count($entry);
+			if ($c>4) {
+				$numAddedComments = 0;
+				$numComments = 0;
+				for ($j=4;$j<$c;$j++) {
+					$entry[$j]=$this->gm2autobr($entry[$j]);
+					$commentinfo=explode("|",$entry[$j]);
+					$comment_post_ID=$post_ID;
+					$comment_author=$wpdb->escape($commentinfo[0]);
+					$comment_author_email=$wpdb->escape($commentinfo[2]);
+					$comment_author_url=$wpdb->escape($commentinfo[3]);
+					$comment_author_IP=$wpdb->escape($commentinfo[1]);
+
+					$commentyear=$commentinfo[7];
+					$commentmonth=zeroise($commentinfo[5],2);
+					$commentday=zeroise($commentinfo[6],2);
+					$commenthour=zeroise($commentinfo[8],2);
+					$commentminute=zeroise($commentinfo[9],2);
+					$commentsecond=zeroise($commentinfo[10],2);
+					if (($commentinfo[11]=="PM") && ($commenthour!="12"))
+						$commenthour=$commenthour+12;
+					$comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
+
+					$comment_content=$wpdb->escape($commentinfo[12]);
+
+					if (!comment_exists($comment_author, $comment_date)) {
+						$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_content', 'comment_approved');
+						$commentdata = wp_filter_comment($commentdata);
+						wp_insert_comment($commentdata);
+						$numAddedComments++;
+					}
+					$numComments++;
+				}
+				if ($numAddedComments > 0) {
+					echo ': ';
+					printf(__('imported %d comment(s)'), $numAddedComments);
+				}
+				$preExisting = $numComments - numAddedComments;
+				if ($preExisting > 0) {
+					echo ' ';
+					printf(__('ignored %d pre-existing comments'), $preExisting);
+				}
+			}
+			echo '... <strong>'.__('Done').'</strong></li>';
+		}
+	}
+	?>
+</ul><strong><?php _e('Done') ?></strong></li></ul>
+<p>&nbsp;</p>
+<p><?php _e('Completed Greymatter import!') ?></p>
+<?php
+	$this->footer();
+	}
+
+	function dispatch() {
+		if (empty ($_GET['step']))
+			$step = 0;
+		else
+			$step = (int) $_GET['step'];
+
+		switch ($step) {
+			case 0 :
+				$this->greet();
+				break;
+			case 1:
+				$this->import();
+				break;
+		}
+	}
+
+	function GM_Import() {
+		// Nothing.	
+	}
+}
+
+$gm_import = new GM_Import();
+
+register_importer('greymatter', __('Greymatter'), __('Import posts and comments from your Greymatter blog'), array ($gm_import, 'dispatch'));
+?>

wp-admin/import/livejournal.php

@@ -167,5 +167,5 @@ class LJ_Import {
 
 $livejournal_import = new LJ_Import();
 
-register_importer('livejournal', 'LiveJournal', __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch'));
+register_importer('livejournal', __('LiveJournal'), __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch'));
 ?>

wp-admin/import/mt.php

@@ -11,7 +11,7 @@ class MT_Import {
 
 	function header() {
 		echo '<div class="wrap">';
-		echo '<h2>'.__('Import Movable Type').'</h2>';
+		echo '<h2>'.__('Import Movable Type and Typepad').'</h2>';
 	}
 
 	function footer() {
@@ -32,7 +32,7 @@ class MT_Import {
 		global $wpdb, $testing;
 		$users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID");
 ?><select name="userselect[<?php echo $n; ?>]">
-	<option value="#NONE#">- Select -</option>
+	<option value="#NONE#"><?php _e('- Select -') ?></option>
 	<?php
 
 
@@ -134,6 +134,8 @@ class MT_Import {
 
 	function mt_authors_form() {
 ?>
+<div class="wrap">
+<h2><?php _e('Assign Authors'); ?></h2>
 <p><?php _e('To make it easier for you to edit and save the imported posts and drafts, you may want to change the name of the author of the posts. For example, you may want to import all the entries as <code>admin</code>s entries.'); ?></p>
 <p><?php _e('Below, you can see the names of the authors of the MovableType posts in <i>italics</i>. For each of these names, you can either pick an author in your WordPress installation from the menu, or enter a name for the author in the textbox.'); ?></p>
 <p><?php _e('If a new user is created by WordPress, the password will be set, by default, to "changeme". Quite suggestive, eh? ;)'); ?></p>
@@ -146,22 +148,24 @@ class MT_Import {
 		$j = -1;
 		foreach ($authors as $author) {
 			++ $j;
-			echo '<li><i>'.$author.'</i><br />'.'<input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30">';
+			echo '<li>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30"> <br />');
 			$this->users_form($j);
 			echo '</li>';
 		}
 
-		echo '<input type="submit" value="Submit">'.'<br/>';
+		echo '<input type="submit" value="'.__('Submit').'">'.'<br/>';
 		echo '</form>';
-		echo '</ol>';
+		echo '</ol></div>';
 
-		flush();
 	}
 
 	function select_authors() {
 		$file = wp_import_handle_upload();
 		if ( isset($file['error']) ) {
-			echo $file['error'];
+			$this->header();
+			echo '<p>'.__('Sorry, there has been an error').'.</p>';
+			echo '<p><strong>' . $file['error'] . '</strong></p>';
+			$this->footer();
 			return;
 		}
 		$this->file = $file['file'];
@@ -174,7 +178,7 @@ class MT_Import {
 	function process_posts() {
 		global $wpdb;
 		$i = -1;
-		echo "<ol>";
+		echo "<div class='wrap'><ol>";
 		foreach ($this->posts as $post) {
 			if ('' != trim($post)) {
 				++ $i;
@@ -193,7 +197,7 @@ class MT_Import {
 
 				// We want the excerpt
 				preg_match("|-----\nEXCERPT:(.*)|s", $post, $excerpt);
-				$excerpt = $wpdb->escape(trim($excerpt[1]));
+				$post_excerpt = $wpdb->escape(trim($excerpt[1]));
 				$post = preg_replace("|(-----\nEXCERPT:.*)|s", '', $post);
 
 				// We're going to put extended body into main body with a more tag
@@ -330,7 +334,7 @@ class MT_Import {
 					}
 				}
 				if ( $num_comments )
-					printf(__('(%s comments)'), $num_comments);
+					printf(' '.__('(%s comments)'), $num_comments);
 
 				// Finally the pings
 				// fix the double newline on the first one
@@ -378,22 +382,22 @@ class MT_Import {
 					}
 				}
 				if ( $num_pings )
-					printf(__('(%s pings)'), $num_pings);
-				
+					printf(' '.__('(%s pings)'), $num_pings);
+
 				echo "</li>";
 			}
-			flush();
 		}
 
 		echo '</ol>';
 
 		wp_import_cleanup($this->id);
 
-		echo '<h3>'.sprintf(__('All done. <a href="%s">Have fun!</a>'), get_option('home')).'</h3>';
+		echo '<h3>'.sprintf(__('All done. <a href="%s">Have fun!</a>'), get_option('home')).'</h3></div>';
 	}
 
 	function import() {
 		$this->id = (int) $_GET['id'];
+		
 		$this->file = get_attached_file($this->id);
 		$this->get_authors_from_post();
 		$this->get_entries();
@@ -420,11 +424,11 @@ class MT_Import {
 	}
 
 	function MT_Import() {
-		// Nothing.	
+		// Nothing.
 	}
 }
 
 $mt_import = new MT_Import();
 
-register_importer('mt', 'Movable Type', __('Import posts and comments from your Movable Type blog'), array ($mt_import, 'dispatch'));
+register_importer('mt', __('Movable Type and Typepad'), __('Imports <strong>posts and comments</strong> from your Movable Type or Typepad blog'), array ($mt_import, 'dispatch'));
 ?>

wp-admin/import/rss.php

@@ -38,21 +38,22 @@ class RSS_Import {
 		$index = 0;
 		foreach ($this->posts as $post) {
 			preg_match('|<title>(.*?)</title>|is', $post, $post_title);
-			$post_title = $wpdb->escape(trim($post_title[1]));
+			$post_title = str_replace(array('<![CDATA[', ']]>'), '', $wpdb->escape( trim($post_title[1]) ));
 
-			preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $post_date);
+			preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $post_date_gmt);
 
-			if ($post_date) {
-				$post_date = strtotime($post_date[1]);
+			if ($post_date_gmt) {
+				$post_date_gmt = strtotime($post_date_gmt[1]);
 			} else {
 				// if we don't already have something from pubDate
-				preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $post_date);
-				$post_date = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date[1]);
-				$post_date = str_replace('T', ' ', $post_date);
-				$post_date = strtotime($post_date);
+				preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $post_date_gmt);
+				$post_date_gmt = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date_gmt[1]);
+				$post_date_gmt = str_replace('T', ' ', $post_date_gmt);
+				$post_date_gmt = strtotime($post_date_gmt);
 			}
 
-			$post_date = gmdate('Y-m-d H:i:s', $post_date);
+			$post_date_gmt = gmdate('Y-m-d H:i:s', $post_date_gmt);
+			$post_date = get_date_from_gmt( $post_date_gmt );
 
 			preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
 			$categories = $categories[1];
@@ -90,7 +91,7 @@ class RSS_Import {
 
 			$post_author = 1;
 			$post_status = 'publish';
-			$this->posts[$index] = compact('post_author', 'post_date', 'post_content', 'post_title', 'post_status', 'guid', 'categories');
+			$this->posts[$index] = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_status', 'guid', 'categories');
 			$index++;
 		}
 	}
@@ -167,5 +168,5 @@ class RSS_Import {
 
 $rss_import = new RSS_Import();
 
-register_importer('rss', 'RSS', __('Import posts from an RSS feed'), array ($rss_import, 'dispatch'));
+register_importer('rss', __('RSS'), __('Import posts from an RSS feed'), array ($rss_import, 'dispatch'));
 ?>

wp-admin/import/textpattern.php

@@ -555,12 +555,12 @@ class Textpattern_Import {
 		echo '<h3>'.__('Preserving Authors').'</h3>';
 		echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
 		echo '<h3>'.__('Textile').'</h3>';
-		echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/2004/04/19/wordpress-plugin-textile-20/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+		echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
 		echo '<h3>'.__('WordPress Resources').'</h3>';
 		echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
 		echo '<ul>';
 		echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
-		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums').'</li>';
+		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
 		echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
 		echo '</ul>';
 		echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
@@ -569,11 +569,11 @@ class Textpattern_Import {
 	function db_form()
 	{
 		echo '<ul>';
-		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" /></li>', __('Textpattern Database User:'));
-		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" /></li>', __('Textpattern Database Password:'));
-		printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" /></li>', __('Textpattern Database Name:'));
-		printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" value="localhost" /></li>', __('Textpattern Database Host:'));
-		printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" /></li>', __('Textpattern Table prefix (if any):'));
+		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Textpattern Database User:'));
+		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Textpattern Database Password:'));
+		printf('<li><label for="dbname">%s</label> <input type="text" id="dbname" name="dbname" /></li>', __('Textpattern Database Name:'));
+		printf('<li><label for="dbhost">%s</label> <input type="text" id="dbhost" name="dbhost" value="localhost" /></li>', __('Textpattern Database Host:'));
+		printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" id="dbprefix"  /></li>', __('Textpattern Table prefix (if any):'));
 		echo '</ul>';
 	}
 	
@@ -659,5 +659,5 @@ class Textpattern_Import {
 }
 
 $txp_import = new Textpattern_Import();
-register_importer('textpattern', 'Textpattern', __('Import posts from a Textpattern Blog'), array ($txp_import, 'dispatch'));
+register_importer('textpattern', __('Textpattern'), __('Import posts from a Textpattern Blog'), array ($txp_import, 'dispatch'));
 ?>

wp-admin/index.php

@@ -25,7 +25,7 @@ if ( isset($rss->items) && 0 != count($rss->items) ) {
 $rss->items = array_slice($rss->items, 0, 10);
 foreach ($rss->items as $item ) {
 ?>
-	<li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wp_specialchars($item['title']); ?></a></li>
+	<li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wptexturize(wp_specialchars($item['title'])); ?></a></li>
 <?php } ?>
 </ul>
 </div>
@@ -43,7 +43,6 @@ if ( $comments || $numcomments ) :
 <?php if ( $numcomments ) : ?>
 <p><strong><a href="moderation.php"><?php echo sprintf(__('Comments in moderation (%s)'), number_format($numcomments) ); ?> &raquo;</a></strong></p>
 <?php endif; ?>
-</div>
 
 <ul>
 <?php 
@@ -56,9 +55,10 @@ foreach ($comments as $comment) {
 }
 ?>
 </ul>
-
+</div>
 <?php endif; ?>
 
+
 <?php
 if ( $recentposts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'publish' AND post_date_gmt < '$today' ORDER BY post_date DESC LIMIT 5") ) :
 ?>

wp-admin/inline-uploading.php

@@ -24,6 +24,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 	}
 }
 
+$all = ( 'true' == $all ) ? 'true' : 'false';
+$start = (int) $start;
 $post = (int) $post;
 $images_width = 1;
 
@@ -34,16 +36,20 @@ break;
 
 case 'delete':
 
+check_admin_referer('inlineuploading');
+
 if ( !current_user_can('edit_post', (int) $attachment) )
 	die(__('You are not allowed to delete this attachment.').' <a href="'.basename(__FILE__)."?post=$post&amp;all=$all&amp;action=upload\">".__('Go back').'</a>');
 
 wp_delete_attachment($attachment);
 
-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start");
+wp_redirect(basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start");
 die;
 
 case 'save':
 
+check_admin_referer('inlineuploading');
+
 $overrides = array('action'=>'save');
 
 $file = wp_handle_upload($_FILES['image'], $overrides);
@@ -98,7 +104,7 @@ if ( preg_match('!^image/!', $attachment['post_mime_type']) ) {
 	add_post_meta($id, '_wp_attachment_metadata', array());
 }
 
-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=0");
+wp_redirect(basename(__FILE__) . "?post=$post&all=$all&action=view&start=0");
 die();
 
 case 'upload':
@@ -137,7 +143,7 @@ if ( '' == $sort )
 $attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_status = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A);
 
 if ( count($attachments) == 0 ) {
-	header("Location: ".basename(__FILE__)."?post=$post&action=upload");
+	wp_redirect( basename(__FILE__) ."?post=$post&action=upload" );
 	die;
 } elseif ( count($attachments) > $num ) {
 	$next = $start + count($attachments) - $num;
@@ -211,7 +217,7 @@ var icon = new Array();
 		</noscript>
 ";
 		$send_delete_cancel = "<a onclick=\"sendToEditor({$ID});return false;\" href=\"javascript:void()\">$__send_to_editor</a>
-<a onclick=\"return confirm('$__confirmdelete')\" href=\"".basename(__FILE__)."?action=delete&amp;attachment={$ID}&amp;all=$all&amp;start=$start&amp;post=$post\">$__delete</a>
+<a onclick=\"return confirm('$__confirmdelete')\" href=\"" . wp_nonce_url( basename(__FILE__) . "?action=delete&amp;attachment={$ID}&amp;all=$all&amp;start=$start&amp;post=$post", inlineuploading) . "\">$__delete</a>
 		<a onclick=\"popup.style.display='none';return false;\" href=\"javascript:void()\">$__close</a>
 ";
 		$uwidth_sum += 128;
@@ -234,7 +240,7 @@ srcb[{$ID}] = '{$image['guid']}';
 			$xpadding = (128 - $image['uwidth']) / 2;
 			$ypadding = (96 - $image['uheight']) / 2;
 			$style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
-			$title = htmlentities($image['post_title'], ENT_QUOTES);
+			$title = attribute_escape($image['post_title']);
 			$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
@@ -254,7 +260,7 @@ imgb[{$ID}] = '<img id=\"image{$ID}\" src=\"{$image['guid']}\" alt=\"{$title}\"
 </div>
 ";
 		} else {
-			$title = htmlentities($attachment['post_title'], ENT_QUOTES);
+			$title = attribute_escape($attachment['post_title']);
 			$filename = basename($attachment['guid']);
 			$icon = get_attachment_icon($ID);
 			$toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
@@ -295,8 +301,10 @@ die(__('This script was not meant to be called directly.'));
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_settings('blog_charset'); ?>" />
+<title></title>
 <meta http-equiv="imagetoolbar" content="no" />
 <script type="text/javascript">
+// <![CDATA[
 /* Define any variables we'll need, such as alternate URLs. */
 <?php echo $script; ?>
 function htmldecode(st) {
@@ -434,6 +442,7 @@ function sendToEditor(n) {
 	else
 		win.edInsertContent(win.edCanvas, h);
 }
+// ]]>
 </script>
 <style type="text/css">
 <?php if ( $action == 'links' ) : ?>
@@ -639,25 +648,25 @@ th {
 </head>
 <body>
 <ul id="upload-menu">
-<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__); ?>?action=upload&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $start; ?>"><?php _e('Upload'); ?></a></li>
+<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__) . "?action=upload&amp;post=$post&amp;all=$all&amp;start=$start"; ?>"><?php _e('Upload'); ?></a></li>
 <?php if ( $attachments = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?>
-<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&amp;post=<?php echo $post; ?>&amp;all=false"><?php _e('Browse'); ?></a></li>
+<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__) . "?action=view&amp;post=$post&amp;all=false"; ?>"><?php _e('Browse'); ?></a></li>
 <?php } ?>
 <?php if ($wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment'")) { ?>
-<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&amp;post=<?php echo $post; ?>&amp;all=true"><?php _e('Browse All'); ?></a></li>
+<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__) . "?action=view&amp;post=$post&amp;all=true"; ?>"><?php _e('Browse All'); ?></a></li>
 <?php } ?>
 <li> </li>
 <?php if ( $action == 'view' ) { ?>
 <?php if ( false !== $back ) : ?>
-<li class="spacer"><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=0" title="<?php _e('First'); ?>">|&laquo;</a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $back; ?>"">&laquo; <?php _e('Back'); ?></a></li>
+<li class="spacer"><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=0"; ?>" title="<?php _e('First'); ?>">|&laquo;</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=$back"; ?>">&laquo; <?php _e('Back'); ?></a></li>
 <?php else : ?>
 <li class="inactive spacer">|&laquo;</li>
 <li class="inactive">&laquo; <?php _e('Back'); ?></li>
 <?php endif; ?>
 <?php if ( false !== $next ) : ?>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $next; ?>"><?php _e('Next'); ?> &raquo;</a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;last=true" title="<?php _e('Last'); ?>">&raquo;|</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=$next"; ?>"><?php _e('Next &raquo;'); ?></a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;last=true"; ?>" title="<?php _e('Last'); ?>">&raquo;|</a></li>
 <?php else : ?>
 <li class="inactive"><?php _e('Next'); ?> &raquo;</li>
 <li class="inactive">&raquo;|</li>
@@ -674,7 +683,7 @@ th {
 </div>
 <?php elseif ( $action == 'upload' ) : ?>
 <div class="tip"></div>
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo basename(__FILE__); ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo basename(__FILE__); ?>">
 <table style="width:99%;">
 <tr>
 <th scope="row" align="right"><label for="upload"><?php _e('File:'); ?></label></th>
@@ -695,6 +704,7 @@ th {
 <input type="hidden" name="post" value="<?php echo $post; ?>" />
 <input type="hidden" name="all" value="<?php echo $all; ?>" />
 <input type="hidden" name="start" value="<?php echo $start; ?>" />
+<?php wp_nonce_field( 'inlineuploading' ); ?>
 <div id="submit">
 <input type="submit" value="<?php _e('Upload'); ?>" />
 <?php if ( !empty($all) ) : ?>
@@ -704,7 +714,6 @@ th {
 </td>
 </tr>
 </table>
-</div>
 </form>
 <?php elseif ( $action == 'links' ) : ?>
 <div id="links">

wp-admin/install.php

@@ -166,10 +166,9 @@ $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, p
 $wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
 
 // Default comment
-$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
+$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in and view the post&#039;s comments. There you will have the option to edit or delete them.'))."')");
 
 // First Page
-
 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status, to_ping, pinged, post_content_filtered) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'static', '', '', '')");
 $wp_rewrite->flush_rules();
 
@@ -182,7 +181,7 @@ $wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES
 $admin_caps = serialize(array('administrator' => true));
 $wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES ({$wpdb->insert_id}, '{$table_prefix}capabilities', '{$admin_caps}');");
 
-$message_headers = 'From: ' . $weblog_title . ' <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
+$message_headers = 'From: "' . $weblog_title . '" <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
 $message = sprintf(__("Your new WordPress blog has been successfully set up at:
 
 %1\$s

wp-admin/link-categories.php

@@ -26,6 +26,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 switch ($action) {
   case 'addcat':
   {
+      check_admin_referer('add-link-category');
+
       if ( !current_user_can('manage_links') )
           die (__("Cheatin' uh ?"));
 
@@ -75,12 +77,14 @@ switch ($action) {
              " '$show_rating', '$show_updated', '$sort_order', '$sort_desc', '$text_before_link', '$text_after_link', \n" .
              " '$text_after_all', $list_limit)");
 
-      header('Location: link-categories.php');
+      wp_redirect('link-categories.php');
     break;
   } // end addcat
   case 'Delete':
   {
-    $cat_id = (int) $_GET['cat_id'];
+   	$cat_id = (int) $_GET['cat_id'];
+    check_admin_referer('delete-link-category_' . $cat_id);
+
     $cat_name=get_linkcatname($cat_id);
 
     if ($cat_id=="1")
@@ -92,7 +96,7 @@ switch ($action) {
     $wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$cat_id'");
     $wpdb->query("UPDATE $wpdb->links SET link_category=1 WHERE link_category='$cat_id'");
 
-    header('Location: link-categories.php');
+    wp_redirect('link-categories.php');
     break;
   } // end delete
   case 'Edit':
@@ -112,6 +116,7 @@ switch ($action) {
   <h2><?php printf(__('Edit &#8220%s&#8221; Category'), wp_specialchars($row->cat_name)); ?></h2>
 
   <form name="editcat" method="post">
+  <?php wp_nonce_field('update-link-category_' . $row->cat_id) ?>
       <input type="hidden" name="action" value="editedcat" />
       <input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" />
 <fieldset class="options">
@@ -119,7 +124,7 @@ switch ($action) {
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
 	<th width="33%" scope="row"><?php _e('Name:') ?></th>
-	<td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>
+	<td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($row->cat_name)?>" size="30" /></td>
 </tr>
 <tr>
 	<th scope="row"><?php _e('Show:') ?></th>
@@ -177,15 +182,15 @@ switch ($action) {
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
 	<th width="33%" scope="row"><?php _e('Before Link:') ?></th>
-	<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link)?>" /></td>
+	<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link,'double')?>" /></td>
 </tr>
 <tr>
 <th scope="row"><?php _e('Between Link and Description:') ?></th>
-<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link)?>" /></td>
+<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link,'double')?>" /></td>
 </tr>
 <tr>
 <th scope="row"><?php _e('After Link:') ?></th>
-<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all)?>"/></td>
+<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all,'double')?>"/></td>
 </tr>
 </table>
 </fieldset>
@@ -199,14 +204,15 @@ switch ($action) {
   } // end Edit
   case "editedcat":
   {
+    $cat_id = (int)$_POST["cat_id"];
+    check_admin_referer('update-link-category_' . $cat_id);
+
     if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
 
     $submit=$_POST["submit"];
     if (isset($submit)) {
 
-    $cat_id = (int)$_POST["cat_id"];
-
     $cat_name= wp_specialchars($_POST["cat_name"]);
     $auto_toggle = $_POST["auto_toggle"];
     if ($auto_toggle != 'Y') {
@@ -265,7 +271,7 @@ switch ($action) {
     } // end if save
 
 
-    header("Location: link-categories.php");
+    wp_redirect("link-categories.php");
     break;
   } // end editcat
   default:
@@ -303,7 +309,7 @@ $results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle, show_images
          . " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
          . " text_after_all, list_limit FROM $wpdb->linkcategories ORDER BY cat_id");
 $i = 1;
-foreach ($results as $row) {
+foreach ( (array) $results as $row) {
     if ($row->list_limit == -1) {
         $row->list_limit = __('none');
     }
@@ -345,12 +351,17 @@ foreach ($results as $row) {
                 <td><?php echo $row->show_updated == 'Y' ? __('Yes') : __('No') ?></td>
                 <td><?php echo $row->sort_order ?></td>
                 <td><?php echo $row->sort_desc == 'Y' ? __('Yes') : __('No') ?></td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_before_link)?>&nbsp;</td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_after_link)?>&nbsp;</td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_after_all)?></td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_before_link)?>&nbsp;</td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_link)?>&nbsp;</td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_all)?></td>
                 <td><?php echo $row->list_limit ?></td>
                 <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Edit" class="edit"><?php _e('Edit') ?></a></td>
-                <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Delete" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
+                <td>
+				<?php if (1 == $row->cat_id ) { 
+					_e('Default');
+				} else { ?>
+					<a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
+				<?php } ?>
               </tr>
 <?php
         ++$i;
@@ -364,7 +375,8 @@ foreach ($results as $row) {
 </div>
 
 <div class="wrap">
-    <form name="addcat" method="post">
+    <form name="addcat" method="post" action="">
+    <?php wp_nonce_field('add-link-category'); ?>
       <input type="hidden" name="action" value="addcat" />
 	  <h2><?php _e('Add a Link Category:') ?></h2>
 <fieldset class="options">

wp-admin/link-import.php

@@ -24,6 +24,7 @@ switch ($step) {
 <div class="wrap">
 <h2><?php _e('Import your blogroll from another system') ?> </h2>
 <form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
+<?php wp_nonce_field('import-bookmarks') ?>
 
 <p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?>
 <div style="width: 70%; margin: auto; height: 8em;">
@@ -63,6 +64,8 @@ foreach ($categories as $category) {
             } // end case 0
 
     case 1: {
+		check_admin_referer('import-bookmarks');
+
                 include_once('admin-header.php');
                 if ( !current_user_can('manage_links') )
                     die (__("Cheatin' uh ?"));

wp-admin/link-manager.php

@@ -39,7 +39,7 @@ if ('' != $_POST['linkcheck']) $linkcheck = $_POST[linkcheck];
 switch ($action) {
   case 'assign':
   {
-    check_admin_referer();
+	check_admin_referer('bulk-bookmarks');
 
     // check the current user's level first.
     if ( !current_user_can('manage_links') )
@@ -49,7 +49,7 @@ switch ($action) {
     //userlevel of the owner of the link then we can proceed.
 
     if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
         exit;
     }
     $all_links = join(',', $linkcheck);
@@ -62,12 +62,13 @@ switch ($action) {
     $all_links = join(',', $ids_to_change);
     $q = $wpdb->query("update $wpdb->links SET link_owner='$newowner' WHERE link_id IN ($all_links)");
 
-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
+    exit;
     break;
   }
   case 'visibility':
   {
-    check_admin_referer();
+  	check_admin_referer('bulk-bookmarks');
 
     // check the current user's level first.
     if ( !current_user_can('manage_links') )
@@ -75,7 +76,7 @@ switch ($action) {
 
     //for each link id (in $linkcheck[]): toggle the visibility
     if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
         exit;
     }
     $all_links = join(',', $linkcheck);
@@ -99,12 +100,13 @@ switch ($action) {
         $q = $wpdb->query("update $wpdb->links SET link_visible='Y' WHERE link_id IN ($all_linkson)");
     }
 
-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
+    exit;
     break;
   }
   case 'move':
   {
-    check_admin_referer();
+	check_admin_referer('bulk-bookmarks');
 
     // check the current user's level first.
     if ( !current_user_can('manage_links') )
@@ -112,31 +114,33 @@ switch ($action) {
 
     //for each link id (in $linkcheck[]) change category to selected value
     if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
         exit;
     }
     $all_links = join(',', $linkcheck);
     // should now have an array of links we can change
     $q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)");
 
-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
+    exit();
     break;
   }
 
   case 'Add':
   {
-    check_admin_referer();
+  	check_admin_referer('add-bookmark');
 
 	add_link();
 	
-    header('Location: ' . $_SERVER['HTTP_REFERER'] . '?added=true');
+    wp_redirect(wp_get_referer() . '?added=true');
+    exit;
     break;
   } // end Add
 
   case 'editlink':
   {
- 
-	check_admin_referer();
+	$link_id = (int) $_POST['link_id'];
+	check_admin_referer('update-bookmark_' . $link_id);
  	
 	if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
 		$cat_id = $links_show_cat_id;
@@ -147,23 +151,22 @@ switch ($action) {
 	}
 	$links_show_cat_id = $cat_id;
 
-	$link_id = (int) $_POST['link_id'];
 	edit_link($link_id);
 	
     setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
     wp_redirect($this_file);
+    exit;
     break;
   } // end Save
 
-  case 'Delete':
+  case 'delete':
   {
-    check_admin_referer();
+	$link_id = (int) $_GET['link_id'];
+	check_admin_referer('delete-bookmark_' . $link_id);
 
     if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
 
-    $link_id = (int) $_GET['link_id'];
-
 	wp_delete_link($link_id);
 	
     if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
@@ -176,6 +179,7 @@ switch ($action) {
     $links_show_cat_id = $cat_id;
     setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
     wp_redirect($this_file);
+    exit;
     break;
   } // end Delete
 
@@ -320,9 +324,10 @@ function checkAll(form)
 <form name="links" id="links" method="post" action="">
 <div class="wrap">
 
+    <?php wp_nonce_field('bulk-bookmarks') ?>
     <input type="hidden" name="link_id" value="" />
     <input type="hidden" name="action" value="" />
-    <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+    <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
     <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
   <table id="the-list-x" width="100%" cellpadding="3" cellspacing="3">
     <tr>
@@ -352,10 +357,10 @@ function checkAll(form)
     $links = $wpdb->get_results($sql);
     if ($links) {
         foreach ($links as $link) {
-      	    $link->link_name = wp_specialchars($link->link_name);
+      	    $link->link_name = attribute_escape($link->link_name);
       	    $link->link_category = wp_specialchars($link->link_category);
       	    $link->link_description = wp_specialchars($link->link_description);
-            $link->link_url = wp_specialchars($link->link_url);
+            $link->link_url = attribute_escape($link->link_url);
             $short_url = str_replace('http://', '', $link->link_url);
             $short_url = str_replace('www.', '', $short_url);
             if ('/' == substr($short_url, -1))
@@ -383,11 +388,12 @@ LINKS;
 
             if ($show_buttons) {
         echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=linkedit" class="edit">' . __('Edit') . '</a></td>';
-        echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=Delete"' .  " onclick=\"return deleteSomething( 'link', $link->link_id , '" . sprintf(__("You are about to delete the &quot;%s&quot; link to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($link->link_name,1), wp_specialchars($link->link_url)) . '\' );" class="delete">' . __('Delete') . '</a></td>';
+ 		echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; bookmark to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($link->link_name), js_escape($link->link_url)).'\' );">'.__('Delete').'</a></td>';
         echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>';
             } else {
               echo "<td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td>\n";
             }
+
 		echo "\n    </tr>\n";
         }
     }

wp-admin/list-manipulation.js

@@ -33,13 +33,13 @@ function ajaxDelete(what, id) {
 	ajaxDel.onLoaded = function() { ajaxDel.myResponseElement.innerHTML = 'Data Sent...'; };
 	ajaxDel.onInteractive = function() { ajaxDel.myResponseElement.innerHTML = 'Processing Data...'; };
 	ajaxDel.onCompletion = function() { removeThisItem( what + '-' + id ); };
-	ajaxDel.runAJAX('action=delete-' + what + '&id=' + id);
+	ajaxDel.runAJAX('action=delete-' + what + '&id=' + id + '&' + ajaxDel.encVar('cookie', document.cookie));
 	return false;
 }
 
 function removeThisItem(id) {
 	var response = ajaxDel.response;
-	if ( isNaN(response) ) { alert(response); }
+	if ( isNaN(response) ) { ajaxDel.myResponseElement.innerHTML = response; return false; }
 	response = parseInt(response, 10);
 	if ( -1 == response ) { ajaxDel.myResponseElement.innerHTML = "You don't have permission to do that."; }
 	else if ( 0 == response ) { ajaxDel.myResponseElement.interHTML = "Something odd happened.  Try refreshing the page? Either that or what you tried to delete never existed in the first place."; }

wp-admin/list-manipulation.php

@@ -2,10 +2,12 @@
 require_once('../wp-config.php');
 require_once('admin-functions.php');
 require_once('admin-db.php');
+header("Content-type: text/plain", true);
 
-get_currentuserinfo();
 if ( !is_user_logged_in() )
 	die('-1');
+if ( !check_ajax_referer() )
+	die('-1');
 
 function grab_results() {
 	global $ajax_results;
@@ -15,15 +17,13 @@ function grab_results() {
 function get_out_now() { exit; }
 add_action('shutdown', 'get_out_now', -1);
 
-//	check_admin_referer();
-
 switch ( $_POST['action'] ) :
 case 'delete-link' :
 	$id = (int) $_POST['id'];
 	if ( !current_user_can('manage_links') )
 		die ('-1');
 
-	if ( $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$id'") )
+	if ( wp_delete_link($id) ) 
 		die('1');
 	else	die('0');
 	break;

wp-admin/menu-header.php

@@ -52,4 +52,10 @@ endforeach;
 ?>
 
 </ul>
-<?php endif; ?>
+<?php
+
+endif; 
+
+do_action('admin_notices');
+
+?>

wp-admin/menu.php

@@ -55,7 +55,7 @@ foreach ($menu as $menu_page) {
 }
 
 do_action('admin_menu', '');
-ksort($menu); // make it all pretty
+uksort($menu, "strnatcasecmp"); // make it all pretty
 
 if (! user_can_access_admin_page()) {
 	die( __('You do not have sufficient permissions to access this page.') );

wp-admin/moderation.php

@@ -32,6 +32,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer('moderate-comments');
+
 	if ( ! current_user_can('moderate_comments') )
 	die('<p>'.__('Your level is not high enough to moderate comments.').'</p>');
 
@@ -68,7 +70,7 @@ case 'update':
 	}
 
 	$file = basename(__FILE__);
-	header("Location: $file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam");
+	wp_redirect("$file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam");
 	exit();
 
 break;
@@ -130,6 +132,7 @@ if ($comments) {
 ?>
     <h2><?php _e('Moderation Queue') ?></h2>
     <form name="approval" action="moderation.php" method="post">
+    <?php wp_nonce_field('moderate-comments') ?>
     <input type="hidden" name="action" value="update" />
     <ol id="the-list" class="commentlist">
 <?php
@@ -148,11 +151,11 @@ $i = 0;
 echo '<a href="post.php?action=editcomment&amp;comment='.$comment->comment_ID.'">' . __('Edit') . '</a> | ';?>
 <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a> | 
 <?php 
-echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($comment->comment_author, 1)) . "' );\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
+echo " <a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment-<?php echo $comment->comment_ID; ?>-approve"><?php _e('Approve') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment-<?php echo $comment->comment_ID; ?>-spam"><?php _e('Spam') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment-<?php echo $comment->comment_ID; ?>-delete"><?php _e('Delete') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment-<?php echo $comment->comment_ID; ?>-nothing"><?php _e('Defer until later') ?></label>
 	</p>
 
 	</li>

wp-admin/options-discussion.php

@@ -21,6 +21,7 @@ if ($action == 'retrospam') {
 <div class="wrap"> 
 <h2><?php _e('Discussion Options') ?></h2> 
 <form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
 <fieldset class="options">
 <legend><?php _e('Usual settings for an article:<br /><small><em>(These settings may be overridden for individual articles.)</em></small>') ?></legend> 
 <ul> 
@@ -70,7 +71,7 @@ if ($action == 'retrospam') {
 </fieldset>
 <fieldset class="options">
 <legend><?php _e('Comment Moderation') ?></legend>
-<p><?php printf(__('Hold a comment in the queue if it contains more than %s links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" size="3" value="' . get_settings('comment_max_links'). '" />' ) ?></p>
+<p><?php printf(__('Hold a comment in the queue if it contains %s or more links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" size="3" value="' . get_settings('comment_max_links'). '" />' ) ?></p>
 
 <p><?php _e('When a comment contains any of these words in its content, name, URI, e-mail, or IP, hold it in the moderation queue: (Separate multiple words with new lines.) <a href="http://codex.wordpress.org/Spam_Words">Common spam words</a>.') ?></p>
 <p> 

wp-admin/options-general.php

@@ -10,6 +10,7 @@ include('./admin-header.php');
 <div class="wrap">
 <h2><?php _e('General Options') ?></h2>
 <form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
 <table class="optiontable"> 
 <tr valign="top"> 
 <th scope="row"><?php _e('Weblog title:') ?></th> 
@@ -82,7 +83,7 @@ foreach($wp_roles->role_names as $role => $name) {
 </tr> 
 <tr>
 <th scope="row">&nbsp;</th>
-<td><?php _e('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Save option to update sample output.') ?> </td>
+<td><?php _e('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Click "Update options" to update sample output.') ?> </td>
 </tr>
 <tr>
 <th scope="row"><?php _e('Weeks in the calendar should start on:') ?></th>

wp-admin/options-misc.php

@@ -11,13 +11,13 @@ include('admin-header.php');
 <div class="wrap"> 
 <h2><?php _e('Miscellaneous Options') ?></h2> 
 <form method="post" action="options.php">
-
+<?php wp_nonce_field('update-options') ?>
 <fieldset class="options">
 <legend><?php _e('Uploading'); ?></legend>
 <table class="editform optiontable">
 <tr valign="top">
 <th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
-<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo str_replace(ABSPATH, '', get_settings('upload_path')); ?>" size="40" />
+<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_settings('upload_path'))); ?>" size="40" />
 <br />
 <?php _e('Default is <code>wp-content/uploads</code>'); ?>
 </td>

wp-admin/options-permalink.php

@@ -57,7 +57,9 @@ include('admin-header.php');
 
 $home_path = get_home_path();
 
-if ( isset($_POST) ) {
+if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) {
+	check_admin_referer('update-permalink');
+
 	if ( isset($_POST['permalink_structure']) ) {
 		$permalink_structure = $_POST['permalink_structure'];
 		if (! empty($permalink_structure) )
@@ -115,6 +117,7 @@ $structures = array(
 	);
 ?>
 <form name="form" action="options-permalink.php" method="post"> 
+<?php wp_nonce_field('update-permalink') ?>
 <h3><?php _e('Common options:'); ?></h3>
 <p>
 	<label>
@@ -145,7 +148,7 @@ checked="checked"
 </label>
 <br />
 </p>
-<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo $permalink_structure; ?>" size="50" /></p>
+<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo attribute_escape($permalink_structure); ?>" size="50" /></p>
 
 <h3><?php _e('Optional'); ?></h3>
 <?php if ($is_apache) : ?>
@@ -154,7 +157,7 @@ checked="checked"
 	<p><?php _e('If you like, you may enter a custom prefix for your category URIs here. For example, <code>/index.php/taxonomy/tags</code> would make your category links like <code>http://example.org/index.php/taxonomy/tags/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
 <?php endif; ?>
 	<p> 
-  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo $category_base; ?>" size="30" /> 
+  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo attribute_escape($category_base); ?>" size="30" /> 
      </p> 
     <p class="submit"> 
       <input type="submit" name="submit" value="<?php _e('Update Permalink Structure &raquo;') ?>" /> 
@@ -163,6 +166,7 @@ checked="checked"
 <?php if ( $permalink_structure && !$usingpi && !$writable ) : ?>
   <p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a>, we could do this automatically, but it isn&#8217;t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
 <form action="options-permalink.php" method="post">
+<?php wp_nonce_field('update-permalink') ?>
    <p>
 <textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>
 </textarea>

wp-admin/options-reading.php

@@ -9,7 +9,9 @@ include('admin-header.php');
 
 <div class="wrap"> 
 <h2><?php _e('Reading Options') ?></h2> 
-<form name="form1" method="post" action="options.php"> 
+<form name="form1" method="post" action="options.php">
+<?php wp_nonce_field('update-options') ?>
+
 <fieldset class="options"> 
 <legend><?php _e('Blog Pages') ?></legend> 
 <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 

wp-admin/options-writing.php

@@ -10,6 +10,7 @@ include('admin-header.php');
 <div class="wrap"> 
 <h2><?php _e('Writing Options') ?></h2> 
 <form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
 <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
 <tr valign="top"> 
 <th width="33%" scope="row"> <?php _e('Size of the post box:') ?></th> 

wp-admin/options.php

@@ -24,16 +24,78 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 if ( !current_user_can('manage_options') )
 	die ( __('Cheatin&#8217; uh?') );
 
+function sanitize_option($option, $value) {
+
+	switch ($option) {
+		case 'admin_email':
+			$value = sanitize_email($value);
+			break;
+
+		case 'default_post_edit_rows':
+		case 'mailserver_port':
+		case 'comment_max_links':
+			$value = abs((int) $value);
+			break;
+
+		case 'posts_per_page':
+		case 'posts_per_rss':
+			$value = (int) $value;
+			if ( empty($value) ) $value = 1;
+			if ( $value < -1 ) $value = abs($value);
+			break;
+
+		case 'default_ping_status':
+		case 'default_comment_status':
+			// Options that if not there have 0 value but need to be something like "closed"
+			if ( $value == '0' || $value == '')
+				$value = 'closed';
+			break;
+
+		case 'blogdescription':
+		case 'blogname':
+			if (current_user_can('unfiltered_html') == false)
+				$value = wp_filter_post_kses( $value );
+			break;
+
+		case 'blog_charset':
+			$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
+			break;
+
+		case 'date_format':
+		case 'time_format':
+		case 'mailserver_url':
+		case 'mailserver_login':
+		case 'mailserver_pass':
+		case 'ping_sites':
+		case 'upload_path':
+			$value = strip_tags($value);
+			$value = wp_filter_kses($value);
+			break;
+
+		case 'gmt_offset':
+			$value = preg_replace('/[^0-9:.-]/', '', $value);
+			break;
+
+		case 'siteurl':
+		case 'home':
+			$value = clean_url($value);
+			break;
+	}
+
+	return $value;	
+}
+
 switch($action) {
 
 case 'update':
 	$any_changed = 0;
 	
-	check_admin_referer();
+	check_admin_referer('update-options');
 
-	if (!$_POST['page_options']) {
-		foreach ($_POST as $key => $value) {
-			$options[] = $key;
+	if ( !$_POST['page_options'] ) {
+		foreach ( (array) $_POST as $key => $value) {
+			if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
+				$options[] = $key;
 		}
 	} else {
 		$options = explode(',', stripslashes($_POST['page_options']));
@@ -43,19 +105,11 @@ case 'update':
 	$old_siteurl = get_settings('siteurl');
 	$old_home = get_settings('home');
 
-	// HACK
-	// Options that if not there have 0 value but need to be something like "closed"
-	$nonbools = array('default_ping_status', 'default_comment_status');
 	if ($options) {
 		foreach ($options as $option) {
 			$option = trim($option);
 			$value = trim(stripslashes($_POST[$option]));
-				if( in_array($option, $nonbools) && ( $value == '0' || $value == '') )
-				$value = 'closed';
-			
-			if( $option == 'blogdescription' || $option == 'blogname' )
-				if (current_user_can('unfiltered_html') == false)
-					$value = wp_filter_post_kses( $value );
+			$value = sanitize_option($option, $value);
 			
 			if (update_option($option, $value) ) {
 				$any_changed++;
@@ -68,8 +122,6 @@ case 'update':
 			if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) {
 				// If home changed, write rewrite rules to new location.
 				$wp_rewrite->flush_rules();
-				// Get currently logged in user and password.
-				get_currentuserinfo();
 				// Clear cookies for old paths.
 				wp_clearcookie();
 				// Set cookies for new paths.
@@ -79,8 +131,8 @@ case 'update':
 			//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
     }
     
-	$referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
-	$goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
+	$referred = remove_query_arg('updated' , wp_get_referer());
+	$goback = add_query_arg('updated', 'true', wp_get_referer());
 	$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
 	wp_redirect($goback);
     break;
@@ -89,25 +141,48 @@ default:
 	include('admin-header.php'); ?>
 
 <div class="wrap">
-  <h2><?php _e('All options'); ?></h2>
-  <form name="form" action="options.php" method="post">
+  <h2><?php _e('All Options'); ?></h2>
+  <form name="form" action="options.php" method="post" id="all-options">
+  <?php wp_nonce_field('update-options') ?>
   <input type="hidden" name="action" value="update" />
   <table width="98%">
 <?php
 $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
 
-foreach ($options as $option) :
-	$value = wp_specialchars($option->option_value);
+foreach ( (array) $options as $option) :
+	$disabled = '';
+	if ( is_serialized($option->option_value) ) {
+		if ( is_serialized_string($option->option_value) ) {
+			// this is a serialized string, so we should display it
+			$value = wp_specialchars(maybe_unserialize($option->option_value), 'single');
+			$options_to_update[] = $option->option_name;
+			$class = 'all-options';
+		} else {
+			$value = 'SERIALIZED DATA';
+			$disabled = ' disabled="disabled"';
+			$class = 'all-options disabled';
+		}
+	} else {
+		$value = wp_specialchars($option->option_value, 'single');
+		$options_to_update[] = $option->option_name;
+		$class = 'all-options';
+	}
 	echo "
 <tr>
 	<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
-	<td><input type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "' /></td>
+<td>";
+
+	if (stristr($value, "\n")) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
+	else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />";
+	
+	echo "</td>
 	<td>$option->option_description</td>
 </tr>";
 endforeach;
 ?>
   </table>
-<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Settings &raquo;') ?>" /></p>
+<?php $options_to_update = implode(',', $options_to_update); ?>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
   </form>
 </div>
 

wp-admin/page-new.php

@@ -7,14 +7,12 @@ require_once('admin-header.php');
 ?>
 
 <?php if ( isset($_GET['saved']) ) : ?>
-<div id="message" class="updated fade"><p><strong><?php _e('Page saved.') ?> <a href="edit-pages.php"><?php _e('Manage pages'); ?> &raquo;</a></strong></p></div>
+<div id="message" class="updated fade"><p><strong><?php _e('Page saved.') ?></strong> <a href="edit-pages.php"><?php _e('Manage pages'); ?></a> | <a href="<?php echo get_page_link( $_GET['saved'] ); ?>"><?php _e('View page'); ?> &raquo;</a></p></div>
 <?php endif; ?>
 
 <?php
 if ( current_user_can('edit_pages') ) {
 	$action = 'post';
-	get_currentuserinfo();
-	
 	$post = get_default_post_to_edit();
 	$post->post_status = 'static';
 
@@ -22,4 +20,4 @@ if ( current_user_can('edit_pages') ) {
 }
 ?>
 
-<?php include('admin-footer.php'); ?> 
+<?php include('admin-footer.php'); ?>

wp-admin/plugin-editor.php

@@ -34,6 +34,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer('edit-plugin_' . $file);
+
 	if ( !current_user_can('edit_plugins') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
@@ -42,9 +44,9 @@ case 'update':
 		$f = fopen($real_file, 'w+');
 		fwrite($f, $newcontent);
 		fclose($f);
-		header("Location: plugin-editor.php?file=$file&a=te");
+		wp_redirect("plugin-editor.php?file=$file&a=te");
 	} else {
-		header("Location: plugin-editor.php?file=$file");
+		wp_redirect("plugin-editor.php?file=$file");
 	}
 
 	exit();
@@ -95,6 +97,7 @@ if ($plugin_files) :
 </div>
 	<?php	if (!$error) { ?> 
   <form name="template" id="template" action="plugin-editor.php" method="post">
+  <?php wp_nonce_field('edit-plugin_' . $file) ?>
 		 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 
      <input type="hidden" name="action" value="update" /> 
      <input type="hidden" name="file" value="<?php echo $file ?>" /> 

wp-admin/plugins.php

@@ -2,9 +2,8 @@
 require_once('admin.php');
 
 if ( isset($_GET['action']) ) {
-	check_admin_referer();
-	
 	if ('activate' == $_GET['action']) {
+		check_admin_referer('activate-plugin_' . $_GET['plugin']);
 		$current = get_settings('active_plugins');
 		if (!in_array($_GET['plugin'], $current)) {
 			$current[] = trim( $_GET['plugin'] );
@@ -13,13 +12,14 @@ if ( isset($_GET['action']) ) {
 			include(ABSPATH . 'wp-content/plugins/' . trim( $_GET['plugin'] ));
 			do_action('activate_' . trim( $_GET['plugin'] ));
 		}
-		header('Location: plugins.php?activate=true');
+		wp_redirect('plugins.php?activate=true');
 	} else if ('deactivate' == $_GET['action']) {
+		check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
 		$current = get_settings('active_plugins');
 		array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
 		update_option('active_plugins', $current);
 		do_action('deactivate_' . trim( $_GET['plugin'] ));
-		header('Location: plugins.php?deactivate=true');
+		wp_redirect('plugins.php?deactivate=true');
 	}
 	exit;
 }
@@ -88,21 +88,15 @@ if (empty($plugins)) {
 <?php
 	$style = '';
 
-	function sort_plugins($plug1, $plug2) {
-		return strnatcasecmp($plug1['Name'], $plug2['Name']);
-	}
-	
-	uksort($plugins, 'sort_plugins');
-
 	foreach($plugins as $plugin_file => $plugin_data) {
 		$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
 
 		if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
-			$action = "<a href='plugins.php?action=deactivate&amp;plugin=$plugin_file' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
+			$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&amp;plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
 			$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
 			$style .= $style == 'alternate' ? ' active' : 'active';
 		} else {
-			$action = "<a href='plugins.php?action=activate&amp;plugin=$plugin_file' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
+			$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
 		}
 		$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
 		if ($style != '') $style = 'class="' . $style . '"';

wp-admin/post.php

@@ -30,7 +30,8 @@ $editing = true;
 
 switch($action) {
 case 'post':
-
+	check_admin_referer('add-post');
+	
 	$post_ID = write_post();
 
 	// Redirect.
@@ -47,16 +48,16 @@ case 'post':
 			break;
 		}
 	} else {
-		$location = 'post.php?posted=true';
+		$location = "post.php?posted=$post_ID";
 	}
 
 	if ( 'static' == $_POST['post_status'] )
-		$location = "page-new.php?saved=true";
+		$location = "page-new.php?saved=$post_ID";
 
 	if ( isset($_POST['save']) )
 		$location = "post.php?action=edit&post=$post_ID";
 
-	header("Location: $location");
+	wp_redirect($location);
 	exit();
 	break;
 
@@ -80,7 +81,7 @@ case 'edit':
 	?>
 	<div id='preview' class='wrap'>
 	<h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?> <small class="quickjump"><a href="#write-post"><?php _e('edit &uarr;'); ?></a></small></h2>
-		<iframe src="<?php echo add_query_arg('preview', 'true', get_permalink($post->ID)); ?>" width="100%" height="600" ></iframe>
+		<iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
 	</div>
 	<?php
 	break;
@@ -88,6 +89,8 @@ case 'edit':
 case 'editattachment':
 	$post_id = (int) $_POST['post_ID'];
 
+	check_admin_referer('update-attachment_' . $post_id);
+
 	// Don't let these be changed
 	unset($_POST['guid']);
 	$_POST['post_status'] = 'attachment';
@@ -102,15 +105,23 @@ case 'editattachment':
 		add_post_meta($post_id, '_wp_attachment_metadata', $newmeta);
 
 case 'editpost':
+	$post_ID = (int) $_POST['post_ID'];
+	check_admin_referer('update-post_' . $post_ID);
+	
 	$post_ID = edit_post();
 
+	$referredby = '';
+	if ( !empty($_POST['referredby']) )
+		$referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
+	$referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
+	
 	if ($_POST['save']) {
-		$location = $_SERVER['HTTP_REFERER'];
+		$location = wp_get_referer();
 	} elseif ($_POST['updatemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=2#postcustom';
+		$location = wp_get_referer() . '&message=2#postcustom';
 	} elseif ($_POST['deletemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=3#postcustom';
-	} elseif (isset($_POST['referredby']) && $_POST['referredby'] != $_SERVER['HTTP_REFERER']) {
+		$location = wp_get_referer() . '&message=3#postcustom';
+	} elseif (!empty($referredby) && $referredby != $referer) {
 		$location = $_POST['referredby'];
 		if ( $_POST['referredby'] == 'redo' )
 			$location = get_permalink( $post_ID );
@@ -119,15 +130,15 @@ case 'editpost':
 	} else {
 		$location = 'post.php';
 	}
-	header ('Location: ' . $location); // Send user on their way while we keep working
+
+	wp_redirect($location); // Send user on their way while we keep working
 
 	exit();
 	break;
 
 case 'delete':
-	check_admin_referer();
-
 	$post_id = (isset($_GET['post']))  ? intval($_GET['post']) : intval($_POST['post_ID']);
+	check_admin_referer('delete-post_' . $post_id);
 
 	$post = & get_post($post_id);
 	
@@ -142,11 +153,11 @@ case 'delete':
 			die( __('Error in deleting...') );
 	}
 
-	$sendback = $_SERVER['HTTP_REFERER'];
+	$sendback = wp_get_referer();
 	if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
 	elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
 	$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
-	header ('Location: ' . $sendback);
+	wp_redirect($sendback);
 	break;
 
 case 'editcomment':
@@ -198,6 +209,7 @@ case 'confirmdeletecomment':
 	echo "<input type='hidden' name='p' value='$p' />\n";
 	echo "<input type='hidden' name='comment' value='{$comment->comment_ID}' />\n";
 	echo "<input type='hidden' name='noredir' value='1' />\n";
+	wp_nonce_field('delete-comment_' .  $comment->comment_ID);
 	echo "<input type='submit' value='" . __('Yes') . "' />";
 	echo "&nbsp;&nbsp;";
 	echo "<input type='button' value='" . __('No') . "' onclick=\"self.location='". get_settings('siteurl') ."/wp-admin/edit.php?p=$p&amp;c=1#comments';\" />\n";
@@ -207,10 +219,9 @@ case 'confirmdeletecomment':
 	break;
 
 case 'deletecomment':
-
-	check_admin_referer();
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('delete-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
@@ -229,19 +240,18 @@ case 'deletecomment':
 	wp_set_comment_status($comment->comment_ID, "delete");
 	do_action('delete_comment', $comment->comment_ID);
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
 
 	break;
 
 case 'unapprovecomment':
-
-	check_admin_referer();
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('unapprove-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
@@ -257,17 +267,17 @@ case 'unapprovecomment':
 
 	wp_set_comment_status($comment->comment_ID, "hold");
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
 
 	break;
 
 case 'mailapprovecomment':
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('approve-comment_' . $comment);
 
 	if ( ! $comment = get_comment($comment) )
 			 die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
@@ -281,13 +291,14 @@ case 'mailapprovecomment':
 			wp_notify_postauthor($comment->comment_ID);
 	}
 
-	header('Location: ' . get_option('siteurl') . '/wp-admin/moderation.php?approved=1');
+	wp_redirect(get_option('siteurl') . '/wp-admin/moderation.php?approved=1');
 
 	break;
 
 case 'approvecomment':
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('approve-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
@@ -307,25 +318,27 @@ case 'approvecomment':
 	}
 
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
 
 	break;
 
 case 'editedcomment':
 
+	$comment_ID = (int) $_POST['comment_ID'];
+	$comment_post_ID = (int)  $_POST['comment_post_ID'];
+
+	check_admin_referer('update-comment_' . $comment_ID);
+
 	edit_comment();
 
-	$referredby = $_POST['referredby'];
-	if (!empty($referredby)) {
-		header('Location: ' . $referredby);
-	} else {
-		header ("Location: edit.php?p=$comment_post_ID&c=1#comments");
-	}
-
+	$location = ( empty($_POST['referredby']) ? "edit.php?p=$comment_post_ID&c=1" : $_POST['referredby'] ) . '#comment-' . $comment_ID;
+	$location = apply_filters('comment_edit_redirect', $location, $comment_ID);
+	wp_redirect($location);
+	exit();
 	break;
 
 default:
@@ -333,7 +346,7 @@ default:
 	require_once ('./admin-header.php');
 ?>
 <?php if ( isset($_GET['posted']) ) : ?>
-<div id="message" class="updated fade"><p><?php printf(__('Post saved. <a href="%s">View site &raquo;</a>'), get_bloginfo('home') . '/'); ?></p></div>
+<div id="message" class="updated fade"><p><strong><?php _e('Post saved.'); ?></strong> <a href="<?php echo get_permalink( $_GET['posted'] ); ?>"><?php _e('View post'); ?> &raquo;</a></p></div>
 <?php endif; ?>
 <?php
 	if ( current_user_can('edit_posts') ) {
@@ -368,7 +381,7 @@ default:
 
 		include('edit-form-advanced.php');
 ?>
-<div class="wrap">
+<div id="wp-bookmarklet" class="wrap">
 <?php echo '<h3>'.__('WordPress bookmarklet').'</h3>
 <p>'.__('Right click on the following link and choose "Add to favorites" to create a posting shortcut.').'</p>'; ?>
 <p>

wp-admin/profile-update.php

@@ -2,7 +2,7 @@
 
 require_once('admin.php');
 
-check_admin_referer();
+check_admin_referer('update-profile_' . $user_ID);
 
 if ( !$_POST )
 	die( __('No post?') );

wp-admin/profile.php

@@ -5,7 +5,7 @@ $title = __('Profile');
 
 $parent_file = 'profile.php';
 include_once('admin-header.php');
-$profileuser = new WP_User($user_ID);
+$profileuser = get_user_to_edit($user_ID);
 
 $bookmarklet_height= 440;
 ?>
@@ -19,6 +19,7 @@ $bookmarklet_height= 440;
 <div class="wrap">
 <h2><?php _e('Your Profile and Personal Options'); ?></h2>
 <form name="profile" id="your-profile" action="profile-update.php" method="post">
+<?php wp_nonce_field('update-profile_' . $user_ID) ?>
 <p>
 <input type="hidden" name="from" value="profile" />
 <input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />

wp-admin/setup-config.php

@@ -1,17 +1,18 @@
 <?php
 define('WP_INSTALLING', true);
 
-if (file_exists('../wp-config.php')) 
-	die("The file 'wp-config.php' already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try <a href='install.php'>installing now</a>.");
-
 if (!file_exists('../wp-config-sample.php'))
     die('Sorry, I need a wp-config-sample.php file to work from. Please re-upload this file from your WordPress installation.');
+
 $configFile = file('../wp-config-sample.php');
 
 if (!is_writable('../')) die("Sorry, I can't write to the directory. You'll have to either change the permissions on your WordPress directory or create your wp-config.php manually.");
 
-$step = 0;
-if(isset($_GET['step'])) $step = $_GET['step'];
+
+if (isset($_GET['step']))
+	$step = $_GET['step'];
+else
+	$step = 0;
 header( 'Content-Type: text/html; charset=utf-8' );
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -20,45 +21,74 @@ header( 'Content-Type: text/html; charset=utf-8' );
 <title>WordPress &rsaquo; Setup Configuration File</title>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <style media="screen" type="text/css">
-    <!--
+	<!--
+	html {
+		background: #eee;
+	}
 	body {
+		background: #fff;
+		color: #000;
 		font-family: Georgia, "Times New Roman", Times, serif;
-		margin-left: 15%;
-		margin-right: 15%;
+		margin-left: 20%;
+		margin-right: 20%;
+		padding: .2em 2em;
+	}
+
+	h1 {
+		color: #006;
+		font-size: 18px;
+		font-weight: lighter;
+	}
+
+	h2 {
+		font-size: 16px;
+	}
+
+	p, li, dt {
+		line-height: 140%;
+		padding-bottom: 2px;
+	}
+
+	ul, ol {
+		padding: 5px 5px 5px 20px;
 	}
 	#logo {
-		margin: 0;
-		padding: 0;
-		background-image: url(http://wordpress.org/images/logo.png);
-		background-repeat: no-repeat;
-		height: 60px;
-		border-bottom: 4px solid #333;
+		margin-bottom: 2em;
 	}
-	#logo a {
-		display: block;
-		height: 60px;
+	.step a, .step input {
+		font-size: 2em;
 	}
-	#logo a span {
-		display: none;
+	td input {
+		font-size: 1.5em;
 	}
-	p, li {
-		line-height: 140%;
+	.step, th {
+		text-align: right;
 	}
-    -->
+	#footer {
+		text-align: center;
+		border-top: 1px solid #ccc;
+		padding-top: 1em;
+		font-style: italic;
+	}
+	-->
 	</style>
 </head>
-<body> 
-<h1 id="logo"><a href="http://wordpress.org/"><span>WordPress</span></a></h1> 
+<body>
+<h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
 <?php
+// Check if wp-config.php has been created
+if (file_exists('../wp-config.php'))
+	die("<p>The file 'wp-config.php' already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try <a href='install.php'>installing now</a>.</p></body></html>");
 
 switch($step) {
 	case 0:
 ?> 
+
 <p>Welcome to WordPress. Before getting started, we need some information on the database. You will need to know the following items before proceeding.</p> 
 <ol> 
   <li>Database name</li> 
   <li>Database username</li> 
-  <li>Database password</li> 
+  <li>Database password</li>
   <li>Database host</li> 
   <li>Table prefix (if you want to run more than one WordPress in a single database) </li>
 </ol> 
@@ -70,40 +100,42 @@ switch($step) {
 	case 1:
 	?> 
 </p> 
-<form method="post" action="setup-config.php?step=2"> 
+<form method="post" action="setup-config.php?step=2">
   <p>Below you should enter your database connection details. If you're not sure about these, contact your host. </p>
   <table> 
     <tr> 
       <th scope="row">Database Name</th> 
-      <td><input name="dbname" type="text" size="45" value="wordpress" /></td> 
+      <td><input name="dbname" type="text" size="25" value="wordpress" /></td>
       <td>The name of the database you want to run WP in. </td> 
     </tr> 
     <tr> 
       <th scope="row">User Name</th> 
-      <td><input name="uname" type="text" size="45" value="username" /></td> 
+      <td><input name="uname" type="text" size="25" value="username" /></td>
       <td>Your MySQL username</td> 
     </tr> 
     <tr> 
       <th scope="row">Password</th> 
-      <td><input name="pwd" type="text" size="45" value="password" /></td> 
+      <td><input name="pwd" type="text" size="25" value="password" /></td>
       <td>...and MySQL password.</td> 
     </tr> 
     <tr> 
       <th scope="row">Database Host</th> 
-      <td><input name="dbhost" type="text" size="45" value="localhost" /></td> 
+      <td><input name="dbhost" type="text" size="25" value="localhost" /></td>
       <td>99% chance you won't need to change this value.</td> 
     </tr>
     <tr>
       <th scope="row">Table Prefix</th>
-      <td><input name="prefix" type="text" id="prefix" value="wp_" size="45" /></td>
+      <td><input name="prefix" type="text" id="prefix" value="wp_" size="25" /></td>
       <td>If you want to run multiple WordPress installations in a single database, change this.</td>
     </tr> 
-  </table> 
-  <input name="submit" type="submit" value="Submit" /> 
+  </table>
+  <h2 class="step">
+  <input name="submit" type="submit" value="Submit" />
+  </h2>
 </form> 
 <?php
 	break;
-	
+
 	case 2:
 	$dbname  = trim($_POST['dbname']);
     $uname   = trim($_POST['uname']);
@@ -149,8 +181,8 @@ switch($step) {
 <p>All right sparky! You've made it through this part of the installation. WordPress can now communicate with your database. If you are ready, time now to <a href="install.php">run the install!</a></p> 
 <?php
 	break;
-
 }
-?> 
+?>
+<p id="footer"><a href="http://wordpress.org/">WordPress</a>, personal publishing platform.</p>
 </body>
 </html>

wp-admin/sidebar.php

@@ -48,7 +48,7 @@ form {
 </head>
 <body id="sidebar">
 <h1 id="wphead"><a href="http://wordpress.org/" rel="external">WordPress</a></h1>
-<form name="post" action="post.php" method="POST">
+<form name="post" action="post.php" method="post">
 <div><input type="hidden" name="action" value="post" />
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" name="mode" value="sidebar" />

wp-admin/templates.php

@@ -36,6 +36,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer('edit-file_' . $file);
+
 	if ( ! current_user_can('edit_files') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
@@ -45,12 +47,12 @@ case 'update':
 		if ( $f ) {
 			fwrite($f, $newcontent);
 			fclose($f);
-			header("Location: templates.php?file=$file&a=te");
+			wp_redirect("templates.php?file=$file&a=te");
 		} else {
-			header("Location: templates.php?file=$file&a=err");
+			wp_redirect("templates.php?file=$file&a=err");
 		}
 	} else {
-		header("Location: templates.php?file=$file&a=err");
+		wp_redirect("templates.php?file=$file&a=err");
 	}
 
 	exit();
@@ -69,14 +71,17 @@ default:
 
 	update_recently_edited($file);
 
-	if (!is_file($real_file))
+	if ( !is_file($real_file) ) {
 		$error = true;
-	
-	if (!$error) {
+	} else {
 		$f = @ fopen($real_file, 'r');
 		if ( $f ) {
-			$content = fread($f, filesize($real_file));
-			$content = htmlspecialchars($content);
+			if ( filesize($real_file ) > 0 ) {
+				$content = fread($f, filesize($real_file));
+				$content = htmlspecialchars($content);
+			} else {
+				$content = '';
+			}
 		} else {
 			$error = true;
 		}
@@ -106,7 +111,7 @@ if ( $recents ) :
 <?php
 echo '<ol>';
 foreach ($recents as $recent) :
-	echo "<li><a href='templates.php?file=$recent'>" . get_file_description(basename($recent)) . "</a></li>";
+	echo "<li><a href='templates.php?file=" . attribute_escape($recent) . "'>" . wp_specialchars(get_file_description(basename($recent))) . "</a></li>";
 endforeach;
 echo '</ol>';
 endif;
@@ -126,6 +131,7 @@ endif;
 </div>
 <?php if (!$error) { ?>
   <form name="template" id="template" action="templates.php" method="post"> 
+  <?php wp_nonce_field('edit-file_' . $file) ?>
      <div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea> 
      <input type="hidden" name="action" value="update" /> 
      <input type="hidden" name="file" value="<?php echo $file ?>" /> 

wp-admin/theme-editor.php

@@ -47,6 +47,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer('edit-theme_' . $file . $theme);
+
 	if ( !current_user_can('edit_themes') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
@@ -56,11 +58,15 @@ case 'update':
 		$f = fopen($real_file, 'w+');
 		fwrite($f, $newcontent);
 		fclose($f);
-		header("Location: theme-editor.php?file=$file&theme=$theme&a=te");
+		$location = "theme-editor.php?file=$file&theme=$theme&a=te";
 	} else {
-		header("Location: theme-editor.php?file=$file&theme=$theme");
+		$location = "theme-editor.php?file=$file&theme=$theme";
 	}
 
+	$location = wp_kses_no_null($location);
+	$strip = array('%0d', '%0a');
+	$location = str_replace($strip, '', $location);
+	header("Location: $location");
 	exit();
 
 break;
@@ -95,7 +101,7 @@ default:
 		$theme_name = $a_theme['Name'];
 		if ($theme_name == $theme) $selected = " selected='selected'";
 		else $selected = '';
-		$theme_name = wp_specialchars($theme_name, true);
+		$theme_name = attribute_escape($theme_name);
 		echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
 	}
 ?>
@@ -129,6 +135,7 @@ if ($allowed_files) :
 	if (!$error) {
 	?> 
   <form name="template" id="template" action="theme-editor.php" method="post">
+  <?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
 		 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 
      <input type="hidden" name="action" value="update" /> 
      <input type="hidden" name="file" value="<?php echo $file ?>" /> 

wp-admin/themes.php

@@ -2,7 +2,7 @@
 require_once('admin.php');
 
 if ( isset($_GET['action']) ) {
-	check_admin_referer();
+	check_admin_referer('switch-theme_' . $_GET['template']);
 	
 	if ('activate' == $_GET['action']) {
 		if ( isset($_GET['template']) )
@@ -13,7 +13,7 @@ if ( isset($_GET['action']) ) {
 		
 		do_action('switch_theme', get_current_theme());
 		
-		header('Location: themes.php?activated=true');
+		wp_redirect('themes.php?activated=true');
 		exit;
 	}
 }
@@ -69,7 +69,7 @@ foreach ($theme_names as $theme_name) {
 	$author = $themes[$theme_name]['Author'];
 	$screenshot = $themes[$theme_name]['Screenshot'];
 	$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
-	$activate_link = "themes.php?action=activate&template=$template&stylesheet=$stylesheet";
+	$activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme_' . $template);
 ?>
 <div class="available-theme">
 <h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>

wp-admin/update-links.php

@@ -23,7 +23,7 @@ $http_request .= "\r\n";
 $http_request .= $query_string;
 
 $response = '';
-if( false !== ( $fs = fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
+if ( false !== ( $fs = @fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
 	fwrite($fs, $http_request);
 	while ( !feof($fs) )
 		$response .= fgets($fs, 1160); // One TCP-IP packet

wp-admin/upgrade-schema.php

@@ -123,7 +123,8 @@ CREATE TABLE $wpdb->posts (
   post_mime_type varchar(100) NOT NULL default '',
   comment_count bigint(20) NOT NULL default '0',
   PRIMARY KEY  (ID),
-  KEY post_name (post_name)
+  KEY post_name (post_name),
+  KEY post_status (post_status)
 );
 CREATE TABLE $wpdb->users (
   ID bigint(20) unsigned NOT NULL auto_increment,
@@ -211,7 +212,7 @@ function populate_options() {
 	add_option('page_uris');
 	add_option('blacklist_keys');
 	add_option('comment_registration', 0);
-	add_option('open_proxy_check', 1);
+	add_option('open_proxy_check', 0);
 	add_option('rss_language', 'en');
 	add_option('html_type', 'text/html');
 	// 1.5.1
@@ -229,6 +230,9 @@ function populate_options() {
 		add_option('uploads_use_yearmonth_folders', 1);
 		add_option('upload_path', 'wp-content/uploads');
 	}
+	
+	// 2.0.3
+	add_option('secret', md5(uniqid(microtime())));
 
 	// Delete unused options
 	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog');

wp-admin/upgrade.php

@@ -67,7 +67,7 @@ text-align: center; border-top: 1px solid #ccc; padding-top: 1em; font-style: it
 switch($step) {
 
 	case 0:
-	$goback = wp_specialchars($_SERVER['HTTP_REFERER'], 1);
+	$goback = attribute_escape(stripslashes(wp_get_referer()));
 ?> 
 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
 	<h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
@@ -75,15 +75,18 @@ switch($step) {
 	break;
 	
 	case 1:
-	wp_cache_flush();
-	make_db_current_silent();
-	upgrade_all();
-	wp_cache_flush();
+	$wp_current_db_version = __get_option('db_version');
+	if ( $wp_db_version != $wp_current_db_version ) {
+		wp_cache_flush();
+		make_db_current_silent();
+		upgrade_all();
+		wp_cache_flush();
+	}
 
 	if ( empty( $_GET['backto'] ) )
 		$backto = __get_option('home');
 	else
-		$backto = wp_specialchars( $_GET['backto'] , 1 );
+		$backto = attribute_escape(stripslashes($_GET['backto']));
 ?> 
 <h2><?php _e('Step 1'); ?></h2> 
 	<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"),  $backto); ?></p>

wp-admin/user-edit.php

@@ -21,6 +21,11 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 	}
 }
 
+$user_id = (int) $user_id;
+
+if ( !$user_id )
+	die(__('Invalid user ID.'));
+
 switch ($action) {
 case 'switchposts':
 
@@ -32,24 +37,28 @@ break;
 
 case 'update':
 
+check_admin_referer('update-user_' . $user_id);
+
 $errors = array();
 
 if (!current_user_can('edit_users'))
-	$errors['head'] = __('You do not have permission to edit this user.');
+	die(__('You do not have permission to edit this user.'));
 else
 	$errors = edit_user($user_id);
 
 if(count($errors) == 0) {
-	header("Location: user-edit.php?user_id=$user_id&updated=true");
+	wp_redirect("user-edit.php?user_id=$user_id&updated=true");
 	exit;
 }
 
 default:
 include ('admin-header.php');
 
-$profileuser = new WP_User($user_id);
+$profileuser = get_user_to_edit($user_id);
+
+if (!current_user_can('edit_users')) 
+	die__('You do not have permission to edit this user.');
 
-if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.');
 ?>
 
 <?php if ( isset($_GET['updated']) ) : ?>
@@ -71,6 +80,7 @@ if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permi
 <h2><?php _e('Edit User'); ?></h2>
 
 <form name="profile" id="your-profile" action="user-edit.php" method="post">
+<?php wp_nonce_field('update-user_' . $user_id) ?>
 <p>
 <input type="hidden" name="from" value="profile" />
 <input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />

wp-admin/users.php

@@ -11,10 +11,11 @@ $update = '';
 switch ($action) {
 
 case 'promote':
-	check_admin_referer();
+	check_admin_referer('bulk-users');
 
 	if (empty($_POST['users'])) {
-		header('Location: users.php');
+		wp_redirect('users.php');
+		exit();
 	}
 
 	if ( !current_user_can('edit_users') )
@@ -33,16 +34,18 @@ case 'promote':
  		$user->set_role($_POST['new_role']);
  	}
 		
-	header('Location: users.php?update=' . $update);
+	wp_redirect('users.php?update=' . $update);
+	exit();
 
 break;
 
 case 'dodelete':
 
-	check_admin_referer();
+	check_admin_referer('delete-users');
 
 	if ( empty($_POST['users']) ) {
-		header('Location: users.php');
+		wp_redirect('users.php');
+		exit();
 	}
 
 	if ( !current_user_can('edit_users') )
@@ -66,16 +69,17 @@ case 'dodelete':
 		}
 	}
 
-	header('Location: users.php?update=' . $update);
-
+	wp_redirect('users.php?update=' . $update);
+	exit();
 break;
 
 case 'delete':
 
-	check_admin_referer();
+	check_admin_referer('bulk-users');
 
-	if (empty($_POST['users'])) {
-		header('Location: users.php');
+	if ( empty($_POST['users']) ) {
+		wp_redirect('users.php');
+		exit();
 	}
 
 	if ( !current_user_can('edit_users') )
@@ -86,6 +90,7 @@ case 'delete':
 	include ('admin-header.php');
 ?>
 <form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('delete-users') ?>
 <div class="wrap">
 <h2><?php _e('Delete Users'); ?></h2>
 <p><?php _e('You have specified these users for deletion:'); ?></p>
@@ -131,13 +136,13 @@ case 'delete':
 break;
 
 case 'adduser':
-	check_admin_referer();
+	check_admin_referer('add-user');
 	
 	$errors = add_user();
 	
-	if(count($errors) == 0) {
-		header('Location: users.php?update=add');
-		die();
+	if ( count($errors) == 0 ) {
+		wp_redirect('users.php?update=add');
+		exit();
 	}
 
 default:
@@ -200,12 +205,13 @@ default:
 	?>
 	
 <form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('bulk-users') ?>
 <div class="wrap">
 	<h2><?php _e('User List by Role'); ?></h2>
   <table cellpadding="3" cellspacing="3" width="100%">
 	<?php
 	foreach($roleclasses as $role => $roleclass) {
-		ksort($roleclass);
+		uksort($roleclass, "strnatcasecmp");
 		?>
 
 	<tr>
@@ -280,6 +286,7 @@ $role_select .= '</select>';
 <h2><?php _e('Add New User') ?></h2>
 <?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'</p>'; ?>
 <form action="" method="post" name="adduser" id="adduser">
+  <?php wp_nonce_field('add-user') ?>
   <table class="editform" width="100%" cellspacing="2" cellpadding="5">
     <tr>
       <th scope="row" width="33%"><?php _e('Nickname') ?>

wp-admin/wp-admin.css

@@ -357,6 +357,14 @@ table .vers, table .name {
 	text-align: center;
 }
 
+textarea.all-options, input.all-options {
+	width: 250px;
+}
+
+input.disabled, textarea.disabled {
+	background: #ccc;
+}
+
 #adminmenu {
 	background: #6da6d1;
 	border-top: 3px solid #448abd;
@@ -848,6 +856,11 @@ table .vers, table .name {
 	padding-right: 2px;
 }
 
+#moremeta fieldset.dbx-box-closed {
+	background: url(images/box-butt.gif) no-repeat bottom;
+	padding-bottom: 9px;
+}
+
 /* handles */
 
 .dbx-handle  {
@@ -868,6 +881,55 @@ table .vers, table .name {
 	background: url(images/box-bg.gif) repeat-y right;
 }
 
+#advancedstuff h3.dbx-handle {
+	margin-left: 7px;
+	margin-bottom: -7px;
+	padding: 6px 1em 0 3px;
+	background: #2685af url(images/box-head-right.gif) no-repeat top right;
+}
+
+#advancedstuff div.dbx-h-andle-wrapper {
+	margin: 0 0 0 -7px;
+	background: #fff url(images/box-head-left.gif) no-repeat top left;
+}
+
+#advancedstuff div.dbx-content {
+	margin-left: 8px;
+	background: url(images/box-bg-right.gif) repeat-y right;
+	padding: 10px 10px 15px 0px;
+}
+
+#postexcerpt div.dbx-content {
+	margin-right: 0;
+	padding-right: 17px;
+}
+
+#advancedstuff div.dbx-c-ontent-wrapper {
+	margin-left: -7px;
+	margin-right: 0;
+	background: url(images/box-bg-left.gif) repeat-y left;
+}
+
+#advancedstuff fieldset.dbx-box {
+	padding-bottom: 9px;
+	margin-left: 6px;
+	background: url(images/box-butt-right.gif) no-repeat bottom right;
+}
+
+#advancedstuff div.dbx-b-ox-wrapper {
+	background: url(images/box-butt-left.gif) no-repeat bottom left;
+}
+
+#advancedstuff .dbx-box-closed div.dbx-c-ontent-wrapper {
+	padding-bottom: 2px;
+	background: url(images/box-butt-left.gif) no-repeat bottom left;
+}
+
+#advancedstuff .dbx-box {
+	background: url(images/box-butt-right.gif) no-repeat bottom right;
+}
+
+
 /* handle cursors */
 .dbx-handle-cursor {
 	cursor: move;
@@ -902,12 +964,16 @@ a.dbx-toggle, a.dbx-toggle:visited {
 #advancedstuff a.dbx-toggle, #advancedstuff a.dbx-toggle-open:visited {
 	height: 22px;
 	width: 22px;
+	top: 3px;
+	right: 5px;
 	background-position: 0 -3px;
 }
 
 #advancedstuff a.dbx-toggle-open, #advancedstuff a.dbx-toggle-open:visited {
 	height: 22px;
 	width: 22px;
+	top: 3px;
+	right: 5px;
 	background-position: 0 -28px;
 }
 

wp-comments-post.php

@@ -24,11 +24,11 @@ $comment_author_url   = trim($_POST['url']);
 $comment_content      = trim($_POST['comment']);
 
 // If the user is logged in
-get_currentuserinfo();
-if ( $user_ID ) :
-	$comment_author       = $wpdb->escape($user_identity);
-	$comment_author_email = $wpdb->escape($user_email);
-	$comment_author_url   = $wpdb->escape($user_url);
+$user = wp_get_current_user();
+if ( $user->ID ) :
+	$comment_author       = $wpdb->escape($user->display_name);
+	$comment_author_email = $wpdb->escape($user->user_email);
+	$comment_author_url   = $wpdb->escape($user->user_url);
 else :
 	if ( get_option('comment_registration') )
 		die( __('Sorry, you must be logged in to post a comment.') );
@@ -36,7 +36,7 @@ endif;
 
 $comment_type = '';
 
-if ( get_settings('require_name_email') && !$user_ID ) {
+if ( get_settings('require_name_email') && !$user->ID ) {
 	if ( 6 > strlen($comment_author_email) || '' == $comment_author )
 		die( __('Error: please fill the required fields (name, email).') );
 	elseif ( !is_email($comment_author_email))
@@ -48,16 +48,18 @@ if ( '' == $comment_content )
 
 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');
 
-wp_new_comment( $commentdata );
+$comment_id = wp_new_comment( $commentdata );
 
-if ( !$user_ID ) :
-	setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie('comment_author_url_' . COOKIEHASH, stripslashes($comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+if ( !$user->ID ) :
+	$comment = get_comment($comment_id);
+	setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+	setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+	setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
 endif;
 
-$location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; 
+$location = ( empty($_POST['redirect_to']) ? get_permalink($comment_post_ID) : $_POST['redirect_to'] ) . '#comment-' . $comment_id;
+$location = apply_filters('comment_post_redirect', $location, $comment);
 
-wp_redirect( $location );
+wp_redirect($location);
 
-?>
+?>

wp-content/plugins/wp-db-backup.php

@@ -4,7 +4,7 @@ Plugin Name: WordPress Database Backup
 Plugin URI: http://www.skippy.net/blog/plugins/
 Description: On-demand backup of your WordPress database.
 Author: Scott Merrill
-Version: 1.7
+Version: 1.8
 Author URI: http://www.skippy.net/
 
 Much of this was modified from Mark Ghosh's One Click Backup, which
@@ -36,13 +36,13 @@ class wpdbBackup {
 	}
 
 	function wpdbBackup() {
-				
 		add_action('wp_cron_daily', array(&$this, 'wp_cron_daily'));
 
 		$this->backup_dir = trailingslashit($this->backup_dir);
 		$this->basename = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', __FILE__);
 	
 		if (isset($_POST['do_backup'])) {
+			if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
 			switch($_POST['do_backup']) {
 			case 'backup':
 				$this->perform_backup();
@@ -52,8 +52,10 @@ class wpdbBackup {
 				break;				
 			}
 		} elseif (isset($_GET['fragment'] )) {
+			if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
 			add_action('init', array(&$this, 'init'));
 		} elseif (isset($_GET['backup'] )) {
+			if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
 			add_action('init', array(&$this, 'init'));
 		} else {
 			add_action('admin_menu', array(&$this, 'admin_menu'));
@@ -61,16 +63,14 @@ class wpdbBackup {
 	}
 	
 	function init() {
-		global $user_level;
-		get_currentuserinfo();
-
-		if ($user_level < 9) die(__('Need higher user level.'));
+		if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
 
 		if (isset($_GET['backup'])) {
 			$via = isset($_GET['via']) ? $_GET['via'] : 'http';
 			
 			$this->backup_file = $_GET['backup'];
-			
+			$this->validate_file($this->backup_file);
+
 			switch($via) {
 			case 'smtp':
 			case 'email':
@@ -96,6 +96,7 @@ class wpdbBackup {
 		}
 		if (isset($_GET['fragment'] )) {
 			list($table, $segment, $filename) = explode(':', $_GET['fragment']);
+			$this->validate_file($filename);
 			$this->backup_fragment($table, $segment, $filename);
 		}
 
@@ -307,7 +308,7 @@ class wpdbBackup {
 		
 		$core_tables = $_POST['core_tables'];
 		$this->backup_file = $this->db_backup($core_tables, $also_backup);
-		if (FALSE !== $backup_file) {
+		if (FALSE !== $this->backup_file) {
 			if ('smtp' == $_POST['deliver']) {
 				$this->deliver_backup ($this->backup_file, $_POST['deliver'], $_POST['backup_recipient']);
 			} elseif ('http' == $_POST['deliver']) {
@@ -321,11 +322,11 @@ class wpdbBackup {
 	
 	///////////////////////////////
 	function admin_menu() {
-		add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));
+		add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
 	}
 
 	function fragment_menu() {
-		add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));
+		add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
 	}
 
 	/////////////////////////////////////////////////////////
@@ -882,8 +883,28 @@ class wpdbBackup {
 		
 		return;
 	} // wp_cron_db_backup
+
+	function validate_file($file) {
+		if (false !== strpos($file, '..'))
+			die(__("Cheatin' uh ?"));
+
+		if (false !== strpos($file, './'))
+			die(__("Cheatin' uh ?"));
+
+		if (':' == substr($file, 1, 1))
+			die(__("Cheatin' uh ?"));
+	}
+
 }
 
-$mywpdbbackup = new wpdbBackup();
+function wpdbBackup_init() {
+	global $mywpdbbackup;
+
+	if ( !current_user_can('import') ) return;
+
+	$mywpdbbackup = new wpdbBackup(); 	
+}
+
+add_action('plugins_loaded', 'wpdbBackup_init');
 
 ?>

wp-content/themes/classic/comments-popup.php

@@ -29,9 +29,8 @@ foreach ($posts as $post) { start_wp();
 
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $commentstatus = get_post($id);
 if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) {  // and it doesn't match the cookie
@@ -61,7 +60,7 @@ if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH
 	  <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
 	   <label for="author"><?php _e("Name"); ?></label>
 	<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
-	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
 	</p>
 
 	<p>

wp-content/themes/classic/sidebar.php

@@ -12,7 +12,7 @@
  </li>
  <li id="search">
    <label for="s"><?php _e('Search:'); ?></label>	
-   <form id="searchform" method="get" action="<?php echo $_SERVER['PHP_SELF']; ?>">
+   <form id="searchform" method="get" action="<?php bloginfo('home'); ?>">
 	<div>
 		<input type="text" name="s" id="s" size="15" /><br />
 		<input type="submit" value="<?php _e('Search'); ?>" />

wp-content/themes/default/archive.php

@@ -5,21 +5,21 @@
 		<?php if (have_posts()) : ?>
 
 		 <?php $post = $posts[0]; // Hack. Set $post so that the_date() works. ?>
-<?php /* If this is a category archive */ if (is_category()) { ?>				
+<?php /* If this is a category archive */ if (is_category()) { ?>
 		<h2 class="pagetitle">Archive for the '<?php echo single_cat_title(); ?>' Category</h2>
-		
+
  	  <?php /* If this is a daily archive */ } elseif (is_day()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('F jS, Y'); ?></h2>
-		
+
 	 <?php /* If this is a monthly archive */ } elseif (is_month()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('F, Y'); ?></h2>
 
 		<?php /* If this is a yearly archive */ } elseif (is_year()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('Y'); ?></h2>
-		
+
 	  <?php /* If this is a search */ } elseif (is_search()) { ?>
 		<h2 class="pagetitle">Search Results</h2>
-		
+
 	  <?php /* If this is an author archive */ } elseif (is_author()) { ?>
 		<h2 class="pagetitle">Author Archive</h2>
 
@@ -38,29 +38,29 @@
 		<div class="post">
 				<h3 id="post-<?php the_ID(); ?>"><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h3>
 				<small><?php the_time('l, F jS, Y') ?></small>
-				
+
 				<div class="entry">
 					<?php the_content() ?>
 				</div>
-		
+
 				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p> 
 
 			</div>
-	
+
 		<?php endwhile; ?>
 
 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
 		</div>
-	
+
 	<?php else : ?>
 
 		<h2 class="center">Not Found</h2>
 		<?php include (TEMPLATEPATH . '/searchform.php'); ?>
 
 	<?php endif; ?>
-		
+
 	</div>
 
 <?php get_sidebar(); ?>

wp-content/themes/default/archives.php

@@ -20,6 +20,6 @@ Template Name: Archives
      <?php wp_list_cats(); ?>
   </ul>
 
-</div>	
+</div>
 
 <?php get_footer(); ?>

wp-content/themes/default/attachment.php

@@ -1,9 +1,9 @@
 <?php get_header(); ?>
 
 	<div id="content" class="widecolumn">
-				
+
   <?php if (have_posts()) : while (have_posts()) : the_post(); ?>
-	
+
 		<div class="navigation">
 			<div class="alignleft">&nbsp;</div>
 			<div class="alignright">&nbsp;</div>
@@ -12,13 +12,13 @@
 <?php $_post = &get_post($post->ID); $classname = ($_post->iconsize[0] <= 128 ? 'small' : '') . 'attachment'; // This lets us style narrow icons specially ?>
 		<div class="post" id="post-<?php the_ID(); ?>">
 			<h2><a href="<?php echo get_permalink($post->post_parent); ?>" rev="attachment"><?php echo get_the_title($post->post_parent); ?></a> &raquo; <a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2>
-			<div class="entrytext">
+			<div class="entry">
 				<p class="<?php echo $classname; ?>"><?php echo $attachment_link; ?><br /><?php echo basename($post->guid); ?></p>
 
 				<?php the_content('<p class="serif">Read the rest of this entry &raquo;</p>'); ?>
-	
+
 				<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-	
+
 				<p class="postmetadata alt">
 					<small>
 						This entry was posted
@@ -29,39 +29,39 @@
 						on <?php the_time('l, F jS, Y') ?> at <?php the_time() ?>
 						and is filed under <?php the_category(', ') ?>.
 						You can follow any responses to this entry through the <?php comments_rss_link('RSS 2.0'); ?> feed. 
-						
+
 						<?php if (('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Both Comments and Pings are open ?>
 							You can <a href="#respond">leave a response</a>, or <a href="<?php trackback_url(true); ?>" rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (!('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Only Pings are Open ?>
 							Responses are currently closed, but you can <a href="<?php trackback_url(true); ?> " rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Comments are open, Pings are not ?>
 							You can skip to the end and leave a response. Pinging is currently not allowed.
-			
+
 						<?php } elseif (!('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Neither Comments, nor Pings are open ?>
-							Both comments and pings are currently closed.			
-						
+							Both comments and pings are currently closed.
+
 						<?php } edit_post_link('Edit this entry.','',''); ?>
-						
+
 					</small>
 				</p>
-	
+
 			</div>
 		</div>
-		
+
 	<?php comments_template(); ?>
-	
+
 	<?php endwhile; else: ?>
-	
+
 		<p>Sorry, no attachments matched your criteria.</p>
-	
+
 <?php endif; ?>
-	
+
 	</div>
 
 <?php get_footer(); ?>

wp-content/themes/default/comments-popup.php

@@ -29,9 +29,8 @@ foreach ($posts as $post) { start_wp();
 
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $post = get_post($id);
 if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $post->post_password) {  // and it doesn't match the cookie
@@ -61,7 +60,7 @@ if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $pos
 	  <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
 	   <label for="author">Name</label>
 	<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
-	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
 	</p>
 
 	<p>
@@ -103,7 +102,7 @@ if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $pos
 <?php // Seen at http://www.mijnkopthee.nl/log2/archive/2003/05/28/esc(18) ?>
 <script type="text/javascript">
 <!--
-document.onkeypress = function esc(e) {	
+document.onkeypress = function esc(e) {
 	if(typeof(e) == "undefined") { e=event; }
 	if (e.keyCode == 27) { self.close(); }
 }

wp-content/themes/default/comments.php

@@ -5,9 +5,9 @@
         if (!empty($post->post_password)) { // if there's a password
             if ($_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) {  // and it doesn't match the cookie
 				?>
-				
+
 				<p class="nocomments">This post is password protected. Enter the password to view comments.<p>
-				
+
 				<?php
 				return;
             }
@@ -39,7 +39,7 @@
 
 		</li>
 
-	<?php /* Changes every other comment to a different class */	
+	<?php /* Changes every other comment to a different class */
 		if ('alt' == $oddcomment) $oddcomment = '';
 		else $oddcomment = 'alt';
 	?>
@@ -52,11 +52,11 @@
 
   <?php if ('open' == $post->comment_status) : ?> 
 		<!-- If comments are open, but there are no comments. -->
-		
+
 	 <?php else : // comments are closed ?>
 		<!-- If comments are closed. -->
 		<p class="nocomments">Comments are closed.</p>
-		
+
 	<?php endif; ?>
 <?php endif; ?>
 

wp-content/themes/default/footer.php

@@ -1,6 +1,7 @@
 
 <hr />
 <div id="footer">
+<!-- If you'd like to support WordPress, having the "powered by" link someone on your blog is the best way, it's our only promotion or advertising. -->
 	<p>
 		<?php bloginfo('name'); ?> is proudly powered by 
 		<a href="http://wordpress.org/">WordPress</a>

wp-content/themes/default/functions.php

@@ -57,7 +57,7 @@ function kubrick_header_color_string() {
 	$color = kubrick_header_color();
 	if ( false === $color )
 		return 'white';
-		
+
 	return $color;
 }
 
@@ -100,21 +100,21 @@ function kubrick_add_theme_page() {
 					}
 				}
 			} else {
-	
+
 				if ( isset($_REQUEST['headerimage']) ) {
 					if ( '' == $_REQUEST['headerimage'] )
 						delete_option('kubrick_header_image');
 					else
 						update_option('kubrick_header_image', $_REQUEST['headerimage']);
 				}
-	
+
 				if ( isset($_REQUEST['fontcolor']) ) {
 					if ( '' == $_REQUEST['fontcolor'] )
 						delete_option('kubrick_header_color');
 					else
 						update_option('kubrick_header_color', $_REQUEST['fontcolor']);
 				}
-	
+
 				if ( isset($_REQUEST['fontdisplay']) ) {
 					if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] )
 						delete_option('kubrick_header_display');
@@ -123,7 +123,7 @@ function kubrick_add_theme_page() {
 				}
 			}
 			//print_r($_REQUEST);
-			header("Location: themes.php?page=functions.php&saved=true");
+			wp_redirect("themes.php?page=functions.php&saved=true");
 			die;
 		}
 		add_action('admin_head', 'kubrick_theme_page_head');
@@ -135,6 +135,7 @@ function kubrick_theme_page_head() {
 ?>
 <script type="text/javascript" src="../wp-includes/js/colorpicker.js"></script>
 <script type='text/javascript'>
+// <![CDATA[
 	function pickColor(color) {
 		ColorPicker_targetInput.value = color;
 		kUpdate(ColorPicker_targetInput.id);
@@ -239,6 +240,7 @@ function kubrick_theme_page_head() {
 		document.getElementById('nonJsForm').style.display = 'none';
 	}
 	addLoadEvent(kInit);
+// ]]>
 </script>
 <style type='text/css'>
 	#headwrap {
@@ -268,7 +270,7 @@ function kubrick_theme_page_head() {
 		font-family: 'Lucida Grande', Verdana, Arial, Sans-Serif;
 		font-size: 1.2em;
 		text-align: center;
-	}	
+	}
 	#kubrick-header #header {
 		text-decoration: none;
 		color: <?php echo kubrick_header_color_string(); ?>;
@@ -351,13 +353,13 @@ function kubrick_theme_page() {
 		</div>
 		<br />
 		<div id="nonJsForm">
-			<form method="POST">
+			<form method="post" action="">
 				<div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div>
 				<label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo kubrick_header_color(); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />
 				<label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo kubrick_upper_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
 				<label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo kubrick_lower_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
 				<input type="hidden" name="hi" id="hi" value="<?php echo kubrick_header_image(); ?>" />
-				<label> </label><input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />
+				<input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />
 				<input type="submit" name="defaults" value="Use Defaults" />
 				<input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;Save&nbsp;&nbsp;" />
 				<input type="hidden" name="action" value="save" />
@@ -381,7 +383,7 @@ function kubrick_theme_page() {
 			</form>
 			<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
 			<div id="advanced">
-				<form id="jsAdvanced" style="display:none;">
+				<form id="jsAdvanced" style="display:none;" action="">
 					<label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo kubrick_header_color(); ?>" /><br />
 					<label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo kubrick_upper_color(); ?>" /><br />
 					<label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo kubrick_lower_color(); ?>" /><br />

wp-content/themes/default/header.php

@@ -13,32 +13,16 @@
 <link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />
 
 <style type="text/css" media="screen">
-/*	To accomodate differing install paths of WordPress, images are referred only here,
-	and not in the wp-layout.css file. If you prefer to use only CSS for colors and what
-	not, then go right ahead and delete the following lines, and the image files. */
-		
-	body { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgcolor.jpg"); }	
-<?php /* Checks to see whether it needs a sidebar or not */ if ((! $withcomments) && (! is_single())) { ?>
+
+<?php 
+// Checks to see whether it needs a sidebar or not
+if ( !$withcomments && !is_single() ) { 
+?>
 	#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbg.jpg") repeat-y top; border: none; }
 <?php } else { // No sidebar ?>
 	#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgwide.jpg") repeat-y top; border: none; } 
 <?php } ?>
-	#header { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickheader.jpg") no-repeat bottom center; }
-	#footer { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickfooter.jpg") no-repeat bottom; border: none;}
 
-/*	Because the template is slightly different, size-wise, with images, this needs to be set here
-	If you don't want to use the template's images, you can also delete the following two lines. */
-		
-	#header 	{ margin: 0 !important; margin: 0 0 0 1px; padding: 1px; height: 198px; width: 758px; }
-	#headerimg 	{ margin: 7px 9px 0; height: 192px; width: 740px; } 
-
-/* 	To ease the insertion of a personal header image, I have done it in such a way,
-	that you simply drop in an image called 'personalheader.jpg' into your /images/
-	directory. Dimensions should be at least 760px x 200px. Anything above that will
-	get cropped off of the image. */
-	/*
-	#headerimg { background: url('<?php bloginfo('stylesheet_directory'); ?>/images/personalheader.jpg') no-repeat top;}
-	*/
 </style>
 
 <?php wp_head(); ?>

wp-content/themes/default/index.php

@@ -3,27 +3,27 @@
 	<div id="content" class="narrowcolumn">
 
 	<?php if (have_posts()) : ?>
-		
+
 		<?php while (have_posts()) : the_post(); ?>
-				
+
 			<div class="post" id="post-<?php the_ID(); ?>">
 				<h2><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h2>
 				<small><?php the_time('F jS, Y') ?> <!-- by <?php the_author() ?> --></small>
-				
+
 				<div class="entry">
 					<?php the_content('Read the rest of this entry &raquo;'); ?>
 				</div>
-		
+
 				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
 			</div>
-	
+
 		<?php endwhile; ?>
 
 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
 		</div>
-		
+
 	<?php else : ?>
 
 		<h2 class="center">Not Found</h2>

wp-content/themes/default/links.php

@@ -13,6 +13,6 @@ Template Name: Links
 <?php get_links_list(); ?>
 </ul>
 
-</div>	
+</div>
 
 <?php get_footer(); ?>

wp-content/themes/default/page.php

@@ -5,11 +5,11 @@
     <?php if (have_posts()) : while (have_posts()) : the_post(); ?>
 		<div class="post" id="post-<?php the_ID(); ?>">
 		<h2><?php the_title(); ?></h2>
-			<div class="entrytext">
+			<div class="entry">
 				<?php the_content('<p class="serif">Read the rest of this page &raquo;</p>'); ?>
-	
+
 				<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-	
+
 			</div>
 		</div>
 	  <?php endwhile; endif; ?>

wp-content/themes/default/search.php

@@ -5,7 +5,7 @@
 	<?php if (have_posts()) : ?>
 
 		<h2 class="pagetitle">Search Results</h2>
-		
+
 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
@@ -13,28 +13,28 @@
 
 
 		<?php while (have_posts()) : the_post(); ?>
-				
+
 			<div class="post">
 				<h3 id="post-<?php the_ID(); ?>"><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h3>
 				<small><?php the_time('l, F jS, Y') ?></small>
-		
+
 				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
 			</div>
-	
+
 		<?php endwhile; ?>
 
 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
 		</div>
-	
+
 	<?php else : ?>
 
 		<h2 class="center">No posts found. Try a different search?</h2>
 		<?php include (TEMPLATEPATH . '/searchform.php'); ?>
 
 	<?php endif; ?>
-		
+
 	</div>
 
 <?php get_sidebar(); ?>

wp-content/themes/default/searchform.php

@@ -1,5 +1,5 @@
 <form method="get" id="searchform" action="<?php bloginfo('home'); ?>/">
-<div><input type="text" value="<?php echo wp_specialchars($s, 1); ?>" name="s" id="s" />
+<div><input type="text" value="<?php echo attribute_escape($s); ?>" name="s" id="s" />
 <input type="submit" id="searchsubmit" value="Search" />
 </div>
 </form>

wp-content/themes/default/sidebar.php

@@ -1,6 +1,6 @@
 	<div id="sidebar">
 		<ul>
-			
+
 			<li>
 				<?php include (TEMPLATEPATH . '/searchform.php'); ?>
 			</li>
@@ -15,11 +15,11 @@
 			<?php /* If this is a 404 page */ if (is_404()) { ?>
 			<?php /* If this is a category archive */ } elseif (is_category()) { ?>
 			<p>You are currently browsing the archives for the <?php single_cat_title(''); ?> category.</p>
-			
+
 			<?php /* If this is a yearly archive */ } elseif (is_day()) { ?>
 			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for the day <?php the_time('l, F jS, Y'); ?>.</p>
-			
+
 			<?php /* If this is a monthly archive */ } elseif (is_month()) { ?>
 			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for <?php the_time('F, Y'); ?>.</p>
@@ -27,7 +27,7 @@
       <?php /* If this is a yearly archive */ } elseif (is_year()) { ?>
 			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for the year <?php the_time('Y'); ?>.</p>
-			
+
 		 <?php /* If this is a monthly archive */ } elseif (is_search()) { ?>
 			<p>You have searched the <a href="<?php echo bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for <strong>'<?php echo wp_specialchars($s); ?>'</strong>. If you are unable to find anything in these search results, you can try one of these links.</p>
@@ -52,9 +52,9 @@
 				</ul>
 			</li>
 
-			<?php /* If this is the frontpage */ if ( is_home() || is_page() ) { ?>				
+			<?php /* If this is the frontpage */ if ( is_home() || is_page() ) { ?>
 				<?php get_links_list(); ?>
-				
+
 				<li><h2>Meta</h2>
 				<ul>
 					<?php wp_register(); ?>
@@ -66,7 +66,7 @@
 				</ul>
 				</li>
 			<?php } ?>
-			
+
 		</ul>
 	</div>
 

wp-content/themes/default/single.php

@@ -1,22 +1,22 @@
 <?php get_header(); ?>
 
 	<div id="content" class="widecolumn">
-				
+
   <?php if (have_posts()) : while (have_posts()) : the_post(); ?>
-	
+
 		<div class="navigation">
 			<div class="alignleft"><?php previous_post_link('&laquo; %link') ?></div>
 			<div class="alignright"><?php next_post_link('%link &raquo;') ?></div>
 		</div>
-	
+
 		<div class="post" id="post-<?php the_ID(); ?>">
 			<h2><a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2>
-	
-			<div class="entrytext">
+
+			<div class="entry">
 				<?php the_content('<p class="serif">Read the rest of this entry &raquo;</p>'); ?>
-	
+
 				<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-	
+
 				<p class="postmetadata alt">
 					<small>
 						This entry was posted
@@ -27,39 +27,39 @@
 						on <?php the_time('l, F jS, Y') ?> at <?php the_time() ?>
 						and is filed under <?php the_category(', ') ?>.
 						You can follow any responses to this entry through the <?php comments_rss_link('RSS 2.0'); ?> feed. 
-						
+
 						<?php if (('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Both Comments and Pings are open ?>
 							You can <a href="#respond">leave a response</a>, or <a href="<?php trackback_url(true); ?>" rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (!('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Only Pings are Open ?>
 							Responses are currently closed, but you can <a href="<?php trackback_url(true); ?> " rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Comments are open, Pings are not ?>
 							You can skip to the end and leave a response. Pinging is currently not allowed.
-			
+
 						<?php } elseif (!('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Neither Comments, nor Pings are open ?>
-							Both comments and pings are currently closed.			
-						
+							Both comments and pings are currently closed.
+
 						<?php } edit_post_link('Edit this entry.','',''); ?>
-						
+
 					</small>
 				</p>
-	
+
 			</div>
 		</div>
-		
+
 	<?php comments_template(); ?>
-	
+
 	<?php endwhile; else: ?>
-	
+
 		<p>Sorry, no posts matched your criteria.</p>
-	
+
 <?php endif; ?>
-	
+
 	</div>
 
 <?php get_footer(); ?>

wp-content/themes/default/style.css

@@ -2,7 +2,7 @@
 Theme Name: WordPress Default
 Theme URI: http://wordpress.org/
 Description: The default WordPress theme based on the famous <a href="http://binarybonsai.com/kubrick/">Kubrick</a>.
-Version: 1.5
+Version: 1.6
 Author: Michael Heilemann
 Author URI: http://binarybonsai.com/
 
@@ -14,13 +14,7 @@ Author URI: http://binarybonsai.com/
 
 	The CSS, XHTML and design is released under GPL:
 	http://www.opensource.org/licenses/gpl-license.php
-	
 
-	*** REGARDING IMAGES ***
-	All CSS that involves the use of images, can be found in the 'index.php' file.
-	This is to ease installation inside subdirectories of a server.
-
-	Have fun, and don't be afraid to contact me if you have questions.
 */
 
 
@@ -29,7 +23,7 @@ Author URI: http://binarybonsai.com/
 body {
 	font-size: 62.5%; /* Resets 1em to 10px */
 	font-family: 'Lucida Grande', Verdana, Arial, Sans-Serif;
-	background-color: #d5d6d7;
+	background: #d5d6d7 url('images/kubrickbgcolor.jpg');
 	color: #333;
 	text-align: center;
 	}
@@ -41,9 +35,15 @@ body {
 	}
 
 #header {
-	background-color: #73a0c5;
+	background: #73a0c5 url('images/kubrickheader.jpg') no-repeat bottom center;
 	}
 
+#headerimg 	{ 
+	margin: 7px 9px 0; 
+	height: 192px; 
+	width: 740px; 
+	} 
+
 #content {
 	font-size: 1.2em
 	}
@@ -59,7 +59,7 @@ body {
 .widecolumn {
 	line-height: 1.6em;
 	}
-	
+
 .narrowcolumn .postmetadata {
 	text-align: center;
 	}
@@ -71,7 +71,8 @@ body {
 	}
 
 #footer {
-	background-color: #eee;
+	background: #eee url('images/kubrickfooter.jpg') no-repeat top; 
+	border: none;
 	}
 
 small {
@@ -132,7 +133,7 @@ h2, h2 a, h2 a:hover, h2 a:visited, h3, h3 a, h3 a:hover, h3 a:visited, #sidebar
 .commentlist li, #commentform input, #commentform textarea {
 	font: 0.9em 'Lucida Grande', Verdana, Arial, Sans-Serif;
 	}
-	
+
 .commentlist li {
 	font-weight: bold;
 	}
@@ -164,7 +165,7 @@ h2, h2 a, h2 a:hover, h2 a:visited, h3, h3 a, h3 a:hover, h3 a:visited, #sidebar
 small, #sidebar ul ul li, #sidebar ul ol li, .nocomments, .postmetadata, blockquote, strike {
 	color: #777;
 	}
-	
+
 code {
 	font: 1.1em 'Courier New', Courier, Fixed;
 	}
@@ -184,7 +185,7 @@ a:hover {
 	color: #147;
 	text-decoration: underline;
 	}
-	
+
 #wp-calendar #prev a {
 	font-size: 9pt;
 	}
@@ -208,7 +209,7 @@ a:hover {
 
 /* Begin Structure */
 body {
-	margin: 0;
+	margin: 0 0 20px 0;
 	padding: 0; 
 	}
 
@@ -219,13 +220,13 @@ body {
 	width: 760px;
 	border: 1px solid #959596;
 	}
-	
+
 #header {
-	padding: 0;
-	margin: 0 auto;
-	height: 200px;
-	width: 100%;
 	background-color: #73a0c5;
+	margin: 0 0 0 1px; 
+	padding: 0; 
+	height: 200px; 
+	width: 758px;
 	}
 
 #headerimg {
@@ -246,7 +247,7 @@ body {
 	margin: 5px 0 0 150px;
 	width: 450px;
 	}
-	
+
 .post {
 	margin: 0 0 40px;
 	text-align: justify;
@@ -281,7 +282,7 @@ body {
 }
 
 #footer {
-	padding: 0 0 0 1px;
+	padding: 0;
 	margin: 0 auto;
 	width: 760px;
 	clear: both;
@@ -339,13 +340,13 @@ p img {
 	thought?!) align the image to the right. And using 'class="centered',
 	will of course center the image. This is much better than using
 	align="center", being much more futureproof (and valid) */
-	
+
 img.centered {
 	display: block;
 	margin-left: auto;
 	margin-right: auto;
 	}
-	
+
 img.alignright {
 	padding: 4px;
 	margin: 0 0 2px 7px;
@@ -361,7 +362,7 @@ img.alignleft {
 .alignright {
 	float: right;
 	}
-	
+
 .alignleft {
 	float: left
 	}
@@ -405,7 +406,7 @@ html>body .entry li {
 	list-style-type: none;
 	list-style-image: none;
 	}
-	
+
 #sidebar ul, #sidebar ul ol {
 	margin: 0;
 	padding: 0;
@@ -449,7 +450,7 @@ ol li, #sidebar ul ol li {
 	}
 
 #sidebar #searchform #s {
-	width: 115px;
+	width: 108px;
 	padding: 2px;
 	}
 

wp-includes/cache.php

@@ -30,9 +30,7 @@ function wp_cache_get($id, $flag = '') {
 }
 
 function wp_cache_init() {
-	global $wp_object_cache;
-
-	$wp_object_cache = new WP_Object_Cache();
+	$GLOBALS['wp_object_cache'] =& new WP_Object_Cache();
 }
 
 function wp_cache_replace($key, $data, $flag = '', $expire = 0) {
@@ -47,8 +45,8 @@ function wp_cache_set($key, $data, $flag = '', $expire = 0) {
 	return $wp_object_cache->set($key, $data, $flag, $expire);
 }
 
-define('CACHE_SERIAL_HEADER', "<?php\n//");
-define('CACHE_SERIAL_FOOTER', "\n?".">");
+define('CACHE_SERIAL_HEADER', "<?php\n/*");
+define('CACHE_SERIAL_FOOTER', "*/\n?".">");
 
 class WP_Object_Cache {
 	var $cache_dir;
@@ -64,6 +62,7 @@ class WP_Object_Cache {
 	var $cold_cache_hits = 0;
 	var $warm_cache_hits = 0;
 	var $cache_misses = 0;
+	var $secret = '';
 
 	function acquire_lock() {
 		// Acquire a write lock. 
@@ -103,7 +102,7 @@ class WP_Object_Cache {
 
 		if ( ! $this->acquire_lock() )
 			return false;
-		
+
 		$this->rm_cache_dir();
 		$this->cache = array ();
 		$this->dirty_objects = array ();
@@ -142,7 +141,7 @@ class WP_Object_Cache {
 			return false;
 		}
 
-		$cache_file = $this->cache_dir.$this->get_group_dir($group)."/".md5($id.DB_PASSWORD).'.php';
+		$cache_file = $this->cache_dir.$this->get_group_dir($group)."/".$this->hash($id).'.php';
 		if (!file_exists($cache_file)) {
 			$this->non_existant_objects[$group][$id] = true;
 			$this->cache_misses += 1;
@@ -158,7 +157,7 @@ class WP_Object_Cache {
 			return false;
 		}
 
-		$this->cache[$group][$id] = unserialize(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER)));
+		$this->cache[$group][$id] = unserialize(base64_decode(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER))));
 		if (false === $this->cache[$group][$id])
 			$this->cache[$group][$id] = '';
 
@@ -173,6 +172,14 @@ class WP_Object_Cache {
 		return "{$this->blog_id}/$group";
 	}
 
+	function hash($data) {
+		if ( function_exists('hash_hmac') ) {
+			return hash_hmac('md5', $data, $this->secret);
+		} else {
+			return md5($data . $this->secret);
+		}
+	}
+
 	function load_group_from_db($group) {
 		global $wpdb;
 
@@ -332,7 +339,7 @@ class WP_Object_Cache {
 
 			$ids = array_unique($ids);
 			foreach ($ids as $id) {
-				$cache_file = $group_dir.md5($id.DB_PASSWORD).'.php';
+				$cache_file = $group_dir.$this->hash($id).'.php';
 
 				// Remove the cache file if the key is not set.
 				if (!isset ($this->cache[$group][$id])) {
@@ -342,7 +349,7 @@ class WP_Object_Cache {
 				}
 
 				$temp_file = tempnam($group_dir, 'tmp');
-				$serial = CACHE_SERIAL_HEADER.serialize($this->cache[$group][$id]).CACHE_SERIAL_FOOTER;
+				$serial = CACHE_SERIAL_HEADER.base64_encode(serialize($this->cache[$group][$id])).CACHE_SERIAL_FOOTER;
 				$fd = @fopen($temp_file, 'w');
 				if ( false === $fd ) {
 					$errors++;
@@ -400,6 +407,9 @@ class WP_Object_Cache {
 		if (defined('DISABLE_CACHE'))
 			return;
 
+		if ( ! defined('ENABLE_CACHE') )
+			return;
+
 		// Disable the persistent cache if safe_mode is on.
 		if ( ini_get('safe_mode') && ! defined('ENABLE_CACHE') )
 			return;
@@ -421,7 +431,12 @@ class WP_Object_Cache {
 		if (defined('CACHE_EXPIRATION_TIME'))
 			$this->expiration_time = CACHE_EXPIRATION_TIME;
 
-		$this->blog_id = md5($blog_id);
+		if ( defined('WP_SECRET') )
+			$this->secret = WP_SECRET;
+		else
+			$this->secret = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
+
+		$this->blog_id = $this->hash($blog_id);
 	}
 }
 ?>

wp-includes/capabilities.php

@@ -309,7 +309,7 @@ function map_meta_cap($cap, $user_id) {
 
 // Capability checking wrapper around the global $current_user object.
 function current_user_can($capability) {
-	global $current_user;
+	$current_user = wp_get_current_user();
 
 	$args = array_slice(func_get_args(), 1);
 	$args = array_merge(array($capability), $args);

wp-includes/class-snoopy.php

@@ -78,7 +78,7 @@ class Snoopy
 	var $error			=	"";					// error messages sent here
 	var	$response_code	=	"";					// response code returned from server
 	var	$headers		=	array();			// headers returned from server sent here
-	var	$maxlength		=	500000;				// max return data length (body)
+	var	$maxlength		=	8192;				// max return data length (body)
 	var $read_timeout	=	0;					// timeout on read operations, in seconds
 												// supported only since PHP 4 Beta 4
 												// set to 0 to disallow timeouts
@@ -720,13 +720,13 @@ class Snoopy
 							chr(176),
 							chr(39),
 							chr(128),
-							"<EFBFBD>",
-							"<EFBFBD>",
-							"<EFBFBD>",
-							"<EFBFBD>",
-							"<EFBFBD>",
-							"<EFBFBD>",
-							"<EFBFBD>",
+							"ä",
+							"ö",
+							"ü",
+							"Ä",
+							"Ö",
+							"Ü",
+							"ß",
 						);
 					
 		$text = preg_replace($search,$replace,$document);
@@ -1238,7 +1238,9 @@ class Snoopy
 						if (!is_readable($file_name)) continue;
 
 						$fp = fopen($file_name, "r");
-						$file_content = fread($fp, filesize($file_name));
+						while (!feof($fp)) {
+							$file_content .= fread($fp, filesize($file_name));
+						}
 						fclose($fp);
 						$base_name = basename($file_name);
 

wp-includes/classes.php

@@ -109,7 +109,7 @@ class WP_Query {
 			// If year, month, day, hour, minute, and second are set, a single 
 			// post is being queried.        
 			$this->is_single = true;
-		} elseif ('' != $qv['static'] || '' != $qv['pagename'] || '' != $qv['page_id']) {
+		} elseif ('' != $qv['static'] || '' != $qv['pagename'] || (int) $qv['page_id']) {
 			$this->is_page = true;
 			$this->is_single = false;
 		} elseif (!empty($qv['s'])) {
@@ -246,8 +246,12 @@ class WP_Query {
 	}
 
 	function set_404() {
+		$is_feed = $this->is_feed;
+
 		$this->init_query_flags();
-		$this->is_404 = true;	
+		$this->is_404 = true;
+
+		$this->is_feed = $is_feed;
 	}
 	
 	function get($query_var) {
@@ -305,6 +309,7 @@ class WP_Query {
 		if (isset($q['page'])) {
 			$q['page'] = trim($q['page'], '/');
 			$q['page'] = (int) $q['page'];
+			$q['page'] = abs($q['page']);
 		}
 	
 		$add_hours = intval(get_settings('gmt_offset'));
@@ -593,13 +598,13 @@ class WP_Query {
 		}
 
 		if ( $this->is_attachment ) {
-			$where .= ' AND (post_status = "attachment")';
+			$where .= " AND (post_status = 'attachment')";
 		} elseif ($this->is_page) {
-			$where .= ' AND (post_status = "static")';
+			$where .= " AND (post_status = 'static')";
 		} elseif ($this->is_single) {
-			$where .= ' AND (post_status != "static")';
+			$where .= " AND (post_status != 'static')";
 		} else {
-			$where .= ' AND (post_status = "publish"';
+			$where .= " AND (post_status = 'publish'";
 
 			if (isset($user_ID) && ('' != intval($user_ID)))
 				$where .= " OR post_author = $user_ID AND post_status != 'draft' AND post_status != 'static')";
@@ -608,7 +613,7 @@ class WP_Query {
 		}
 
 		if (! $this->is_attachment )
-			$where .= ' AND post_status != "attachment"';
+			$where .= " AND post_status != 'attachment'";
 
 		// Apply filters on where and join prior to paging so that any
 		// manipulations to them are reflected in the paging by day queries.
@@ -616,16 +621,22 @@ class WP_Query {
 		$join = apply_filters('posts_join', $join);
 
 		// Paging
-		if (empty($q['nopaging']) && ! $this->is_single) {
-			$page = $q['paged'];
+		if (empty($q['nopaging']) && ! $this->is_single && ! $this->is_page) {
+			$page = abs(intval($q['paged']));
 			if (empty($page)) {
 				$page = 1;
 			}
 
 			if (($q['what_to_show'] == 'posts')) {
-				$pgstrt = '';
-				$pgstrt = (intval($page) -1) * $q['posts_per_page'] . ', ';
-				$limits = 'LIMIT '.$pgstrt.$q['posts_per_page'];
+				$q['offset'] = abs(intval($q['offset']));
+				if ( empty($q['offset']) ) {
+					$pgstrt = '';
+					$pgstrt = (intval($page) -1) * $q['posts_per_page'] . ', ';
+					$limits = 'LIMIT '.$pgstrt.$q['posts_per_page'];
+				} else { // we're ignoring $page and using 'offset'
+					$pgstrt = $q['offset'] . ', ';
+					$limits = 'LIMIT ' . $pgstrt . $q['posts_per_page'];
+				}
 			} elseif ($q['what_to_show'] == 'days') {
 				$startrow = $q['posts_per_page'] * (intval($page)-1);
 				$start_date = $wpdb->get_var("SELECT max(post_date) FROM $wpdb->posts $join WHERE (1=1) $where GROUP BY year(post_date), month(post_date), dayofmonth(post_date) ORDER BY post_date DESC LIMIT $startrow,1");
@@ -654,7 +665,7 @@ class WP_Query {
 		$this->posts = $wpdb->get_results($this->request);
 
 		// Check post status to determine if post should be displayed.
-		if ($this->is_single) {
+		if ( !empty($this->posts) && $this->is_single ) {
 			$status = get_post_status($this->posts[0]);
 			if ( ('publish' != $status) && ('static' != $status) ) {
 				if ( ! (isset($user_ID) && ('' != intval($user_ID))) ) {
@@ -798,7 +809,7 @@ class retrospam_mgr {
 		$list = array_unique( $list );
 		$this->spam_words = $list;
 
-		$this->comment_list = $wpdb->get_results("SELECT comment_ID AS ID, comment_content AS text, comment_approved AS approved, comment_author_url AS url, comment_author_ip AS ip, comment_author_email AS email FROM $wpdb->comments ORDER BY comment_ID ASC");
+		$this->comment_list = (array) $wpdb->get_results("SELECT comment_ID AS ID, comment_content AS text, comment_approved AS approved, comment_author_url AS url, comment_author_ip AS ip, comment_author_email AS email FROM $wpdb->comments ORDER BY comment_ID ASC");
 	}	// End of class constructor
 
 	function move_spam( $id_list ) {
@@ -811,9 +822,9 @@ class retrospam_mgr {
 				$cnt++;
 			}
 		}
-		echo "<div class='updated'><p>$cnt comment";
-		if ($cnt != 1 ) echo "s";
-		echo " moved to the moderation queue.</p></div>\n";
+		echo "<div class='updated'><p> ";
+		printf(__('%d comment(s) moved to the moderation queue.'), $cnt);
+		echo "</p></div>\n";
 	}	// End function move_spam
 
 	function find_spam() {
@@ -826,7 +837,7 @@ class retrospam_mgr {
 					if ( empty( $word ) )
 						continue;
 					$fulltext = strtolower($comment->email.' '.$comment->url.' '.$comment->ip.' '.$comment->text);
-					if( strpos( $fulltext, strtolower($word) ) != FALSE ) {
+					if( false !== strpos( $fulltext, strtolower($word) ) ) {
 						$this->found_comments[] = $comment->ID;
 						break;
 					}
@@ -842,7 +853,7 @@ class retrospam_mgr {
 		$numfound = count($counters[found]);
 		$numqueue = $counters[in_queue];
 
-		$body = '<p>' . sprintf(__('Suspected spam comments: <strong>%s</strong>'), $numfound) . '</p>';
+		$body = '<p>' . sprintf(__('Suspected spam comments: %s'), "<strong>$numfound</strong>") . '</p>';
 
 		if ( count($counters[found]) > 0 ) {
 			$id_list = implode( ',', $counters[found] );
@@ -1025,6 +1036,7 @@ class WP_Rewrite {
 				$front = $front . 'date/';
 				break;
 			}
+			$tok_index++;
 		}
 
 		$this->date_structure = $front . $date_endian;
@@ -1321,7 +1333,7 @@ class WP_Rewrite {
 		$root_rewrite = apply_filters('root_rewrite_rules', $root_rewrite);
 
 		// Comments
-		$comments_rewrite = $this->generate_rewrite_rules($this->root . $this->comments_base, true, true, true);
+		$comments_rewrite = $this->generate_rewrite_rules($this->root . $this->comments_base, true, true, true, false);
 		$comments_rewrite = apply_filters('comments_rewrite_rules', $comments_rewrite);
 
 		// Search
@@ -1492,7 +1504,7 @@ class WP {
 
 			$pathinfo = $_SERVER['PATH_INFO'];
 			$pathinfo_array = explode('?', $pathinfo);
-			$pathinfo = $pathinfo_array[0];
+			$pathinfo = str_replace("%", "%25", $pathinfo_array[0]);
 			$req_uri = $_SERVER['REQUEST_URI'];
 			$req_uri_array = explode('?', $req_uri);
 			$req_uri = $req_uri_array[0];
@@ -1604,12 +1616,14 @@ class WP {
 	}
 
 	function send_headers() {
-		global $current_user;
 		@header('X-Pingback: '. get_bloginfo('pingback_url'));
 		if ( is_user_logged_in() )
 			nocache_headers();
 		if ( !empty($this->query_vars['error']) && '404' == $this->query_vars['error'] ) {
 			status_header( 404 );
+			if ( !is_user_logged_in() )
+				nocache_headers();
+			@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
 		} else if ( empty($this->query_vars['feed']) ) {
 			@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
 		} else {
@@ -1681,7 +1695,7 @@ class WP {
 	}
 
 	function init() {
-		get_currentuserinfo();
+		wp_get_current_user();
 	}
 
 	function query_posts() {
@@ -1698,6 +1712,7 @@ class WP {
 		if ( (0 == count($wp_query->posts)) && !is_404() && !is_search() && ( $this->did_permalink || (!empty($_SERVER['QUERY_STRING']) && (false === strpos($_SERVER['REQUEST_URI'], '?'))) ) ) {
 			$wp_query->set_404();
 			status_header( 404 );
+			nocache_headers();
 		}	elseif( is_404() != true ) {
 			status_header( 200 );
 		}

wp-includes/comment-functions.php

@@ -5,11 +5,14 @@
 function comments_template( $file = '/comments.php' ) {
 	global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;
 
-	if ( is_single() || is_page() || $withcomments ) :
-		$req = get_settings('require_name_email');
-		$comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : '';
-		$comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : '';
-		$comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : '';
+	if ( ! (is_single() || is_page() || $withcomments) )
+		return;
+
+	$req = get_settings('require_name_email');
+	$commenter = wp_get_current_commenter();
+	extract($commenter);
+
+	// TODO: Use API instead of SELECTs.
 	if ( empty($comment_author) ) {
 		$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
 	} else {
@@ -18,16 +21,12 @@ function comments_template( $file = '/comments.php' ) {
 		$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date");
 	}
 
-	get_currentuserinfo();
-
 	define('COMMENTS_TEMPLATE', true);
 	$include = apply_filters('comments_template', TEMPLATEPATH . $file );
 	if ( file_exists( $include ) )
 		require( $include );
 	else
 		require( ABSPATH . 'wp-content/themes/default/comments.php');
-
-	endif;
 }
 
 function wp_new_comment( $commentdata ) {
@@ -110,8 +109,6 @@ function wp_allow_comment($commentdata) {
 	global $wpdb;
 	extract($commentdata);
 
-	$comment_user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($comment_author_IP) );
-
 	// Simple duplicate check
 	$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
 	if ( $comment_author_email )
@@ -169,6 +166,8 @@ function wp_update_comment($commentarr) {
 	// Merge old and new fields with new fields overwriting old ones.
 	$commentarr = array_merge($comment, $commentarr);
 
+	$commentarr = wp_filter_comment( $commentarr );
+
 	// Now extract the merged array.
 	extract($commentarr);
 
@@ -205,22 +204,15 @@ function wp_delete_comment($comment_id) {
 		return false;
 
 	$post_id = $comment->comment_post_ID;
-	if ( $post_id && $comment->comment_approved == 1 )
-		$wpdb->query( "UPDATE $wpdb->posts SET comment_count = comment_count - 1 WHERE ID = '$post_id'" );
+	if ( $post_id && $comment->comment_approved == 1 ) {
+		$count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1'");
+		$wpdb->query( "UPDATE $wpdb->posts SET comment_count = $count WHERE ID = '$post_id'" );
+	}
 
 	do_action('wp_set_comment_status', $comment_id, 'delete');
 	return true;
 }
 
-function clean_url( $url ) {
-	if ('' == $url) return $url;
-	$url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $url);
-	$url = str_replace(';//', '://', $url);
-	$url = (!strstr($url, '://')) ? 'http://'.$url : $url;
-	$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
-	return $url;
-}
-
 function get_comments_number( $post_id = 0 ) {
 	global $wpdb, $comment_count_cache, $id;
 	$post_id = (int) $post_id;
@@ -312,7 +304,8 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com
 		if (!empty($CSSclass)) {
 			echo ' class="'.$CSSclass.'"';
 		}
-		echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">';
+		$title = attribute_escape(apply_filters('the_title', get_the_title()));
+		echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">';
 		comments_number($zero, $one, $more, $number);
 		echo '</a>';
 	}
@@ -829,7 +822,7 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
 
 	if (1 == get_settings('comment_moderation')) return false; // If moderation is set to manual
 
-	if ( (count(explode('http:', $comment)) - 1) >= get_settings('comment_max_links') )
+	if ( preg_match_all("|(href\t*?=\t*?['\"]?)?(https?:)?//|i", $comment, $out) >= get_option('comment_max_links') )
 		return false; // Check # of external links
 
 	$mod_keys = trim( get_settings('moderation_keys') );
@@ -884,7 +877,50 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
 
 function get_approved_comments($post_id) {
 	global $wpdb;
+
+	$post_id = (int) $post_id;
 	return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date");
 }
 
+function sanitize_comment_cookies() {
+	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
+		$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
+		$comment_author = stripslashes($comment_author);
+		$comment_author = attribute_escape($comment_author);
+		$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
+	}
+
+	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
+		$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
+		$comment_author_email = stripslashes($comment_author_email);
+		$comment_author_email = attribute_escape($comment_author_email);	
+		$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
+	}
+
+	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
+		$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
+		$comment_author_url = stripslashes($comment_author_url);
+		$comment_author_url = attribute_escape($comment_author_url);
+		$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
+	}
+}
+
+function wp_get_current_commenter() {
+	// Cookies should already be sanitized.
+
+	$comment_author = '';
+	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) )
+		$comment_author = $_COOKIE['comment_author_'.COOKIEHASH];
+
+	$comment_author_email = '';
+	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) )
+		$comment_author_email = $_COOKIE['comment_author_email_'.COOKIEHASH];
+
+	$comment_author_url = '';
+	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) )
+		$comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH];
+
+	return compact('comment_author', 'comment_author_email', 'comment_author_url');
+}
+
 ?>

wp-includes/default-filters.php

@@ -44,11 +44,69 @@ add_filter('comment_url', 'clean_url');
 
 add_filter('comment_text', 'convert_chars');
 add_filter('comment_text', 'make_clickable');
+add_filter('comment_text', 'force_balance_tags', 25);
 add_filter('comment_text', 'wpautop', 30);
 add_filter('comment_text', 'convert_smilies', 20);
 
 add_filter('comment_excerpt', 'convert_chars');
 
+// Categories
+add_filter('pre_category_name', 'strip_tags');
+add_filter('pre_category_name', 'trim');
+add_filter('pre_category_name', 'wp_filter_kses');
+add_filter('pre_category_name', 'wp_specialchars', 30);
+add_filter('pre_category_description', 'wp_filter_kses');
+
+//Links
+add_filter('pre_link_name', 'strip_tags');
+add_filter('pre_link_name', 'trim');
+add_filter('pre_link_name', 'wp_filter_kses');
+add_filter('pre_link_name', 'wp_specialchars', 30);
+add_filter('pre_link_description', 'wp_filter_kses');
+add_filter('pre_link_notes', 'wp_filter_kses');
+add_filter('pre_link_url', 'strip_tags');
+add_filter('pre_link_url', 'trim');
+add_filter('pre_link_url', 'clean_url');
+add_filter('pre_link_image', 'strip_tags');
+add_filter('pre_link_image', 'trim');
+add_filter('pre_link_image', 'clean_url');
+add_filter('pre_link_rss', 'strip_tags');
+add_filter('pre_link_rss', 'trim');
+add_filter('pre_link_rss', 'clean_url');
+add_filter('pre_link_target', 'strip_tags');
+add_filter('pre_link_target', 'trim');
+add_filter('pre_link_target', 'wp_filter_kses');
+add_filter('pre_link_target', 'wp_specialchars', 30);
+add_filter('pre_link_rel', 'strip_tags');
+add_filter('pre_link_rel', 'trim');
+add_filter('pre_link_rel', 'wp_filter_kses');
+add_filter('pre_link_rel', 'wp_specialchars', 30);
+
+// Users
+add_filter('pre_user_display_name', 'strip_tags');
+add_filter('pre_user_display_name', 'trim');
+add_filter('pre_user_display_name', 'wp_filter_kses');
+add_filter('pre_user_display_name', 'wp_specialchars', 30);
+add_filter('pre_user_first_name', 'strip_tags');
+add_filter('pre_user_first_name', 'trim');
+add_filter('pre_user_first_name', 'wp_filter_kses');
+add_filter('pre_user_first_name', 'wp_specialchars', 30);
+add_filter('pre_user_last_name', 'strip_tags');
+add_filter('pre_user_last_name', 'trim');
+add_filter('pre_user_last_name', 'wp_filter_kses');
+add_filter('pre_user_last_name', 'wp_specialchars', 30);
+add_filter('pre_user_nickname', 'strip_tags');
+add_filter('pre_user_nickname', 'trim');
+add_filter('pre_user_nickname', 'wp_filter_kses');
+add_filter('pre_user_nickname', 'wp_specialchars', 30);
+add_filter('pre_user_description', 'trim');
+add_filter('pre_user_description', 'wp_filter_kses');
+add_filter('pre_user_url', 'strip_tags');
+add_filter('pre_user_url', 'trim');
+add_filter('pre_user_url', 'clean_url');
+add_filter('pre_user_email', 'trim');
+add_filter('pre_user_email', 'sanitize_email');
+
 // Places to balance tags on input
 add_filter('content_save_pre', 'balanceTags', 50);
 add_filter('excerpt_save_pre', 'balanceTags', 50);
@@ -72,17 +130,22 @@ add_filter('sanitize_title', 'sanitize_title_with_dashes');
 // RSS filters
 add_filter('the_title_rss', 'strip_tags');
 add_filter('the_title_rss', 'ent2ncr', 8);
+add_filter('the_title_rss', 'wp_specialchars');
 add_filter('the_content_rss', 'ent2ncr', 8);
 add_filter('the_excerpt_rss', 'convert_chars');
 add_filter('the_excerpt_rss', 'ent2ncr', 8);
 add_filter('comment_author_rss', 'ent2ncr', 8);
-add_filter('comment_text_rss', 'htmlspecialchars');
+add_filter('comment_text_rss', 'wp_specialchars');
 add_filter('comment_text_rss', 'ent2ncr', 8);
 add_filter('bloginfo_rss', 'ent2ncr', 8);
 add_filter('the_author', 'ent2ncr', 8);
 
+// Misc filters
+add_filter('option_blog_charset', 'wp_specialchars');
+
 // Actions
 add_action('publish_post', 'generic_ping');
 add_action('wp_head', 'rsd_link');
+add_action('sanitize_comment_cookies', 'sanitize_comment_cookies');
 
-?>
+?>

wp-includes/feed-functions.php

@@ -134,9 +134,9 @@ function the_category_rss($type = 'rss') {
     foreach ($categories as $category) {
         $category->cat_name = convert_chars($category->cat_name);
         if ('rdf' == $type) {
-            $the_list .= "\n\t<dc:subject>$category->cat_name</dc:subject>";
+            $the_list .= "\n\t\t<dc:subject>$category->cat_name</dc:subject>\n";
         } else {
-            $the_list .= "\n\t<category>$category->cat_name</category>";
+            $the_list .= "\n\t\t<category>$category->cat_name</category>\n";
         }
     }
     echo apply_filters('the_category_rss', $the_list, $type);

wp-includes/functions-compat.php

@@ -97,4 +97,17 @@ if (!function_exists('array_change_key_case')) {
     }
 }
 
+// From php.net
+if(!function_exists('http_build_query')) {
+   function http_build_query( $formdata, $numeric_prefix = null, $key = null ) {
+       $res = array();
+       foreach ((array)$formdata as $k=>$v) {
+           $tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k);
+           if ($key) $tmp_key = $key.'['.$tmp_key.']';
+           $res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) );
+       }
+       $separator = ini_get('arg_separator.output');
+       return implode($separator, $res);
+   }
+}
 ?>

wp-includes/functions-formatting.php

@@ -1,6 +1,7 @@
 <?php
 
 function wptexturize($text) {
+	global $wp_cockneyreplace;
 	$output = '';
 	// Capture tags and everything inside them
 	$textarr = preg_split("/(<.*>)/Us", $text, -1, PREG_SPLIT_DELIM_CAPTURE);
@@ -16,9 +17,15 @@ function wptexturize($text) {
 			$curl = str_replace('...', '&#8230;', $curl);
 			$curl = str_replace('``', '&#8220;', $curl);
 
-			// This is a hack, look at this more later. It works pretty well though.
-			$cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause");
-			$cockneyreplace = array("&#8217;tain&#8217;t","&#8217;twere","&#8217;twas","&#8217;tis","&#8217;twill","&#8217;til","&#8217;bout","&#8217;nuff","&#8217;round","&#8217;cause");
+			// if a plugin has provided an autocorrect array, use it
+			if ( isset($wp_cockneyreplace) ) {
+				$cockney = array_keys($wp_cockneyreplace);
+				$cockney_replace = array_values($wp_cockneyreplace);
+			} else {
+				$cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause");
+				$cockneyreplace = array("&#8217;tain&#8217;t","&#8217;twere","&#8217;twas","&#8217;tis","&#8217;twill","&#8217;til","&#8217;bout","&#8217;nuff","&#8217;round","&#8217;cause");
+			}
+
 			$curl = str_replace($cockney, $cockneyreplace, $curl);
 
 			$curl = preg_replace("/'s/", '&#8217;s', $curl);
@@ -41,7 +48,7 @@ function wptexturize($text) {
 		} else {
 			$next = true;
 		}
-		$curl = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&#038;$1', $curl);
+		$curl = preg_replace('/&([^#])(?![a-zA-Z1-4]{1,8};)/', '&#038;$1', $curl);
 		$output .= $curl;
 	}
 	return $output;
@@ -72,7 +79,7 @@ function wpautop($pee, $br = 1) {
 	$pee = preg_replace('!(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee); 
 	if ($br) $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
 	$pee = preg_replace('!(</?(?:table|thead|tfoot|caption|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*<br />!', "$1", $pee);
-	$pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)>)!', '$1', $pee);
+	$pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
 	$pee = preg_replace('!(<pre.*?>)(.*?)</pre>!ise', " stripslashes('$1') .  stripslashes(clean_pre('$2'))  . '</pre>' ", $pee);
 	
 	return $pee; 
@@ -98,10 +105,14 @@ function seems_utf8($Str) { # by bmorel at ssi dot fr
 
 function wp_specialchars( $text, $quotes = 0 ) {
 	// Like htmlspecialchars except don't double-encode HTML entities
-	$text = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&#038;$1', $text);-
+	$text = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&#038;$1', $text);
 	$text = str_replace('<', '&lt;', $text);
 	$text = str_replace('>', '&gt;', $text);
-	if ( $quotes ) {
+	if ( 'double' === $quotes ) {
+		$text = str_replace('"', '&quot;', $text);
+	} elseif ( 'single' === $quotes ) {
+		$text = str_replace("'", '&#039;', $text);
+	} elseif ( $quotes ) {
 		$text = str_replace('"', '&quot;', $text);
 		$text = str_replace("'", '&#039;', $text);
 	}
@@ -141,6 +152,9 @@ function utf8_uri_encode( $utf8_string ) {
 }
 
 function remove_accents($string) {
+	if ( !preg_match('/[\x80-\xff]/', $string) )
+		return $string;
+
 	if (seems_utf8($string)) {
 		$chars = array(
 		// Decompositions for Latin-1 Supplement
@@ -238,8 +252,10 @@ function remove_accents($string) {
 		chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
 		chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
 		// Euro Sign
-		chr(226).chr(130).chr(172) => 'E');
-		
+		chr(226).chr(130).chr(172) => 'E',
+		// GBP (Pound) Sign
+		chr(194).chr(163) => '');
+
 		$string = strtr($string, $chars);
 	} else {
 		// Assume ISO-8859-1 if not UTF-8
@@ -274,7 +290,7 @@ function sanitize_user( $username, $strict = false ) {
 
 	// If strict, reduce to ASCII for max portability.
 	if ( $strict )
-		$username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username);
+		$username = preg_replace('|[^a-z0-9 _.\-@]|i', '', $username);
 
 	return apply_filters('sanitize_user', $username, $raw_username, $strict);
 }
@@ -383,26 +399,27 @@ function funky_javascript_fix($text) {
 
 /*
  balanceTags
- 
+
  Balances Tags of string using a modified stack.
- 
+
  @param text      Text to be balanced
+ @param force     Forces balancing, ignoring the value of the option
  @return          Returns balanced text
  @author          Leonard Lin (leonard@acm.org)
  @version         v1.1
  @date            November 4, 2001
  @license         GPL v2.0
- @notes           
- @changelog       
+ @notes
+ @changelog
  ---  Modified by Scott Reilly (coffee2code) 02 Aug 2004
-             1.2  ***TODO*** Make better - change loop condition to $text
-             1.1  Fixed handling of append/stack pop order of end text
-                  Added Cleaning Hooks
-             1.0  First Version
+	1.2  ***TODO*** Make better - change loop condition to $text
+	1.1  Fixed handling of append/stack pop order of end text
+	     Added Cleaning Hooks
+	1.0  First Version
 */
-function balanceTags($text, $is_comment = 0) {
-	
-	if ( get_option('use_balanceTags') == 0)
+function balanceTags($text, $force = false) {
+
+	if ( !$force && get_option('use_balanceTags') == 0 )
 		return $text;
 
 	$tagstack = array(); $stacksize = 0; $tagqueue = ''; $newtext = '';
@@ -424,7 +441,7 @@ function balanceTags($text, $is_comment = 0) {
 		if ($regex[1][0] == "/") { // End Tag
 			$tag = strtolower(substr($regex[1],1));
 			// if too many closing tags
-			if($stacksize <= 0) { 
+			if($stacksize <= 0) {
 				$tag = '';
 				//or close to be safe $tag = '/' . $tag;
 			}
@@ -481,7 +498,7 @@ function balanceTags($text, $is_comment = 0) {
 		}
 		$newtext .= substr($text,0,$i) . $tag;
 		$text = substr($text,$i+$l);
-	}  
+	}
 
 	// Clear Tag Queue
 	$newtext .= $tagqueue;
@@ -501,6 +518,9 @@ function balanceTags($text, $is_comment = 0) {
 	return $newtext;
 }
 
+function force_balance_tags($text) {
+	return balanceTags($text, true);
+}
 
 function format_to_edit($content, $richedit = false) {
 	$content = apply_filters('format_to_edit', $content);
@@ -517,10 +537,11 @@ function format_to_post($content) {
 
 function zeroise($number,$threshold) { // function to add leading zeros when necessary
 	return sprintf('%0'.$threshold.'s', $number);
-	}
+}
 
 
 function backslashit($string) {
+	$string = preg_replace('/^([0-9])/', '\\\\\\\\\1', $string);
 	$string = preg_replace('/([a-z])/i', '\\\\\1', $string);
 	return $string;
 }
@@ -570,16 +591,25 @@ function antispambot($emailaddy, $mailto=0) {
 }
 
 function make_clickable($ret) {
-	$ret = ' ' . $ret . ' ';
-	$ret = preg_replace("#([\s>])(https?)://([^\s<>{}()]+[^\s.,<>{}()])#i", "$1<a href='$2://$3' rel='nofollow'>$2://$3</a>", $ret);
-	$ret = preg_replace("#(\s)www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^ <>{}()\n\r]*[^., <>{}()\n\r]?)?)#i", "$1<a href='http://www.$2.$3$4' rel='nofollow'>www.$2.$3$4</a>", $ret);
-	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([a-z0-9\-_.]+)\.([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3.$4\">$2@$3.$4</a>", $ret);
+	$ret = ' ' . $ret;
+	// in testing, using arrays here was found to be faster
+	$ret = preg_replace(
+		array(
+			'#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is',
+			'#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is',
+			'#([\s>])([a-z0-9\-_.]+)@([^,< \n\r]+)#i'),
+		array(
+			'$1<a href="$2" rel="nofollow">$2</a>',
+			'$1<a href="http://$2" rel="nofollow">$2</a>',
+			'$1<a href="mailto:$2@$3">$2@$3</a>'),$ret);
+	// this one is not in an array because we need it to run last, for cleanup of accidental links within links
+	$ret = preg_replace("#(<a( [^>]+?>|>))<a [^>]+?>([^>]+?)</a></a>#i", "$1$3</a>", $ret);
 	$ret = trim($ret);
 	return $ret;
 }
 
 function wp_rel_nofollow( $text ) {
-	$text = preg_replace('|<a (.+?)>|i', '<a $1 rel="nofollow">', $text);
+	$text = preg_replace('|<a (.+?)>|ie', "'<a ' . str_replace(' rel=\"nofollow\"','',stripslashes('$1')) . ' rel=\"nofollow\">'", $text);
 	return $text;
 }
 
@@ -997,10 +1027,7 @@ function ent2ncr($text) {
 		'&diams;' => '&#9830;'
 	);
 
-	foreach ($to_ncr as $entity => $ncr) {
-		$text = str_replace($entity, $ncr, $text);
-	}
-	return $text;
+	return str_replace( array_keys($to_ncr), array_values($to_ncr), $text );
 }
 
 function wp_richedit_pre($text) {
@@ -1018,4 +1045,33 @@ function wp_richedit_pre($text) {
 	return apply_filters('richedit_pre', $output);
 }
 
+function clean_url( $url, $protocols = null ) {
+	if ('' == $url) return $url;
+	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%]|i', '', $url);
+	$strip = array('%0d', '%0a');
+	$url = str_replace($strip, '', $url);
+	$url = str_replace(';//', '://', $url);
+	$url = (!strstr($url, '://')) ? 'http://'.$url : $url;
+	$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
+	if ( !is_array($protocols) )
+		$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); 
+	if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
+		return '';
+	return $url;
+}
+
+// Escape single quotes, specialchar double quotes, and fix line endings.
+function js_escape($text) {
+	$safe_text = wp_specialchars($text, 'double');
+	$safe_text = str_replace('&#039;', "'", $safe_text);
+	$safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
+	return apply_filters('js_escape', $safe_text, $text);
+}
+
+// Escaping for HTML attributes
+function attribute_escape($text) {
+	$safe_text = wp_specialchars($text, true);
+	return apply_filters('attribute_escape', $safe_text, $text);
+}
+
 ?>

wp-includes/functions-post.php

@@ -24,6 +24,7 @@ function wp_insert_post($postarr = array()) {
 
 	// Get the basics.
 	$post_content    = apply_filters('content_save_pre',   $post_content);
+	$post_content_filtered = apply_filters('content_filtered_save_pre',   $post_content_filtered);
 	$post_excerpt    = apply_filters('excerpt_save_pre',   $post_excerpt);
 	$post_title      = apply_filters('title_save_pre',     $post_title);
 	$post_category   = apply_filters('category_save_pre',  $post_category);
@@ -221,6 +222,7 @@ function wp_insert_attachment($object, $file = false, $post_parent = 0) {
 
 	// Get the basics.
 	$post_content    = apply_filters('content_save_pre',   $post_content);
+	$post_content_filtered = apply_filters('content_filtered_save_pre',   $post_content_filtered);
 	$post_excerpt    = apply_filters('excerpt_save_pre',   $post_excerpt);
 	$post_title      = apply_filters('title_save_pre',     $post_title);
 	$post_category   = apply_filters('category_save_pre',  $post_category);
@@ -302,6 +304,7 @@ function wp_insert_attachment($object, $file = false, $post_parent = 0) {
 			post_date = '$post_date',
 			post_date_gmt = '$post_date_gmt',
 			post_content = '$post_content',
+			post_content_filtered = '$post_content_filtered',
 			post_title = '$post_title',
 			post_excerpt = '$post_excerpt',
 			post_status = '$post_status',
@@ -321,9 +324,9 @@ function wp_insert_attachment($object, $file = false, $post_parent = 0) {
 	} else {
 		$wpdb->query(
 			"INSERT INTO $wpdb->posts
-			(post_author, post_date, post_date_gmt, post_content, post_title, post_excerpt,  post_status, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
+			(post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt,  post_status, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
 			VALUES
-			('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_title', '$post_excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
+			('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
 			$post_ID = $wpdb->insert_id;			
 	}
 	
@@ -352,7 +355,7 @@ function wp_delete_attachment($postid) {
 	global $wpdb;
 	$postid = (int) $postid;
 
-	if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
+	if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
 		return $post;
 
 	if ( 'attachment' != $post->post_status )
@@ -361,17 +364,17 @@ function wp_delete_attachment($postid) {
 	$meta = get_post_meta($postid, '_wp_attachment_metadata', true);
 	$file = get_post_meta($postid, '_wp_attached_file', true);
 
-	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
+	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
+	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
+	$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
+	$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
 
 	if ( ! empty($meta['thumb']) ) {
 		// Don't delete the thumb if another attachment uses it
-		if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid"))
+		if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
 			@ unlink(str_replace(basename($file), $meta['thumb'], $file));
 	}
 
@@ -456,9 +459,11 @@ function wp_update_post($postarr = array()) {
 function wp_get_post_cats($blogid = '1', $post_ID = 0) {
 	global $wpdb;
 	
+	$post_ID = (int) $post_ID;
+
 	$sql = "SELECT category_id 
 		FROM $wpdb->post2cat 
-		WHERE post_id = $post_ID 
+		WHERE post_id = '$post_ID' 
 		ORDER BY category_id";
 
 	$result = $wpdb->get_col($sql);
@@ -547,6 +552,8 @@ function wp_delete_post($postid = 0) {
 	if ( 'static' == $post->post_status )
 		$wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_status = 'static'");
 
+	$wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_status = 'attachment'");
+
 	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
 	
 	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
@@ -681,8 +688,9 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age
 
 function wp_proxy_check($ipnum) {
 	if ( get_option('open_proxy_check') && isset($ipnum) ) {
+		$ipnum = preg_replace( '/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/', '$1', $ipnum );
 		$rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) );
-		$lookup = $rev_ip . '.opm.blitzed.org.';
+		$lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
 		if ( $lookup != gethostbyname( $lookup ) )
 			return true;
 	}
@@ -915,7 +923,11 @@ function wp_upload_dir() {
 
 function wp_upload_bits($name, $type, $bits) {
 	if ( empty($name) )
-		return array('error' => "Empty filename");
+		return array('error' => __("Empty filename"));
+
+	$wp_filetype = wp_check_filetype($name);
+	if ( !$wp_filetype['ext'] )
+		return array('error' => __("Invalid file type"));
 
 	$upload = wp_upload_dir();
 	
@@ -961,4 +973,59 @@ function wp_upload_bits($name, $type, $bits) {
 	return array('file' => $new_file, 'url' => $url, 'error' => false);
 }
 
+function wp_check_filetype($filename, $mimes = null) {
+	// Accepted MIME types are set here as PCRE unless provided.
+	$mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array (
+		'jpg|jpeg|jpe' => 'image/jpeg',
+		'gif' => 'image/gif',
+		'png' => 'image/png',
+		'bmp' => 'image/bmp',
+		'tif|tiff' => 'image/tiff',
+		'ico' => 'image/x-icon',
+		'asf|asx|wax|wmv|wmx' => 'video/asf',
+		'avi' => 'video/avi',
+		'mov|qt' => 'video/quicktime',
+		'mpeg|mpg|mpe' => 'video/mpeg',
+		'txt|c|cc|h' => 'text/plain',
+		'rtx' => 'text/richtext',
+		'css' => 'text/css',
+		'htm|html' => 'text/html',
+		'mp3|mp4' => 'audio/mpeg',
+		'ra|ram' => 'audio/x-realaudio',
+		'wav' => 'audio/wav',
+		'ogg' => 'audio/ogg',
+		'mid|midi' => 'audio/midi',
+		'wma' => 'audio/wma',
+		'rtf' => 'application/rtf',
+		'js' => 'application/javascript',
+		'pdf' => 'application/pdf',
+		'doc' => 'application/msword',
+		'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
+		'wri' => 'application/vnd.ms-write',
+		'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
+		'mdb' => 'application/vnd.ms-access',
+		'mpp' => 'application/vnd.ms-project',
+		'swf' => 'application/x-shockwave-flash',
+		'class' => 'application/java',
+		'tar' => 'application/x-tar',
+		'zip' => 'application/zip',
+		'gz|gzip' => 'application/x-gzip',
+		'exe' => 'application/x-msdownload'
+	));
+
+	$type = false;
+	$ext = false;
+
+	foreach ($mimes as $ext_preg => $mime_match) {
+		$ext_preg = '!\.(' . $ext_preg . ')$!i';
+		if ( preg_match($ext_preg, $filename, $ext_matches) ) {
+			$type = $mime_match;
+			$ext = $ext_matches[1];
+			break;
+		}
+	}
+
+	return compact('ext', 'type');
+}
+
 ?>

wp-includes/functions.php

@@ -262,10 +262,38 @@ function url_to_postid($url) {
 
 
 function maybe_unserialize($original) {
-	if ( false !== $gm = @ unserialize($original) )
-		return $gm;
-	else
-		return $original;
+	if ( is_serialized($original) ) // don't attempt to unserialize data that wasn't serialized going in
+		if ( false !== $gm = @ unserialize($original) )
+			return $gm;
+	return $original;
+}
+
+function maybe_serialize($data) {
+	if ( is_string($data) )
+		$data = trim($data);
+	elseif ( is_array($data) || is_object($data) )
+		return serialize($data);
+	if ( is_serialized($data) )
+		return serialize($data);
+	return $data;
+}
+
+function is_serialized($data) {
+	if ( !is_string($data) ) // if it isn't a string, it isn't serialized
+		return false;
+	$data = trim($data);
+	if ( preg_match("/^[adobis]:[0-9]+:.*[;}]/si",$data) ) // this should fetch all legitimately serialized data
+		return true;
+	return false;
+}
+
+function is_serialized_string($data) {
+	if ( !is_string($data) ) // if it isn't a string, it isn't a serialized string
+		return false;
+	$data = trim($data);
+	if ( preg_match("/^s:[0-9]+:.*[;}]/si",$data) ) // this should fetch all serialized strings
+		return true;
+	return false;
 }
 
 /* Options functions */
@@ -305,10 +333,10 @@ function get_option($option) {
 }
 
 function get_user_option( $option, $user = 0 ) {
-	global $wpdb, $current_user;
+	global $wpdb;
 	
 	if ( empty($user) )
-		$user = $current_user;
+		$user = wp_get_current_user();
 	else
 		$user = get_userdata($user);
 
@@ -321,7 +349,7 @@ function get_user_option( $option, $user = 0 ) {
 }
 
 function form_option($option) {
-	echo htmlspecialchars( get_option($option), ENT_QUOTES );
+	echo attribute_escape( get_option($option));
 }
 
 function get_alloptions() {
@@ -364,8 +392,8 @@ function update_option($option_name, $newvalue) {
 		return true;
 	}
 
-	if ( is_array($newvalue) || is_object($newvalue) )
-		$newvalue = serialize($newvalue);
+	$_newvalue = $newvalue;
+	$newvalue = maybe_serialize($newvalue);
 
 	wp_cache_set($option_name, $newvalue, 'options');
 
@@ -373,7 +401,7 @@ function update_option($option_name, $newvalue) {
 	$option_name = $wpdb->escape($option_name);
 	$wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'");
 	if ( $wpdb->rows_affected == 1 ) {
-		do_action("update_option_{$option_name}", $oldvalue, $newvalue);
+		do_action("update_option_{$option_name}", array('old'=>$oldvalue, 'new'=>$_newvalue));
 		return true;
 	}
 	return false;
@@ -394,8 +422,7 @@ function add_option($name, $value = '', $description = '', $autoload = 'yes') {
 	if ( false !== get_option($name) )
 		return;
 
-	if ( is_array($value) || is_object($value) )
-		$value = serialize($value);
+	$value = maybe_serialize($value);
 
 	wp_cache_set($name, $value, 'options');
 
@@ -420,52 +447,50 @@ function delete_option($name) {
 function add_post_meta($post_id, $key, $value, $unique = false) {
 	global $wpdb, $post_meta_cache;
 
+	$post_id = (int) $post_id;
+
 	if ( $unique ) {
-		if ( $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key
-= '$key' AND post_id = '$post_id'") ) {
+		if ( $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {
 			return false;
 		}
 	}
 
-	$original = $value;
-	if ( is_array($value) || is_object($value) )
-		$value = $wpdb->escape(serialize($value));
+	$post_meta_cache[$post_id][$key][] = $value;
+
+	$value = maybe_serialize($value);
+	$value = $wpdb->escape($value);
 
 	$wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')");
 
-	$post_meta_cache['$post_id'][$key][] = $original;
-
 	return true;
 }
 
 function delete_post_meta($post_id, $key, $value = '') {
 	global $wpdb, $post_meta_cache;
 
+	$post_id = (int) $post_id;
+
 	if ( empty($value) ) {
-		$meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE
-post_id = '$post_id' AND meta_key = '$key'");
+		$meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'");
 	} else {
-		$meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE
-post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'");
+		$meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'");
 	}
 
 	if ( !$meta_id )
 		return false;
 
 	if ( empty($value) ) {
-		$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id'
-AND meta_key = '$key'");
-		unset($post_meta_cache['$post_id'][$key]);
+		$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'");
+		unset($post_meta_cache[$post_id][$key]);
 	} else {
-		$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id'
-AND meta_key = '$key' AND meta_value = '$value'");
-		$cache_key = $post_meta_cache['$post_id'][$key];
+		$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'");
+		$cache_key = $post_meta_cache[$post_id][$key];
 		if ($cache_key) foreach ( $cache_key as $index => $data )
 			if ( $data == $value )
-				unset($post_meta_cache['$post_id'][$key][$index]);
+				unset($post_meta_cache[$post_id][$key][$index]);
 	}
 
-	unset($post_meta_cache['$post_id'][$key]);
+	unset($post_meta_cache[$post_id][$key]);
 
 	return true;
 }
@@ -473,6 +498,8 @@ AND meta_key = '$key' AND meta_value = '$value'");
 function get_post_meta($post_id, $key, $single = false) {
 	global $wpdb, $post_meta_cache;
 
+	$post_id = (int) $post_id;
+
 	if ( isset($post_meta_cache[$post_id][$key]) ) {
 		if ( $single ) {
 			return maybe_unserialize( $post_meta_cache[$post_id][$key][0] );
@@ -506,34 +533,33 @@ function get_post_meta($post_id, $key, $single = false) {
 function update_post_meta($post_id, $key, $value, $prev_value = '') {
 	global $wpdb, $post_meta_cache;
 
+	$post_id = (int) $post_id;
+
 	$original_value = $value;
-	if ( is_array($value) || is_object($value) )
-		$value = $wpdb->escape(serialize($value));
+	$value = maybe_serialize($value);
+	$value = $wpdb->escape($value);
 
 	$original_prev = $prev_value;
-	if ( is_array($prev_value) || is_object($prev_value) )
-		$prev_value = $wpdb->escape(serialize($prev_value));
+	$prev_value = maybe_serialize($prev_value);
+	$prev_value = $wpdb->escape($prev_value);
 
-	if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key
-= '$key' AND post_id = '$post_id'") ) {
+	if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {
 		return false;
 	}
 
 	if ( empty($prev_value) ) {
-		$wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE
-meta_key = '$key' AND post_id = '$post_id'");
-		$cache_key = $post_meta_cache['$post_id'][$key];
+		$wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id'");
+		$cache_key = $post_meta_cache[$post_id][$key];
 		if ( !empty($cache_key) )
 			foreach ($cache_key as $index => $data)
-				$post_meta_cache['$post_id'][$key][$index] = $original_value;
+				$post_meta_cache[$post_id][$key][$index] = $original_value;
 	} else {
-		$wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE
-meta_key = '$key' AND post_id = '$post_id' AND meta_value = '$prev_value'");
-		$cache_key = $post_meta_cache['$post_id'][$key];
+		$wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id' AND meta_value = '$prev_value'");
+		$cache_key = $post_meta_cache[$post_id][$key];
 		if ( !empty($cache_key) )
 			foreach ($cache_key as $index => $data)
 				if ( $data == $original_prev )
-					$post_meta_cache['$post_id'][$key][$index] = $original_value;
+					$post_meta_cache[$post_id][$key][$index] = $original_value;
 	}
 
 	return true;
@@ -747,6 +773,8 @@ function &get_category(&$category, $output = OBJECT) {
 		}
 	}
 
+	$_category = apply_filters('get_category', $_category);
+
 	if ( !isset($_category->fullpath) ) {
 		$_category = set_category_path($_category);
 		wp_cache_replace($_category->cat_ID, $_category, 'category');	
@@ -841,9 +869,10 @@ function timer_stop($display = 0, $precision = 3) { //if called like timer_stop(
 	$mtime = $mtime[1] + $mtime[0];
 	$timeend = $mtime;
 	$timetotal = $timeend-$timestart;
+	$r = number_format($timetotal, $precision);
 	if ( $display )
-		echo number_format($timetotal,$precision);
-	return $timetotal;
+		echo $r;
+	return $r;
 }
 
 function weblog_ping($server = '', $path = '') {
@@ -993,7 +1022,7 @@ function debug_fclose($fp) {
 }
 
 function spawn_pinger() {
-	global $wpdb;
+	global $wpdb, $wp_version;
 	$doping = false;
 	if ( $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE TRIM(to_ping) != '' LIMIT 1") )
 		$doping = true;
@@ -1009,7 +1038,7 @@ function spawn_pinger() {
 		$parts = parse_url($ping_url);
 		$argyle = @ fsockopen($parts['host'], $_SERVER['SERVER_PORT'], $errno, $errstr, 0.01);
 		if ( $argyle )
-			fputs($argyle, "GET {$parts['path']}?time=".time()." HTTP/1.0\r\nHost: {$_SERVER['HTTP_HOST']}\r\n\r\n");
+			fputs($argyle, "GET {$parts['path']}?time=".time()." HTTP/1.0\r\nHost: {$_SERVER['HTTP_HOST']}\r\nUser-Agent: WordPress/{$wp_version}\r\n\r\n");
        }
 }
 
@@ -1090,15 +1119,13 @@ function wp_get_http_headers( $url, $red = 1 ) {
 		$headers["$key"] = $matches[2][$i];
 	}
 
-    $code = preg_replace('/.*?(\d{3}).*/i', '$1', $response);
-    
-    $headers['status_code'] = $code;
-    
-    if ( '302' == $code || '301' == $code )
-        return wp_get_http_headers( $url, ++$red );
-
 	preg_match('/.*([0-9]{3}).*/', $response, $return);
 	$headers['response'] = $return[1]; // HTTP response code eg 204, 200, 404
+
+    $code = $headers['response'];
+    if ( ('302' == $code || '301' == $code) && isset($headers['location']) )
+        return wp_get_http_headers( $headers['location'], ++$red );
+
 	return $headers;
 }
 
@@ -1146,6 +1173,28 @@ function setup_postdata($post) {
 	return true;
 }
 
+// Setup global user vars.  Used by set_current_user() for back compat.
+function setup_userdata($user_id = '') {
+	global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity;
+
+	if ( '' == $user_id )
+		$user = wp_get_current_user();
+	else 
+		$user = new WP_User($user_id);
+
+	if ( 0 == $user->ID )
+		return;
+
+	$userdata = $user->data;
+	$user_login	= $user->user_login;
+	$user_level	= $user->user_level;
+	$user_ID	= $user->ID;
+	$user_email	= $user->user_email;
+	$user_url	= $user->user_url;
+	$user_pass_md5	= md5($user->user_pass);
+	$user_identity	= $user->display_name;
+}
+
 function is_new_day() {
 	global $day, $previousday;
 	if ( $day != $previousday ) {
@@ -1170,7 +1219,7 @@ function merge_filters($tag) {
 	}
 
 	if ( isset($wp_filter[$tag]) )
-		ksort( $wp_filter[$tag] );
+		uksort( $wp_filter[$tag], "strnatcasecmp" );
 }
 
 function apply_filters($tag, $string) {
@@ -1231,6 +1280,7 @@ function remove_filter($tag, $function_to_remove, $priority = 10, $accepted_args
 
 	// rebuild the list of filters
 	if ( isset($wp_filter[$tag]["$priority"]) ) {
+		$new_function_list = array();
 		foreach($wp_filter[$tag]["$priority"] as $filter) {
 			if ( $filter['function'] != $function_to_remove ) {
 				$new_function_list[] = $filter;
@@ -1419,7 +1469,7 @@ function update_post_caches(&$posts) {
 		// Change from flat structure to hierarchical:
 		$post_meta_cache = array();
 		foreach ($meta_list as $metarow) {
-			$mpid = $metarow['post_id'];
+			$mpid = (int) $metarow['post_id'];
 			$mkey = $metarow['meta_key'];
 			$mval = $metarow['meta_value'];
 
@@ -1717,24 +1767,24 @@ function get_theme_data($theme_file) {
 	preg_match("|Author URI:(.*)|i", $theme_data, $author_uri);
 	preg_match("|Template:(.*)|i", $theme_data, $template);
 	if ( preg_match("|Version:(.*)|i", $theme_data, $version) )
-		$version = $version[1];
+		$version = trim($version[1]);
 	else
 		$version ='';
 	if ( preg_match("|Status:(.*)|i", $theme_data, $status) )
-		$status = $status[1];
+		$status = trim($status[1]);
 	else
-		$status ='publish';
+		$status = 'publish';
 
-	$description = wptexturize($description[1]);
+	$description = wptexturize(trim($description[1]));
 
 	$name = $theme_name[1];
 	$name = trim($name);
 	$theme = $name;
 
 	if ( '' == $author_uri[1] ) {
-		$author = $author_name[1];
+		$author = trim($author_name[1]);
 	} else {
-		$author = '<a href="' . $author_uri[1] . '" title="' . __('Visit author homepage') . '">' . $author_name[1] . '</a>';
+		$author = '<a href="' . trim($author_uri[1]) . '" title="' . __('Visit author homepage') . '">' . trim($author_name[1]) . '</a>';
 	}
 
 	return array('Name' => $name, 'Title' => $theme, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1], 'Status' => $status);
@@ -2061,6 +2111,18 @@ function add_query_arg() {
 			$uri = @func_get_arg(2);
 	}
 
+	if ( $frag = strstr($uri, '#') )
+		$uri = substr($uri, 0, -strlen($frag));
+	else
+		$frag = '';
+
+	if ( preg_match('|^https?://|i', $uri, $matches) ) {
+		$protocol = $matches[0];
+		$uri = substr($uri, strlen($protocol));
+	} else {
+		$protocol = '';
+	}
+
 	if ( strstr($uri, '?') ) {
 		$parts = explode('?', $uri, 2);
 		if ( 1 == count($parts) ) {
@@ -2070,8 +2132,7 @@ function add_query_arg() {
 			$base = $parts[0] . '?';
 			$query = $parts[1];
 		}
-	}
-	else if ( strstr($uri, '/') ) {
+	} else if ( !empty($protocol) || strstr($uri, '/') ) {
 		$base = $uri . '?';
 		$query = '';
 	} else {
@@ -2094,7 +2155,7 @@ function add_query_arg() {
 			$ret .= "$k=$v";
 		}
 	}
-	$ret = $base . $ret;
+	$ret = $protocol . $base . $ret . $frag;
 	return trim($ret, '?');
 }
 
@@ -2102,13 +2163,13 @@ function remove_query_arg($key, $query) {
 	return add_query_arg($key, '', $query);
 }
 
-function load_template($file) {
+function load_template($_template_file) {
 	global $posts, $post, $wp_did_header, $wp_did_template_redirect, $wp_query,
 		$wp_rewrite, $wpdb;
 
-	extract($wp_query->query_vars);
+	extract($wp_query->query_vars, EXTR_SKIP);
 
-	require_once($file);
+	require_once($_template_file);
 }
 
 function add_magic_quotes($array) {
@@ -2126,7 +2187,7 @@ function add_magic_quotes($array) {
 
 function wp_remote_fopen( $uri ) {
 	if ( ini_get('allow_url_fopen') ) {
-		$fp = fopen( $uri, 'r' );
+		$fp = @fopen( $uri, 'r' );
 		if ( !$fp )
 			return false;
 		$linea = '';
@@ -2167,8 +2228,10 @@ function status_header( $header ) {
 	elseif ( 410 == $header )
 		$text = 'Gone';
 
-	@header("HTTP/1.1 $header $text");
-	@header("Status: $header $text");
+		if ( substr(php_sapi_name(), 0, 3) == 'cgi' )
+			@header("HTTP/1.1 $header $text");
+		else
+			@header("Status: $header $text");
 }
 
 function nocache_headers() {
@@ -2183,7 +2246,7 @@ function get_usermeta( $user_id, $meta_key = '') {
 	$user_id = (int) $user_id;
 
 	if ( !empty($meta_key) ) {
-		$meta_key = preg_replace('|a-z0-9_|i', '', $meta_key);
+		$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
 		$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
 	} else {
 		$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
@@ -2216,9 +2279,11 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
 		return false;
 	$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
 
-	if ( is_array($meta_value) || is_object($meta_value) )
-		$meta_value = serialize($meta_value);
-	$meta_value = trim( $meta_value );
+	// FIXME: usermeta data is assumed to be already escaped
+	if ( is_string($meta_value) )
+		$meta_value = stripslashes($meta_value);
+	$meta_value = maybe_serialize($meta_value);
+	$meta_value = $wpdb->escape($meta_value);
 	
 	if (empty($meta_value)) {
 		delete_usermeta($user_id, $meta_key);
@@ -2287,4 +2352,190 @@ function get_num_queries() {
 	return $wpdb->num_queries;
 }
 
+function wp_nonce_url($actionurl, $action = -1) {
+	return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
+}
+
+function wp_nonce_field($action = -1) {
+	echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
+	wp_referer_field();
+}
+
+function wp_referer_field() {
+	$ref = attribute_escape(stripslashes($_SERVER['REQUEST_URI']));
+	echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
+	if ( wp_get_original_referer() ) {
+		$original_ref = attribute_escape(stripslashes(wp_get_original_referer()));
+		echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
+	}
+}
+
+function wp_original_referer_field() {
+	echo '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+}
+
+function wp_get_referer() {
+	foreach ( array($_REQUEST['_wp_http_referer'], $_SERVER['HTTP_REFERER']) as $ref )
+		if ( !empty($ref) )
+			return $ref;
+	return false;
+}
+
+function wp_get_original_referer() {
+	if ( !empty($_REQUEST['_wp_original_http_referer']) )
+		return $_REQUEST['_wp_original_http_referer'];
+	return false;
+}
+
+function wp_explain_nonce($action) {
+	if ( $action !== -1 && preg_match('/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches) ) {
+		$verb = $matches[1];
+		$noun = $matches[2];
+
+		$trans = array();
+		$trans['update']['attachment'] = array(__('Are you sure you want to edit this attachment: &quot;%s&quot;?'), 'get_the_title');
+
+		$trans['add']['category'] = array(__('Are you sure you want to add this category?'), false);
+		$trans['delete']['category'] = array(__('Are you sure you want to delete this category: &quot;%s&quot;?'), 'get_catname');
+		$trans['update']['category'] = array(__('Are you sure you want to edit this category: &quot;%s&quot;?'), 'get_catname');
+
+		$trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['update']['comment'] = array(__('Are you sure you want to edit this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false);
+		$trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false);
+
+		$trans['add']['bookmark'] = array(__('Are you sure you want to add this bookmark?'), false);
+		$trans['delete']['bookmark'] = array(__('Are you sure you want to delete this bookmark: &quot;%s&quot;?'), 'use_id');
+		$trans['update']['bookmark'] = array(__('Are you sure you want to edit this bookmark: &quot;%s&quot;?'), 'use_id');
+		$trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify bookmarks?'), false);
+
+		$trans['add']['page'] = array(__('Are you sure you want to add this page?'), false);
+		$trans['delete']['page'] = array(__('Are you sure you want to delete this page: &quot;%s&quot;?'), 'get_the_title');
+		$trans['update']['page'] = array(__('Are you sure you want to edit this page: &quot;%s&quot;?'), 'get_the_title');
+
+		$trans['edit']['plugin'] = array(__('Are you sure you want to edit this plugin file: &quot;%s&quot;?'), 'use_id');
+		$trans['activate']['plugin'] = array(__('Are you sure you want to activate this plugin: &quot;%s&quot;?'), 'use_id');
+		$trans['deactivate']['plugin'] = array(__('Are you sure you want to deactivate this plugin: &quot;%s&quot;?'), 'use_id');
+
+		$trans['add']['post'] = array(__('Are you sure you want to add this post?'), false);
+		$trans['delete']['post'] = array(__('Are you sure you want to delete this post: &quot;%s&quot;?'), 'get_the_title');
+		$trans['update']['post'] = array(__('Are you sure you want to edit this post: &quot;%s&quot;?'), 'get_the_title');
+
+		$trans['add']['user'] = array(__('Are you sure you want to add this user?'), false);
+		$trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false);
+		$trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false);
+		$trans['update']['user'] = array(__('Are you sure you want to edit this user: &quot;%s&quot;?'), 'get_author_name');
+		$trans['update']['profile'] = array(__('Are you sure you want to modify the profile for: &quot;%s&quot;?'), 'get_author_name');
+
+		$trans['update']['options'] = array(__('Are you sure you want to edit your settings?'), false);
+		$trans['update']['permalink'] = array(__('Are you sure you want to change your permalink structure to: %s?'), 'use_id');
+		$trans['edit']['file'] = array(__('Are you sure you want to edit this file: &quot;%s&quot;?'), 'use_id');
+		$trans['edit']['theme'] = array(__('Are you sure you want to edit this theme file: &quot;%s&quot;?'), 'use_id');
+		$trans['switch']['theme'] = array(__('Are you sure you want to switch to this theme: &quot;%s&quot;?'), 'use_id');
+
+		if ( isset($trans[$verb][$noun]) ) {
+			if ( !empty($trans[$verb][$noun][1]) ) {
+				$lookup = $trans[$verb][$noun][1];
+				$object = $matches[4];
+				if ( 'use_id' != $lookup )
+					$object = call_user_func($lookup, $object);
+				return sprintf($trans[$verb][$noun][0], $object);
+			} else {
+				return $trans[$verb][$noun][0];
+			}
+		}
+	}
+
+	return __('Are you sure you want to do this?');
+}
+
+function wp_nonce_ays($action) {
+	global $pagenow, $menu, $submenu, $parent_file, $submenu_file;
+
+	$adminurl = get_settings('siteurl') . '/wp-admin';
+	if ( wp_get_referer() )
+		$adminurl = attribute_escape(stripslashes(wp_get_referer()));
+
+	$title = __('WordPress Confirmation');
+	// Remove extra layer of slashes.
+	$_POST   = stripslashes_deep($_POST  );
+	if ( $_POST ) {
+		$q = http_build_query($_POST);
+		$q = explode( ini_get('arg_separator.output'), $q);
+		$html .= "\t<form method='post' action='$pagenow'>\n";
+		foreach ( (array) $q as $a ) {
+			$v = substr(strstr($a, '='), 1);
+			$k = substr($a, 0, -(strlen($v)+1));
+			$html .= "\t\t<input type='hidden' name='" . attribute_escape( urldecode($k)) . "' value='" . attribute_escape( urldecode($v)) . "' />\n";
+		}
+		$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
+		$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
+	} else {
+		$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
+	}
+	$html .= "</body>\n</html>";
+	wp_die($html, $title);
+}
+
+function wp_die($message, $title = '') {
+	header('Content-Type: text/html; charset=utf-8');
+
+	if ( empty($title) )
+		$title = __('WordPress &rsaquo; Error');
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title><?php echo $title ?></title>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+	<style media="screen" type="text/css">
+	<!--
+	html {
+		background: #eee;
+	}
+	body {
+		background: #fff;
+		color: #000;
+		font-family: Georgia, "Times New Roman", Times, serif;
+		margin-left: 25%;
+		margin-right: 25%;
+		padding: .2em 2em;
+	}
+
+	h1 {
+		color: #006;
+		font-size: 18px;
+		font-weight: lighter;
+	}
+
+	h2 {
+		font-size: 16px;
+	}
+
+	p, li, dt {
+		line-height: 140%;
+		padding-bottom: 2px;
+	}
+
+	ul, ol {
+		padding: 5px 5px 5px 20px;
+	}
+	#logo {
+		margin-bottom: 2em;
+	}
+	-->
+	</style>
+</head>
+<body>
+	<h1 id="logo"><img alt="WordPress" src="<?php echo get_settings('siteurl'); ?>/wp-admin/images/wordpress-logo.png" /></h1>
+	<p><?php echo $message; ?></p>
+</body>
+</html>
+<?php
+
+	die();
+}
+
 ?>

wp-includes/gettext.php

@@ -61,15 +61,14 @@ class gettext_reader {
    * @return Integer from the Stream
    */
   function readint() {
-      $stream = $this->STREAM->read(4);
       if ($this->BYTEORDER == 0) {
         // low endian
-        $unpacked = unpack('V',$stream);
-        return array_shift($unpacked);
+        $low_end = unpack('V', $this->STREAM->read(4));
+        return array_shift($low_end);
       } else {
         // big endian
-        $unpacked = unpack('N',$stream);
-        return array_shift($unpacked);
+        $big_end = unpack('N', $this->STREAM->read(4));
+        return array_shift($big_end);
       }
     }
 
@@ -97,7 +96,7 @@ class gettext_reader {
    */
   function gettext_reader($Reader, $enable_cache = true) {
     // If there isn't a StreamReader, turn on short circuit mode.
-    if (! $Reader) {
+    if (! $Reader || isset($Reader->error) ) {
       $this->short_circuit = true;
       return;
     }
@@ -105,16 +104,16 @@ class gettext_reader {
     // Caching can be turned off
     $this->enable_cache = $enable_cache;
 
-    // $MAGIC1 = (int)0x950412de; //bug in PHP 5
+    // $MAGIC1 = (int)0x950412de; //bug in PHP 5.0.2, see https://savannah.nongnu.org/bugs/?func=detailitem&item_id=10565
     $MAGIC1 = (int) - 1794895138;
     // $MAGIC2 = (int)0xde120495; //bug
     $MAGIC2 = (int) - 569244523;
 
     $this->STREAM = $Reader;
     $magic = $this->readint();
-    if ($magic == $MAGIC1) {
+    if ($magic == ($MAGIC1 & 0xFFFFFFFF)) { // to make sure it works for 64-bit platforms
       $this->BYTEORDER = 0;
-    } elseif ($magic == $MAGIC2) {
+    } elseif ($magic == ($MAGIC2 & 0xFFFFFFFF)) {
       $this->BYTEORDER = 1;
     } else {
       $this->error = 1; // not MO file
@@ -282,7 +281,7 @@ class gettext_reader {
       } else {
         $header = $this->get_translation_string(0);
       }
-      if (eregi("plural-forms: (.*)\n", $header, $regs))
+      if (eregi("plural-forms: ([^\n]*)\n", $header, $regs))
         $expr = $regs[1];
       else
         $expr = "nplurals=2; plural=n == 1 ? 0 : 1;";
@@ -308,7 +307,7 @@ class gettext_reader {
     $plural = 0;
 
     eval("$string");
-    if ($plural >= $total) $plural = 0;
+    if ($plural >= $total) $plural = $total - 1;
     return $plural;
   }
 

wp-includes/js/tinymce/langs/en.js

@@ -1,22 +1,30 @@
 // UK lang variables
 
-tinyMCELang['lang_bold_desc'] = 'Bold (Alt+b)';
-tinyMCELang['lang_italic_desc'] = 'Italic (Alt+i)';
+if (navigator.userAgent.indexOf('Mac OS') != -1) {
+// Mac OS browsers use Ctrl to hit accesskeys
+	var metaKey = 'Ctrl';
+}
+else {
+	var metaKey = 'Alt';
+}
+
+tinyMCELang['lang_bold_desc'] = 'Bold (' + metaKey + '+b)';
+tinyMCELang['lang_italic_desc'] = 'Italic (' + metaKey + '+i)';
 tinyMCELang['lang_underline_desc'] = 'Underline';
-tinyMCELang['lang_striketrough_desc'] = 'Striketrough (Alt-d)';
-tinyMCELang['lang_justifyleft_desc'] = 'Align left (Alt-f)';
-tinyMCELang['lang_justifycenter_desc'] = 'Align center (Alt-c)';
-tinyMCELang['lang_justifyright_desc'] = 'Align right (Alt-r)';
+tinyMCELang['lang_striketrough_desc'] = 'Striketrough (' + metaKey + '-d)';
+tinyMCELang['lang_justifyleft_desc'] = 'Align left (' + metaKey + '-f)';
+tinyMCELang['lang_justifycenter_desc'] = 'Align center (' + metaKey + '-c)';
+tinyMCELang['lang_justifyright_desc'] = 'Align right (' + metaKey + '-r)';
 tinyMCELang['lang_justifyfull_desc'] = 'Align full';
-tinyMCELang['lang_bullist_desc'] = 'Unordered list (Alt-l)';
-tinyMCELang['lang_numlist_desc'] = 'Ordered list (Alt-o)';
-tinyMCELang['lang_outdent_desc'] = 'Outdent (Alt-w)';
-tinyMCELang['lang_indent_desc'] = 'Indent/Blockquote (Alt-q)';
-tinyMCELang['lang_undo_desc'] = 'Undo (Alt-u)';
-tinyMCELang['lang_redo_desc'] = 'Redo (Alt-y)';
-tinyMCELang['lang_link_desc'] = 'Insert/edit link (Alt-a)';
-tinyMCELang['lang_unlink_desc'] = 'Unlink (Alt-s)';
-tinyMCELang['lang_image_desc'] = 'Insert/edit image (Alt-m)';
+tinyMCELang['lang_bullist_desc'] = 'Unordered list (' + metaKey + '-l)';
+tinyMCELang['lang_numlist_desc'] = 'Ordered list (' + metaKey + '-o)';
+tinyMCELang['lang_outdent_desc'] = 'Outdent (' + metaKey + '-w)';
+tinyMCELang['lang_indent_desc'] = 'Indent/Blockquote (' + metaKey + '-q)';
+tinyMCELang['lang_undo_desc'] = 'Undo (' + metaKey + '-u)';
+tinyMCELang['lang_redo_desc'] = 'Redo (' + metaKey + '-y)';
+tinyMCELang['lang_link_desc'] = 'Insert/edit link (' + metaKey + '-a)';
+tinyMCELang['lang_unlink_desc'] = 'Unlink (' + metaKey + '-s)';
+tinyMCELang['lang_image_desc'] = 'Insert/edit image (' + metaKey + '-m)';
 tinyMCELang['lang_cleanup_desc'] = 'Cleanup messy code';
 tinyMCELang['lang_focus_alert'] = 'A editor instance must be focused before using this command.';
 tinyMCELang['lang_edit_confirm'] = 'Do you want to use the WYSIWYG mode for this textarea?';

wp-includes/js/tinymce/plugins/wordpress/langs/en.js

@@ -1,7 +1,15 @@
 // EN lang variables
 
+if (navigator.userAgent.indexOf('Mac OS') != -1) {
+// Mac OS browsers use Ctrl to hit accesskeys
+	var metaKey = 'Ctrl';
+}
+else {
+	var metaKey = 'Alt';
+}
+
 tinyMCE.addToLang('',{
-wordpress_more_button : 'Split post with More tag (Alt-t)',
+wordpress_more_button : 'Split post with More tag (' + metaKey + '-t)',
 wordpress_page_button : 'Split post with Page tag',
 wordpress_more_alt : 'More...',
 wordpress_page_alt : '...page...'