Bump

git-svn-id: http://svn.automattic.com/wordpress/tags/2.5.1@7835 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/admin-ajax.php

@@ -162,9 +162,8 @@ case 'add-category' : // On the Fly
 		if ( $parent ) // Do these all at once in a second
 			continue;
 		$category = get_category( $cat_id );
-		$checked_categories[] = $cat_id;
 		ob_start();
-			dropdown_categories( 0, $category );
+			wp_category_checklist( 0, $cat_id, $checked_categories );
 		$data = ob_get_contents();
 		ob_end_clean();
 		$x->add( array(
@@ -434,7 +433,7 @@ case 'add-meta' :
 	break;
 case 'add-user' :
 	check_ajax_referer( $action );
-	if ( !current_user_can('edit_users') )
+	if ( !current_user_can('create_users') )
 		die('-1');
 	require_once(ABSPATH . WPINC . '/registration.php');
 	if ( !$user_id = add_user() )

wp-admin/async-upload.php

@@ -20,13 +20,26 @@ header('Content-Type: text/plain');
 if ( !current_user_can('upload_files') )
 	wp_die(__('You do not have permission to upload files.'));
 
+// just fetch the detail form for that attachment	
+if ( ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) {
+	echo get_media_item($id);
+	exit;
+}
+
 $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
 if (is_wp_error($id)) {
 	echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
 	exit;
 }
 
-$type = $_REQUEST['type'];
-echo apply_filters("async_upload_{$type}", $id);
+if ( $_REQUEST['short'] ) {
+	// short form response - attachment ID only
+	echo $id;
+}
+else {
+	// long form response - big chunk o html
+	$type = $_REQUEST['type'];
+	echo apply_filters("async_upload_{$type}", $id);
+}
 
 ?>

wp-admin/comment.php

@@ -141,8 +141,10 @@ case 'deletecomment' :
 	else
 		wp_delete_comment( $comment->comment_ID );
 
-	if ( '' != wp_get_referer() && false == $noredir )
+	if ( '' != wp_get_referer() && false == $noredir && false === strpos(wp_get_referer(), 'comment.php' ) )
 		wp_redirect( wp_get_referer() );
+	else if ( '' != wp_get_original_referer() && false == $noredir )
+		wp_redirect( wp_get_original_referer() );
 	else
 		wp_redirect( get_option('siteurl') . '/wp-admin/edit-comments.php' );
 

wp-admin/css/colors-classic.css

@@ -192,6 +192,10 @@ ul.widget-control-list .sorthelper {
 	border-color: #a3a3a3;
 }
 
+.button[disabled], .button:disabled {
+	background-color: #999;
+}
+
 .tablenav .button-secondary {
 	border-color: #5396c5;
 }

wp-admin/css/colors-fresh.css

@@ -188,6 +188,10 @@ ul.widget-control-list .sorthelper {
 	border-color: #80b5d0;
 }
 
+.button[disabled], .button:disabled {
+	background-color: #999;
+}
+
 .submit input:hover, .button:hover, #edit-slug-buttons a.save:hover {
 	border-color: #535353;
 }

wp-admin/css/media.css

@@ -91,8 +91,14 @@ tr.image-size label {
 	max-height: 40px;
 }
 
-.filename {
-	display: none;
+.filename.original {
+	float: left;
+}
+.crunching {
+	display: block;
+	line-height: 32px;
+	text-align: right;
+	margin-right: 5px;
 }
 button.dismiss {
 	position: absolute;
@@ -118,27 +124,31 @@ button.dismiss {
 	border-right-width: 3px;
 	border-right-style: solid;
 }
+
+#library-form .progress, #gallery-form .progress {
+	display: none;
+}
+
 .media-item .thumbnail {
 	max-width: 128px;
 	max-height: 128px;
 }
 .media-item .pinkynail {
-	position: absolute;
-	top: 2px;
-	left: 2px;
+	float: left;
+	margin: 2px;
 	height: 32px;
 	max-width: 40px;
 }
 
-tbody.media-item-info tr {
+thead.media-item-info tr {
 	background-color: transparent;
 }
-tbody.media-item-info th, tbody.media-item-info td {
+thead.media-item-info th, thead.media-item-info td {
 	border: none;
 	margin: 0;
 }
 
-.form-table tbody.media-item-info {
+.form-table thead.media-item-info {
 	border: 8px solid #fff;
 }
 
@@ -164,23 +174,14 @@ abbr.required {
 .describe-toggle-on, .describe-toggle-off {
 	display: block;
 	line-height: 36px;
-	z-index: 2;
-	position: absolute;
-	top: 0px;
-	right: 20px;
+	float: right;
+	margin-right: 20px;
 }
 .describe-toggle-off {
 	display: none;
 }
+
 .clickmask {
-	background: transparent;
-	position: absolute;
-	top: 0px;
-	left: 0px;
-	cursor: pointer;
-	border: none;
-	z-index: 3;
-	height: 36px;
 }
 
 .hidden {
@@ -210,17 +211,16 @@ abbr.required {
 }
 
 #media-upload .media-item {
+	position: relative;
 	border-bottom-width: 1px;
 	border-bottom-style: solid;
-	width: 623px;
-	position: relative;
 	min-height: 36px;
+	width: 100%;
 }
-#media-upload .filename {
-	display: block;
+.filename {
 	line-height: 36px;
-	margin-left: 50px;
-	z-index: 2;
+	margin-left: 10px;
+	float: left;
 }
 #media-upload .describe {
 	border-top-width: 1px;
@@ -239,4 +239,4 @@ abbr.required {
 #media-upload tr.image-size {
 	margin-bottom: 1em;
 	height: 3em;
-}
+}

wp-admin/css/widgets-rtl.css

@@ -35,7 +35,7 @@ h4.widget-title a {
 }
 li.widget-list-control-item h4.widget-title a, #dragHelper li.widget-list-control-item h4.widget-title a, #draghelper li.widget-list-control-item h4.widget-title a:visited {
 	right:auto;
-	left:2em;
+	left:1em;
 }
 
 li.widget-list-control-item div.widget-control {

wp-admin/css/widgets.css

@@ -91,6 +91,10 @@ ul.widget-control-list {
 	padding: 0 1em;
 }
 
+ul.widget-control-list li {
+	position: relative;
+}
+
 div#current-widgets p.submit {
 	padding: 1em;
 }
@@ -135,7 +139,7 @@ h4.widget-title a {
 li.widget-list-control-item h4.widget-title a,
 #dragHelper li.widget-list-control-item h4.widget-title a,
 #draghelper li.widget-list-control-item h4.widget-title a:visited {
-	right: 2em;
+	right: 1em;
 }
 
 li.widget-list-control-item h4.widget-title a:hover {

wp-admin/custom-header.php

@@ -11,17 +11,27 @@ class Custom_Image_Header {
 		$page = add_theme_page(__('Custom Image Header'), __('Custom Image Header'), 'edit_themes', 'custom-header', array(&$this, 'admin_page'));
 
 		add_action("admin_print_scripts-$page", array(&$this, 'js_includes'));
+		add_action("admin_head-$page", array(&$this, 'take_action'), 50);
 		add_action("admin_head-$page", array(&$this, 'js'), 50);
 		add_action("admin_head-$page", $this->admin_header_callback, 51);
 	}
 
-	function js_includes() {
-		wp_enqueue_script('cropper');
-		wp_enqueue_script('colorpicker');
+	function step() {
+		$step = (int) @$_GET['step'];
+		if ( $step < 1 || 3 < $step )
+			$step = 1;
+		return $step;
 	}
 
-	function js() {
+	function js_includes() {
+		$step = $this->step();
+		if ( 1 == $step )
+			wp_enqueue_script('colorpicker');
+		elseif ( 2 == $step )	
+			wp_enqueue_script('cropper');
+	}
 
+	function take_action() {
 		if ( isset( $_POST['textcolor'] ) ) {
 			check_admin_referer('custom-header');
 			if ( 'blank' == $_POST['textcolor'] ) {
@@ -36,48 +46,18 @@ class Custom_Image_Header {
 			check_admin_referer('custom-header');
 			remove_theme_mods();
 		}
-	?>
-<script type="text/javascript">
-
-	function onEndCrop( coords, dimensions ) {
-		$( 'x1' ).value = coords.x1;
-		$( 'y1' ).value = coords.y1;
-		$( 'x2' ).value = coords.x2;
-		$( 'y2' ).value = coords.y2;
-		$( 'width' ).value = dimensions.width;
-		$( 'height' ).value = dimensions.height;
 	}
 
-	// with a supplied ratio
-	Event.observe(
-		window,
-		'load',
-		function() {
-			var xinit = <?php echo HEADER_IMAGE_WIDTH; ?>;
-			var yinit = <?php echo HEADER_IMAGE_HEIGHT; ?>;
-			var ratio = xinit / yinit;
-			var ximg = $('upload').width;
-			var yimg = $('upload').height;
-			if ( yimg < yinit || ximg < xinit ) {
-				if ( ximg / yimg > ratio ) {
-					yinit = yimg;
-					xinit = yinit * ratio;
-				} else {
-					xinit = ximg;
-					yinit = xinit / ratio;
-				}
-			}
-			new Cropper.Img(
-				'upload',
-				{
-					ratioDim: { x: xinit, y: yinit },
-					displayOnInit: true,
-					onEndCrop: onEndCrop
-				}
-			)
-		}
-	);
+	function js() {
+		$step = $this->step();
+		if ( 1 == $step )
+			$this->js_1();
+		elseif ( 2 == $step )
+			$this->js_2();
+	}
 
+	function js_1() { ?>
+<script type="text/javascript">
 	var cp = new ColorPicker();
 
 	function pickColor(color) {
@@ -116,7 +96,7 @@ class Custom_Image_Header {
 		}
 	}
 	function colorDefault() {
-		pickColor('<?php echo HEADER_TEXTCOLOR; ?>');
+		pickColor('#<?php echo HEADER_TEXTCOLOR; ?>');
 	}
 
 	function hide_text() {
@@ -149,6 +129,50 @@ Event.observe( window, 'load', hide_text );
 <?php
 	}
 
+	function js_2() { ?>
+<script type="text/javascript">
+	function onEndCrop( coords, dimensions ) {
+		$( 'x1' ).value = coords.x1;
+		$( 'y1' ).value = coords.y1;
+		$( 'x2' ).value = coords.x2;
+		$( 'y2' ).value = coords.y2;
+		$( 'width' ).value = dimensions.width;
+		$( 'height' ).value = dimensions.height;
+	}
+
+	// with a supplied ratio
+	Event.observe(
+		window,
+		'load',
+		function() {
+			var xinit = <?php echo HEADER_IMAGE_WIDTH; ?>;
+			var yinit = <?php echo HEADER_IMAGE_HEIGHT; ?>;
+			var ratio = xinit / yinit;
+			var ximg = $('upload').width;
+			var yimg = $('upload').height;
+			if ( yimg < yinit || ximg < xinit ) {
+				if ( ximg / yimg > ratio ) {
+					yinit = yimg;
+					xinit = yinit * ratio;
+				} else {
+					xinit = ximg;
+					yinit = xinit / ratio;
+				}
+			}
+			new Cropper.Img(
+				'upload',
+				{
+					ratioDim: { x: xinit, y: yinit },
+					displayOnInit: true,
+					onEndCrop: onEndCrop
+				}
+			)
+		}
+	);
+</script>
+<?php
+	}
+
 	function step_1() {
 		if ( $_GET['updated'] ) { ?>
 <div id="message" class="updated fade">
@@ -252,7 +276,7 @@ Event.observe( window, 'load', hide_text );
 <form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>">
 
 <p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
-<div id="testWrap">
+<div id="testWrap" style="position: relative">
 <img src="<?php echo $url; ?>" id="upload" width="<?php echo $width; ?>" height="<?php echo $height; ?>" />
 </div>
 
@@ -327,19 +351,13 @@ Event.observe( window, 'load', hide_text );
 	}
 
 	function admin_page() {
-		if ( !isset( $_GET['step'] ) )
-			$step = 1;
-		else
-			$step = (int) $_GET['step'];
-
-		if ( 1 == $step ) {
+		$step = $this->step();
+		if ( 1 == $step )
 			$this->step_1();
-		} elseif ( 2 == $step ) {
+		elseif ( 2 == $step )
 			$this->step_2();
-		} elseif ( 3 == $step ) {
+		elseif ( 3 == $step )
 			$this->step_3();
-		}
-
 	}
 
 }

wp-admin/edit-attachment-rows.php

@@ -26,6 +26,10 @@ while (have_posts()) : the_post();
 $class = 'alternate' == $class ? '' : 'alternate';
 global $current_user;
 $post_owner = ( $current_user->ID == $post->post_author ? 'self' : 'other' );
+$att_title = get_the_title();
+if ( empty($att_title) )
+	$att_title = __('(no title)');
+
 ?>
 	<tr id='post-<?php echo $id; ?>' class='<?php echo trim( $class . ' author-' . $post_owner . ' status-' . $post->post_status ); ?>' valign="top">
 
@@ -50,7 +54,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 
 	case 'media':
 		?>
-		<td><strong><a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), get_the_title())); ?>"><?php the_title(); ?></a></strong><br />
+		<td><strong><a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
 		<?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?>
 		<?php do_action('manage_media_media_column', $post->ID); ?>
 		</td>

wp-admin/edit-form-advanced.php

@@ -1,4 +1,4 @@
-<?php
+ <?php
 $action = isset($action)? $action : '';
 if ( isset($_GET['message']) )
 	$_GET['message'] = absint( $_GET['message'] );
@@ -54,13 +54,13 @@ $saveasdraft = '<input name="save" type="submit" id="save" class="button" tabind
 <input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" />
 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
-<input type="hidden" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
+<input type="hidden" id="post_author" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
 <input type="hidden" id="post_type" name="post_type" value="<?php echo $post->post_type ?>" />
 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo $post->post_status ?>" />
 <input name="referredby" type="hidden" id="referredby" value="<?php
 if ( !empty($_REQUEST['popupurl']) )
 	echo clean_url(stripslashes($_REQUEST['popupurl']));
-else if ( url_to_postid(wp_get_referer()) == $post_ID && strpos( wp_get_referer(), '/wp-admin/' ) === false )
+else if ( strpos( wp_get_referer(), '/wp-admin/' ) === false && $post_ID && url_to_postid(wp_get_referer()) === $post_ID  )
 	echo 'redo';
 else
 	echo clean_url(stripslashes(wp_get_referer()));
@@ -222,7 +222,7 @@ endif; ?>
 	<p id="category-add" class="wp-hidden-child">
 		<input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _e( 'New category name' ); ?>" tabindex="3" />
 		<?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?>
-		<input type="button" id="category-add-sumbit" class="add:categorychecklist:categorydiv button" value="<?php _e( 'Add' ); ?>" tabindex="3" />
+		<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _e( 'Add' ); ?>" tabindex="3" />
 		<?php wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?>
 		<span id="category-ajax-response"></span>
 	</p>
@@ -233,15 +233,15 @@ endif; ?>
 	<li class="wp-no-js-hidden"><a href="#categories-pop" tabindex="3"><?php _e( 'Most Used' ); ?></a></li>
 </ul>
 
-<div id="categories-all" class="ui-tabs-panel">
-	<ul id="categorychecklist" class="list:category categorychecklist form-no-clear">
-		<?php dropdown_categories(); ?>
+<div id="categories-pop" class="ui-tabs-panel" style="display: none;">
+	<ul id="categorychecklist-pop" class="categorychecklist form-no-clear" >
+		<?php $popular_ids = wp_popular_terms_checklist('category'); ?>
 	</ul>
 </div>
 
-<div id="categories-pop" class="ui-tabs-panel" style="display: none;">
-	<ul id="categorychecklist-pop" class="categorychecklist form-no-clear" >
-		<?php wp_popular_terms_checklist('category'); ?>
+<div id="categories-all" class="ui-tabs-panel">
+	<ul id="categorychecklist" class="list:category categorychecklist form-no-clear">
+		<?php wp_category_checklist($post_ID) ?>
 	</ul>
 </div>
 

wp-admin/edit-form-comment.php

@@ -46,7 +46,7 @@ $time = mysql2date(get_option('time_format'), $comment->comment_date);
 <p class="submit">
 <input type="submit" name="save" value="<?php _e('Save'); ?>" tabindex="4" class="button button-highlighted" />
 <?php
-echo "<a class='submitdelete' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID", 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ) { return true;}return false;\">" . __('Delete comment') . "</a>";
+echo "<a class='submitdelete' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . wp_get_referer(), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ) { return true;}return false;\">" . __('Delete comment') . "</a>";
 ?>
 </p>
 
@@ -95,6 +95,7 @@ echo "<a class='submitdelete' href='" . wp_nonce_url("comment.php?action=deletec
 <input type="hidden" name="c" value="<?php echo $comment->comment_ID ?>" />
 <input type="hidden" name="p" value="<?php echo $comment->comment_post_ID ?>" />
 <input name="referredby" type="hidden" id="referredby" value="<?php echo wp_get_referer(); ?>" />
+<?php wp_original_referer_field(true, 'previous'); ?>
 <input type="hidden" name="noredir" value="1" />
 </div>
 </div>

wp-admin/edit-link-form.php

@@ -118,7 +118,7 @@ if ( ( 'edit' == $action) && current_user_can('manage_links') )
 
 <div id="categories-all" class="ui-tabs-panel">
 	<ul id="categorychecklist" class="list:category categorychecklist form-no-clear">
-		<?php dropdown_link_categories(); ?>
+		<?php wp_link_category_checklist($link_id); ?>
 	</ul>
 </div>
 

wp-admin/edit-page-form.php

@@ -48,7 +48,7 @@ if (isset($mode) && 'bookmarklet' == $mode)
 <input type="hidden" id="post_type" name="post_type" value="<?php echo $post->post_type ?>" />
 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo $post->post_status ?>" />
 <input name="referredby" type="hidden" id="referredby" value="<?php
-if ( url_to_postid(wp_get_referer()) == $post_ID && strpos( wp_get_referer(), '/wp-admin/' ) === false )
+if ( strpos( wp_get_referer(), '/wp-admin/' ) === false && $post_ID && url_to_postid(wp_get_referer()) === $post_ID )
 	echo 'redo';
 else
 	echo clean_url(stripslashes(wp_get_referer()));
@@ -72,7 +72,7 @@ else
 <p><strong><?php _e('Publish Status') ?></strong></p>
 <p>
 <select name='post_status' tabindex='4'>
-<?php if ( current_user_can('publish_posts') ) : ?>
+<?php if ( current_user_can('publish_pages') ) : ?>
 <option<?php selected( $post->post_status, 'publish' ); selected( $post->post_status, 'private' );?> value='publish'><?php _e('Published') ?></option>
 <?php else: ?>
 <option<?php selected( $post->post_status, 'private' ); ?> value='private'><?php _e('Published') ?></option>

wp-admin/edit-post-rows.php

@@ -22,6 +22,14 @@
 if ( have_posts() ) {
 $bgcolor = '';
 add_filter('the_title','wp_specialchars');
+
+// Create array of post IDs.
+$post_ids = array();
+foreach ( $wp_query->posts as $a_post )
+	$post_ids[] = $a_post->ID;
+
+$comment_pending_count = get_pending_comments_num($post_ids);
+
 while (have_posts()) : the_post();
 $class = 'alternate' == $class ? '' : 'alternate';
 global $current_user;
@@ -67,7 +75,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 			}
 		}
 		?>
-		<td><abbr title="<?php echo $t_time ?>"><?php echo $h_time ?></abbr></td>
+		<td><abbr title="<?php echo $t_time ?>"><?php echo apply_filters('post_date_column_time', $h_time, $post, $column_name) ?></abbr></td>
 		<?php
 		break;
 	case 'title':
@@ -113,7 +121,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 		?>
 		<td class="num"><div class="post-com-count-wrapper">
 		<?php
-		$left = get_pending_comments_num( $post->ID );
+		$left = isset($comment_pending_count) ? $comment_pending_count[$post->ID] : 0;
 		$pending_phrase = sprintf( __('%s pending'), number_format( $left ) );
 		if ( $left )
 			echo '<strong>';

wp-admin/edit.php

@@ -167,8 +167,12 @@ foreach ($arc_result as $arc_row) {
 </select>
 <?php } ?>
 
-<?php wp_dropdown_categories('show_option_all='.__('View all categories').'&hide_empty=1&hierarchical=1&show_count=1&selected='.$cat);?>
-<?php do_action('restrict_manage_posts'); ?>
+<?php
+$dropdown_options = array('show_option_all' => __('View all categories'), 'hide_empty' => 0, 'hierarchical' => 1,
+	'show_count' => 0, 'orderby' => 'name', 'selected' => $cat);
+wp_dropdown_categories($dropdown_options);
+do_action('restrict_manage_posts');
+?>
 <input type="submit" id="post-query-submit" value="<?php _e('Filter'); ?>" class="button-secondary" />
 
 <?php } ?>

wp-admin/import/blogger.php

@@ -770,7 +770,7 @@ class Blogger_Import {
 				$this->$key = $value;
 
 		if ( isset( $_REQUEST['blog'] ) ) {
-			$blog = is_array($_REQUEST['blog']) ? array_shift( array_keys( $_REQUEST['blog'] ) ) : $_REQUEST['blog'];
+			$blog = is_array($_REQUEST['blog']) ? array_shift( $keys = array_keys( $_REQUEST['blog'] ) ) : $_REQUEST['blog'];
 			$blog = (int) $blog;
 			$result = $this->import_blog( $blog );
 			if ( is_wp_error( $result ) )

wp-admin/import/mt.php

@@ -335,7 +335,7 @@ class MT_Import {
 				else if ( 'ping' == $context )
 					$ping->title = $title;
 			} else if ( 0 === strpos($line, "STATUS:") ) {
-				$status = trim( substr($line, strlen("STATUS:")) );
+				$status = trim( strtolower( substr($line, strlen("STATUS:")) ) );
 				if ( empty($status) )
 					$status = 'publish';
 				$post->post_status = $status;

wp-admin/includes/admin.php

@@ -1,8 +1,5 @@
 <?php
 
-if ( !defined( 'AUTOSAVE_INTERVAL' ) )
-	define( 'AUTOSAVE_INTERVAL', 60 );
-
 require_once(ABSPATH . 'wp-admin/includes/bookmark.php');
 require_once(ABSPATH . 'wp-admin/includes/comment.php');
 require_once(ABSPATH . 'wp-admin/includes/file.php');

wp-admin/includes/class-wp-filesystem-direct.php

@@ -26,8 +26,7 @@ class WP_Filesystem_Direct{
 		return @file($file);
 	}
 	function put_contents($file,$contents,$mode=false,$type=''){
-		$fp=@fopen($file,'w'.$type);
-		if (!$fp)
+		if ( ! ($fp = @fopen($file,'w'.$type)) )
 			return false;
 		@fwrite($fp,$contents);
 		@fclose($fp);
@@ -37,6 +36,9 @@ class WP_Filesystem_Direct{
 	function cwd(){
 		return @getcwd();
 	}
+	function chdir($dir){
+		return @chdir($dir);
+	}
 	function chgrp($file,$group,$recursive=false){
 		if( ! $this->exists($file) )
 			return false;
@@ -45,10 +47,11 @@ class WP_Filesystem_Direct{
 		if( ! $this->is_dir($file) )
 			return @chgrp($file,$group);
 		//Is a directory, and we want recursive
+		$file = trailingslashit($file);
 		$filelist = $this->dirlist($file);
-		foreach($filelist as $filename){
-			$this->chgrp($file.'/'.$filename,$group,$recursive);
-		}
+		foreach($filelist as $filename)
+			$this->chgrp($file . $filename, $group, $recursive);
+
 		return true;
 	}
 	function chmod($file,$mode=false,$recursive=false){
@@ -61,10 +64,11 @@ class WP_Filesystem_Direct{
 		if( ! $this->is_dir($file) )
 			return @chmod($file,$mode);
 		//Is a directory, and we want recursive
+		$file = trailingslashit($file);
 		$filelist = $this->dirlist($file);
-		foreach($filelist as $filename){
-			$this->chmod($file.'/'.$filename,$mode,$recursive);
-		}
+		foreach($filelist as $filename)
+			$this->chmod($file . $filename, $mode, $recursive);
+
 		return true;
 	}
 	function chown($file,$owner,$recursive=false){
@@ -82,12 +86,12 @@ class WP_Filesystem_Direct{
 		return true;
 	}
 	function owner($file){
-		$owneruid=@fileowner($file);
+		$owneruid = @fileowner($file);
 		if( ! $owneruid )
 			return false;
 		if( !function_exists('posix_getpwuid') )
 			return $owneruid;
-		$ownerarray=posix_getpwuid($owneruid);
+		$ownerarray = posix_getpwuid($owneruid);
 		return $ownerarray['name'];
 	}
 	function getchmod($file){
@@ -163,23 +167,23 @@ class WP_Filesystem_Direct{
 		return $newmode;
 	}
 	function group($file){
-		$gid=@filegroup($file);
+		$gid = @filegroup($file);
 		if( ! $gid )
 			return false;
 		if( !function_exists('posix_getgrgid') )
 			return $gid;
-		$grouparray=posix_getgrgid($gid);
+		$grouparray = posix_getgrgid($gid);
 		return $grouparray['name'];
 	}
 
 	function copy($source,$destination,$overwrite=false){
-		if( $overwrite && $this->exists($destination) )
+		if( ! $overwrite && $this->exists($destination) )
 			return false;
 		return copy($source,$destination);
 	}
 
 	function move($source,$destination,$overwrite=false){
-		//Possible to use rename()
+		//Possible to use rename()?
 		if( $this->copy($source,$destination,$overwrite) && $this->exists($destination) ){
 			$this->delete($source);
 			return true;
@@ -188,24 +192,24 @@ class WP_Filesystem_Direct{
 		}
 	}
 
-	function delete($file,$recursive=false){
+	function delete($file, $recursive=false){
 		$file = str_replace('\\','/',$file); //for win32, occasional problems deleteing files otherwise
 
 		if( $this->is_file($file) )
 			return @unlink($file);
-
 		if( !$recursive && $this->is_dir($file) )
 			return @rmdir($file);
 
-		$filelist = $this->dirlist($file);
-		if( ! $filelist )
-			return true; //No files exist, Say we've deleted them
+		//At this point its a folder, and we're in recursive mode
+		$file = trailingslashit($file);
+		$filelist = $this->dirlist($file, true);
 
 		$retval = true;
-		foreach($filelist as $filename=>$fileinfo){
-			if( ! $this->delete($file.'/'.$filename,$recursive) )
-				$retval = false;
-		}
+		if( is_array($filelist) ) //false if no files, So check first.
+			foreach($filelist as $filename=>$fileinfo)
+				if( ! $this->delete($file . $filename, $recursive) )
+					$retval = false;
+
 		if( ! @rmdir($file) )
 			return false;
 		return $retval;
@@ -224,7 +228,7 @@ class WP_Filesystem_Direct{
 	}
 
 	function is_readable($file){
-			return @is_readable($file);
+		return @is_readable($file);
 	}
 
 	function is_writable($file){
@@ -242,15 +246,15 @@ class WP_Filesystem_Direct{
 		return @filesize($file);
 	}
 
-	function touch($file,$time=0,$atime=0){
-		if($time==0)
+	function touch($file, $time = 0, $atime = 0){
+		if($time == 0)
 			$time = time();
-		if($atime==0)
+		if($atime == 0)
 			$atime = time();
 		return @touch($file,$time,$atime);
 	}
 
-	function mkdir($path,$chmod=false,$chown=false,$chgrp=false){
+	function mkdir($path, $chmod = false, $chown = false, $chgrp = false){
 		if( ! $chmod)
 			$chmod = $this->permission;
 
@@ -264,6 +268,7 @@ class WP_Filesystem_Direct{
 	}
 
 	function rmdir($path,$recursive=false){
+		//Currently unused and untested, Use delete() instead.
 		if( ! $recursive )
 			return @rmdir($path);
 		//recursive:
@@ -292,6 +297,8 @@ class WP_Filesystem_Direct{
 			$struc = array();
 			$struc['name'] 		= $entry;
 
+			if( '.' == $struc['name'] || '..' == $struc['name'] )
+				continue; //Do not care about these folders.
 			if( '.' == $struc['name'][0] && !$incdot)
 				continue;
 			if( $limitFile && $struc['name'] != $limitFile)
@@ -307,22 +314,15 @@ class WP_Filesystem_Direct{
 			$struc['lastmod']   = date('M j',$struc['lastmodunix']);
 			$struc['time']    	= date('h:i:s',$struc['lastmodunix']);
 			$struc['type']		= $this->is_dir($path.'/'.$entry) ? 'd' : 'f';
-			if ('d' == $struc['type'] ){
-				$struc['files'] = array();
 
-				if( $incdot ){
-					//We're including the doted starts
-					if( '.' != $struc['name'] && '..' != $struc['name'] ){ //Ok, It isnt a special folder
-						if ($recursive)
-							$struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive);
-					}
-				} else { //No dots
-					if ($recursive)
-						$struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive);
-				}
+			if ('d' == $struc['type'] ){
+				if( $recursive )
+					$struc['files'] = $this->dirlist($path.'/'.$struc['name'], $incdot, $recursive);
+				else
+					$struc['files'] = array();
 			}
-			//File
-			$ret[$struc['name']] = $struc;
+
+			$ret[ $struc['name'] ] = $struc;
 		}
 		$dir->close();
 		unset($dir);

wp-admin/includes/comment.php

@@ -21,7 +21,7 @@ function edit_comment() {
 	$_POST['comment_content'] = $_POST['content'];
 	$_POST['comment_ID'] = (int) $_POST['comment_ID'];
 
-	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mm') as $timeunit ) {
+	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
 		if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
 			$_POST['edit_date'] = '1';
 			break;
@@ -66,9 +66,28 @@ function get_comment_to_edit( $id ) {
 
 function get_pending_comments_num( $post_id ) {
 	global $wpdb;
-	$post_id = (int) $post_id;
-	$pending = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '0'" );
-	return $pending;
+
+	$single = false;
+	if ( !is_array($post_id) ) {
+		$post_id = (array) $post_id;
+		$single = true;
+	}
+	$post_id = array_map('intval', $post_id);
+	$post_id = "'" . implode("', '", $post_id) . "'";
+
+	$pending = $wpdb->get_results( "SELECT comment_post_ID, COUNT(comment_ID) as num_comments FROM $wpdb->comments WHERE comment_post_ID IN ( $post_id ) AND comment_approved = '0' GROUP BY comment_post_ID", ARRAY_N );
+
+	if ( empty($pending) )
+		return 0;
+
+	if ( $single )
+		return $pending[0][1];
+
+	$pending_keyed = array();
+	foreach ( $pending as $pend )
+		$pending_keyed[$pend[0]] = $pend[1];
+
+	return $pending_keyed;
 }
 
 // Add avatars to relevant places in admin, or try to
@@ -93,4 +112,4 @@ if ( is_admin() && ('edit-comments.php' == $pagenow || 'edit.php' == $pagenow) )
 		add_filter( 'comment_author', 'floated_admin_avatar' );
 }
 
-?>
+?>

wp-admin/includes/dashboard.php

@@ -4,7 +4,8 @@
 function wp_dashboard_setup() {
 	global $wpdb, $wp_dashboard_sidebars;
 	$update = false;
-	if ( !$widget_options = get_option( 'dashboard_widget_options' ) )
+	$widget_options = get_option( 'dashboard_widget_options' );
+	if ( !$widget_options || !is_array($widget_options) )
 		$widget_options = array();
 
 

wp-admin/includes/file.php

@@ -172,8 +172,9 @@ function wp_handle_upload( &$file, $overrides = false ) {
 
 	// Move the file to the uploads dir
 	$new_file = $uploads['path'] . "/$filename";
-	if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) )
-		wp_die( printf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ));
+	if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) ) {
+		return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) );
+	}
 
 	// Set correct file permissions
 	$stat = stat( dirname( $new_file ));

wp-admin/includes/image.php

@@ -235,7 +235,7 @@ function wp_read_image_metadata( $file ) {
 
 	// fetch additional info from exif if available
 	if ( is_callable('exif_read_data') && in_array($sourceImageType, apply_filters('wp_read_image_metadata_types', array(IMAGETYPE_JPEG, IMAGETYPE_TIFF_II, IMAGETYPE_TIFF_MM)) ) ) {
-		$exif = exif_read_data( $file );
+		$exif = @exif_read_data( $file );
 		if (!empty($exif['FNumber']))
 			$meta['aperture'] = round( wp_exif_frac2dec( $exif['FNumber'] ), 2 );
 		if (!empty($exif['Model']))

wp-admin/includes/media.php

@@ -57,7 +57,7 @@ function get_image_send_to_editor($id, $alt, $title, $align, $url='', $rel = fal
 	if ( $url )
 		$html = "<a href='".attribute_escape($url)."'$rel>$html</a>";
 
-	$html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url );
+	$html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size );
 
 	return $html;
 }
@@ -202,18 +202,6 @@ add_action('media_upload_media', 'media_upload_handler');
 function media_upload_form_handler() {
 	check_admin_referer('media-form');
 
-	// Insert media button was clicked
-	if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
-		// Upload File button was clicked
-
-		$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
-
-		if ( is_wp_error($id) ) {
-			$errors['upload_error'] = $id;
-			$id = false;
-		}
-	}
-
 	if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
 		$post = $_post = get_post($attachment_id, ARRAY_A);
 		if ( isset($attachment['post_content']) )
@@ -590,8 +578,9 @@ function get_attachment_fields_to_edit($post, $errors = null) {
 }
 
 function get_media_items( $post_id, $errors ) {
-	if ( $post_id && $post = get_post($post_id) ) {
-		if ( $post->post_type == 'attachment' )
+	if ( $post_id ) {
+		$post = get_post($post_id);
+		if ( $post && $post->post_type == 'attachment' )
 			$attachments = array($post->ID => $post);
 		else
 			$attachments = get_children("post_parent=$post_id&post_type=attachment&orderby=menu_order ASC, ID&order=DESC");
@@ -606,7 +595,7 @@ function get_media_items( $post_id, $errors ) {
 
 	foreach ( $attachments as $id => $attachment )
 		if ( $item = get_media_item( $id, array( 'errors' => isset($errors[$id]) ? $errors[$id] : null) ) )
-			$output .= "\n<div id='media-item-$id' class='media-item child-of-$attachment->post_parent preloaded'><div id='media-upload-error-$id'></div><div class='filename'></div><div class='progress'><div class='bar'></div></div>$item<div class='progress clickmask'></div>\n</div>";
+			$output .= "\n<div id='media-item-$id' class='media-item child-of-$attachment->post_parent preloaded'><div class='progress'><div class='bar'></div></div><div id='media-upload-error-$id'></div><div class='filename'></div>$item\n</div>";
 
 	return $output;
 }
@@ -643,7 +632,7 @@ function get_media_item( $attachment_id, $args = null ) {
 	if ( isset($post_mime_types) ) {
 		$keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type));
 		$type = array_shift($keys);
-		$type = "<input type='hidden' id='type-of-$attachment_id' value='$type' />";
+		$type = "<input type='hidden' id='type-of-$attachment_id' value='" . attribute_escape( $type ) . "' />";
 	}
 
 	$form_fields = get_attachment_fields_to_edit($post, $errors);
@@ -665,15 +654,15 @@ function get_media_item( $attachment_id, $args = null ) {
 	$toggle_links
 	<div class='filename new'>$display_title</div>
 	<table class='slidetoggle describe $class'>
-		<tbody class='media-item-info'>
+		<thead class='media-item-info'>
 		<tr>
 			<td class='A1B1' rowspan='4'><img class='thumbnail' src='$thumb_url' alt='' /></td>
 			<td>$filename</td>
 		</tr>
-		<td>$post->post_mime_type</td></tr>
+		<tr><td>$post->post_mime_type</td></tr>
 		<tr><td>" . mysql2date($post->post_date, get_option('time_format')) . "</td></tr>
-		<tr><td>" . apply_filters('media_meta', '', $post) . "</tr></td>
-		</tbody>
+		<tr><td>" . apply_filters('media_meta', '', $post) . "</td></tr>
+		</thead>
 		<tbody>\n";
 
 	$defaults = array(
@@ -685,7 +674,7 @@ function get_media_item( $attachment_id, $args = null ) {
 
 	$delete_href = wp_nonce_url("post.php?action=delete-post&amp;post=$attachment_id", 'delete-post_' . $attachment_id);
 	if ( $send )
-		$send = "<button type='submit' class='button' value='1' name='send[$attachment_id]'>" . __('Insert into Post') . '</button>';
+		$send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attribute_escape( __( 'Insert into Post' ) ) . "' />";
 	if ( $delete )
 		$delete = "<a href='$delete_href' id='del[$attachment_id]' disabled='disabled' class='delete'>" . __('Delete') . "</button>";
 	if ( ( $send || $delete ) && !isset($form_fields['buttons']) )
@@ -718,9 +707,9 @@ function get_media_item( $attachment_id, $args = null ) {
 		if ( !empty($field[$field['input']]) )
 			$item .= $field[$field['input']];
 		elseif ( $field['input'] == 'textarea' ) {
-			$item .= "<textarea type='text' id='$name' name='$name'>" . wp_specialchars($field['value'], 1) . "</textarea>";
+			$item .= "<textarea type='text' id='$name' name='$name'>" . attribute_escape( $field['value'] ) . "</textarea>";
 		} else {
-			$item .= "<input type='text' id='$name' name='$name' value='" . wp_specialchars($field['value'], 1) . "' />";
+			$item .= "<input type='text' id='$name' name='$name' value='" . attribute_escape( $field['value'] ) . "' />";
 		}
 		if ( !empty($field['helps']) )
 			$item .= "<p class='help'>" . join( "</p>\n<p class='help'>", array_unique((array) $field['helps']) ) . '</p>';
@@ -744,10 +733,11 @@ function get_media_item( $attachment_id, $args = null ) {
 
 	if ( !empty($form_fields['_final']) )
 		$item .= "\t\t<tr class='final'><td colspan='2'>{$form_fields['_final']}</td></tr>\n";
+	$item .= "\t</tbody>\n";
 	$item .= "\t</table>\n";
 
 	foreach ( $hidden_fields as $name => $value )
-		$item .= "\t<input type='hidden' name='$name' id='$name' value='" . wp_specialchars($value, 1) . "' />\n";
+		$item .= "\t<input type='hidden' name='$name' id='$name' value='" . attribute_escape( $value ) . "' />\n";
 
 	return $item;
 }
@@ -775,7 +765,7 @@ function media_upload_form( $errors = null ) {
 	$post_id = intval($_REQUEST['post_id']);
 
 ?>
-<input type='hidden' name='post_id' value='<?php echo $post_id; ?>' />
+<input type='hidden' name='post_id' value='<?php echo (int) $post_id; ?>' />
 <div id="media-upload-notice">
 <?php if (isset($errors['upload_notice']) ) { ?>
 	<?php echo $errors['upload_notice']; ?>
@@ -794,12 +784,13 @@ jQuery(function($){
 			upload_url : "<?php echo attribute_escape( $flash_action_url ); ?>",
 			flash_url : "<?php echo get_option('siteurl').'/wp-includes/js/swfupload/swfupload_f9.swf'; ?>",
 			file_post_name: "async-upload",
-			file_types: "*.*",
+			file_types: "<?php echo apply_filters('upload_file_glob', '*.*'); ?>",
 			post_params : {
 				"post_id" : "<?php echo $post_id; ?>",
 				"auth_cookie" : "<?php echo $_COOKIE[AUTH_COOKIE]; ?>",
 				"type" : "<?php echo $type; ?>",
-				"tab" : "<?php echo $tab; ?>"
+				"tab" : "<?php echo $tab; ?>",
+				"short" : "1"
 			},
 			file_size_limit : "<?php echo wp_max_upload_size(); ?>b",
 			swfupload_element_id : "flash-upload-ui", // id of the element displayed when swfupload is available
@@ -814,7 +805,7 @@ jQuery(function($){
 			file_queue_error_handler : fileQueueError,
 			file_dialog_complete_handler : fileDialogComplete,
 
-			debug: false,
+			debug: false
 		});
 	$("#flash-browse-button").bind( "click", function(){swfu.selectFiles();});
 });
@@ -823,7 +814,7 @@ jQuery(function($){
 
 
 <div id="flash-upload-ui">
-	<p><input id="flash-browse-button" type="button" value="<?php _e('Choose files to upload'); ?>" class="button" /></p>
+	<p><input id="flash-browse-button" type="button" value="<?php echo attribute_escape( __( 'Choose files to upload' ) ); ?>" class="button" /></p>
 	<p><?php _e('After a file has been uploaded, you can add titles and descriptions.'); ?></p>
 </div>
 
@@ -833,7 +824,7 @@ jQuery(function($){
 	<p>
 	<input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attribute_escape(__('Upload')); ?>" /> <a href="#" onClick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
 	</p>
-	<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
+	<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 	<br class="clear" />
 	<?php if ( is_lighttpd_before_150() ): ?>
 	<p><?php _e('If you want to use all capabilities of the uploader, like uploading multiple files at once, please upgrade to lighttpd 1.5.'); ?></p>
@@ -853,7 +844,7 @@ function media_upload_type_form($type = 'file', $errors = null, $id = null) {
 ?>
 
 <form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
-<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
+<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 <?php wp_nonce_field('media-form'); ?>
 <h3><?php _e('From Computer'); ?></h3>
 <?php media_upload_form( $errors ); ?>
@@ -873,7 +864,7 @@ jQuery(function($){
 <div id="media-items">
 <?php echo get_media_items( $id, $errors ); ?>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />
+<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
 
 <?php elseif ( is_callable($callback) ) : ?>
 
@@ -887,7 +878,7 @@ jQuery(function($){
 <?php echo call_user_func($callback); ?>
 </div>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />
+<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
 <?php
 	endif;
 }
@@ -920,11 +911,11 @@ jQuery(function($){
 <div id="media-items">
 <?php echo get_media_items($post_id, $errors); ?>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />
-<input type="submit" class="button insert-gallery" name="insert-gallery" value="<?php _e('Insert gallery into post'); ?>" />
-<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
-<input type="hidden" name="type" value="<?php echo $GLOBALS['type']; ?>" />
-<input type="hidden" name="tab" value="<?php echo $GLOBALS['tab']; ?>" />
+<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
+<input type="submit" class="button insert-gallery" name="insert-gallery" value="<?php echo attribute_escape( __( 'Insert gallery into post' ) ); ?>" />
+<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
+<input type="hidden" name="type" value="<?php echo attribute_escape( $GLOBALS['type'] ); ?>" />
+<input type="hidden" name="tab" value="<?php echo attribute_escape( $GLOBALS['tab'] ); ?>" />
 </form>
 <?php
 }
@@ -951,14 +942,14 @@ function media_upload_library_form($errors) {
 ?>
 
 <form id="filter" action="" method="get">
-<input type="hidden" name="type" value="<?php echo $type; ?>" />
-<input type="hidden" name="tab" value="<?php echo $tab; ?>" />
-<input type="hidden" name="post_id" value="<?php echo $post_id; ?>" />
-<input type="hidden" name="post_mime_type" value="<?php echo wp_specialchars($_GET['post_mime_type'], true); ?>" />
+<input type="hidden" name="type" value="<?php echo attribute_escape( $type ); ?>" />
+<input type="hidden" name="tab" value="<?php echo attribute_escape( $tab ); ?>" />
+<input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" />
+<input type="hidden" name="post_mime_type" value="<?php echo attribute_escape( $_GET['post_mime_type'] ); ?>" />
 
 <div id="search-filter">
 	<input type="text" id="post-search-input" name="s" value="<?php the_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Media' ); ?>" class="button" />
+	<input type="submit" value="<?php echo attribute_escape( __( 'Search Media' ) ); ?>" class="button" />
 </div>
 
 <p>
@@ -1032,15 +1023,15 @@ foreach ($arc_result as $arc_row) {
 	else
 		$default = '';
 
-	echo "<option$default value='$arc_row->yyear$arc_row->mmonth'>";
-	echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear";
+	echo "<option$default value='" . attribute_escape( $arc_row->yyear . $arc_row->mmonth ) . "'>";
+	echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
 	echo "</option>\n";
 }
 ?>
 </select>
 <?php } ?>
 
-<input type="submit" id="post-query-submit" value="<?php _e('Filter &#187;'); ?>" class="button-secondary" />
+<input type="submit" id="post-query-submit" value="<?php echo attribute_escape( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
 
 </div>
 
@@ -1068,8 +1059,8 @@ jQuery(function($){
 <div id="media-items">
 <?php echo get_media_items(null, $errors); ?>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />
-<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
+<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
+<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 </form>
 <?php
 }

wp-admin/includes/post.php

@@ -74,7 +74,7 @@ function edit_post() {
 	if (!isset( $_POST['ping_status'] ))
 		$_POST['ping_status'] = 'closed';
 
-	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mm') as $timeunit ) {
+	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
 		if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
 			$_POST['edit_date'] = '1';
 			break;
@@ -288,7 +288,7 @@ function wp_write_post() {
 	if (!isset( $_POST['ping_status'] ))
 		$_POST['ping_status'] = 'closed';
 
-	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mm') as $timeunit ) {
+	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
 		if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
 			$_POST['edit_date'] = '1';
 			break;
@@ -506,10 +506,9 @@ function _relocate_children( $old_ID, $new_ID ) {
 }
 
 function get_available_post_statuses($type = 'post') {
-	global $wpdb;
+	$stati = wp_count_posts($type);
 
-	$stati = $wpdb->get_col($wpdb->prepare("SELECT DISTINCT post_status FROM $wpdb->posts WHERE post_type = %s", $type));
-	return $stati;
+	return array_keys(get_object_vars($stati));
 }
 
 function wp_edit_posts_query( $q = false ) {

wp-admin/includes/schema.php

@@ -230,7 +230,7 @@ function populate_options() {
 	}
 
 	// 2.0.3
-	add_option('secret', wp_generate_password());
+	add_option('secret', wp_generate_password(64));
 
 	// 2.1
 	add_option('blog_public', '1');

wp-admin/includes/template.php

@@ -55,11 +55,12 @@ function _cat_row( $category, $level, $name_override = false ) {
 	$output = "<tr id='cat-$category->term_id'$class>
 			   <th scope='row' class='check-column'>";
 	if ( absint(get_option( 'default_category' ) ) != $category->term_id ) {
-		$output .= "<input type='checkbox' name='delete[]' value='$category->term_id' /></th>";
+		$output .= "<input type='checkbox' name='delete[]' value='$category->term_id' />";
 	} else {
 		$output .= "&nbsp;";
 	}
-	$output .= "<td>$edit</td>
+	$output .= "</th>
+				<td>$edit</td>
 				<td>$category->description</td>
 				<td class='num'>$posts_count</td>\n\t</tr>\n";
 
@@ -86,11 +87,17 @@ function link_cat_row( $category ) {
 
 	$category->count = number_format_i18n( $category->count );
 	$count = ( $category->count > 0 ) ? "<a href='link-manager.php?cat_id=$category->term_id'>$category->count</a>" : $category->count;
-	$output = "<tr id='link-cat-$category->term_id'$class>" .
-		'<th scope="row" class="check-column"> <input type="checkbox" name="delete[]" value="' . $category->term_id . '" /></th>' .
-		"<td>$edit</td>
-		<td>$category->description</td>
-		<td class='num'>$count</td></tr>";
+	$output = "<tr id='link-cat-$category->term_id'$class>
+			   <th scope='row' class='check-column'>";
+	if ( absint( get_option( 'default_link_category' ) ) != $category->term_id ) {
+		$output .= "<input type='checkbox' name='delete[]' value='$category->term_id' />";
+	} else {
+		$output .= "&nbsp;";
+	}
+	$output .= "</th>
+				<td>$edit</td>
+				<td>$category->description</td>
+				<td class='num'>$count</td></tr>";
 
 	return apply_filters( 'link_cat_row', $output );
 }
@@ -106,93 +113,83 @@ function selected( $selected, $current) {
 }
 
 //
-// Nasty Category Stuff
+// Category Checklists
 //
 
-function sort_cats( $cat1, $cat2 ) {
-	if ( $cat1['checked'] || $cat2['checked'] )
-		return ( $cat1['checked'] && !$cat2['checked'] ) ? -1 : 1;
+// Deprecated. Use wp_link_category_checklist
+function dropdown_categories( $default = 0, $parent = 0, $popular_ids = array() ) {
+	global $post_ID;
+	wp_category_checklist($post_ID);
+}
+
+class Walker_Category_Checklist extends Walker {
+	var $tree_type = 'category';
+	var $db_fields = array ('parent' => 'parent', 'id' => 'term_id'); //TODO: decouple this
+
+	function start_lvl(&$output, $depth, $args) {
+		$indent = str_repeat("\t", $depth);
+		$output .= "$indent<ul class='children'>\n";
+	}
+
+	function end_lvl(&$output, $depth, $args) {
+		$indent = str_repeat("\t", $depth);
+		$output .= "$indent</ul>\n";
+	}
+
+	function start_el(&$output, $category, $depth, $args) {
+		extract($args);
+
+		$class = in_array( $category->term_id, $popular_cats ) ? ' class="popular-category"' : '';
+		$output .= "\n<li id='category-$category->term_id'$class>" . '<label for="in-category-' . $category->term_id . '" class="selectit"><input value="' . $category->term_id . '" type="checkbox" name="post_category[]" id="in-category-' . $category->term_id . '"' . (in_array( $category->term_id, $selected_cats ) ? ' checked="checked"' : "" ) . '/> ' . wp_specialchars( apply_filters('the_category', $category->name )) . '</label>';
+	}
+
+	function end_el(&$output, $category, $depth, $args) {
+		$output .= "</li>\n";
+	}
+}
+
+function wp_category_checklist( $post_id = 0, $descendants_and_self = 0, $selected_cats = false ) {
+	$walker = new Walker_Category_Checklist;
+	$descendants_and_self = (int) $descendants_and_self;
+
+	$args = array();
+	
+	if ( $post_id )
+		$args['selected_cats'] = wp_get_post_categories($post_id);
 	else
-		return strcasecmp( $cat1['cat_name'], $cat2['cat_name'] );
-}
-
-function wp_set_checked_post_categories( $default = 0 ) {
-	global $post_ID, $checked_categories;
-
-	if ( empty($checked_categories) ) {
-		if ( $post_ID ) {
-			$checked_categories = wp_get_post_categories($post_ID);
-
-			if ( count( $checked_categories ) == 0 ) {
-				// No selected categories, strange
-			$checked_categories[] = $default;
-			}
-		} else {
-			$checked_categories[] = $default;
-		}
-	}
-
-}
-function get_nested_categories( $default = 0, $parent = 0 ) {
-	global $checked_categories;
-
-	wp_set_checked_post_categories( $default = 0 );
-
-	if ( is_object($parent) ) { // Hack: if passed a category object, will return nested cats with parent as root
-		$root = array(
-			'children' => get_nested_categories( $default, $parent->term_id ),
-			'cat_ID' => $parent->term_id,
-			'checked' => in_array( $parent->term_id, $checked_categories ),
-			'cat_name' => get_the_category_by_ID( $parent->term_id )
-		);
-		$result = array( $parent->term_id => $root );
+		$args['selected_cats'] = array();
+	if ( is_array( $selected_cats ) )
+		$args['selected_cats'] = $selected_cats;
+	$args['popular_cats'] = get_terms( 'category', array( 'fields' => 'ids', 'orderby' => 'count', 'order' => 'DESC', 'number' => 10, 'hierarchical' => false ) );
+	if ( $descendants_and_self ) {
+		$categories = get_categories( "child_of=$descendants_and_self&hierarchical=0&hide_empty=0" );
+		$self = get_category( $descendants_and_self );
+		array_unshift( $categories, $self );
 	} else {
-		$parent = (int) $parent;
-
-		$cats = get_categories("parent=$parent&hide_empty=0&fields=ids");
-
-		$result = array();
-		if ( is_array( $cats ) ) {
-			foreach ( $cats as $cat ) {
-				$result[$cat]['children'] = get_nested_categories( $default, $cat );
-				$result[$cat]['cat_ID'] = $cat;
-				$result[$cat]['checked'] = in_array( $cat, $checked_categories );
-				$result[$cat]['cat_name'] = get_the_category_by_ID( $cat );
-			}
-		}
+		$categories = get_categories('get=all');
 	}
 
-	$result = apply_filters('get_nested_categories', $result);
-	usort( $result, 'sort_cats' );
+	$args = array($categories, 0, $args);
+	$output = call_user_func_array(array(&$walker, 'walk'), $args);
 
-	return $result;
-}
-
-function write_nested_categories( $categories ) {
-	foreach ( $categories as $category ) {
-		echo "\n", '<li id="category-', $category['cat_ID'], '"><label for="in-category-', $category['cat_ID'], '" class="selectit"><input value="', $category['cat_ID'], '" type="checkbox" name="post_category[]" id="in-category-', $category['cat_ID'], '"', ($category['checked'] ? ' checked="checked"' : "" ), '/> ', wp_specialchars( apply_filters('the_category', $category['cat_name'] )), '</label>';
-
-		if ( $category['children'] ) {
-			echo "\n<ul>";
-			write_nested_categories( $category['children'] );
-			echo "\n</ul>";
-		}
-		echo '</li>';
-	}
-}
-
-function dropdown_categories( $default = 0, $parent = 0 ) {
-	write_nested_categories( get_nested_categories( $default, $parent ) );
+	echo $output;
 }
 
 function wp_popular_terms_checklist( $taxonomy, $default = 0, $number = 10 ) {
-	$categories = get_terms( $taxonomy, array( 'orderby' => 'count', 'order' => 'DESC', 'number' => $number ) );
+	global $post_ID;
+	if ( $post_ID )
+		$checked_categories = wp_get_post_categories($post_ID);
+	else
+		$checked_categories = array();
+	$categories = get_terms( $taxonomy, array( 'orderby' => 'count', 'order' => 'DESC', 'number' => $number, 'hierarchical' => false ) );
 
+	$popular_ids = array();
 	foreach ( (array) $categories as $category ) {
+		$popular_ids[] = $category->term_id;
 		$id = "popular-category-$category->term_id";
 		?>
 
-		<li id="<?php echo $id; ?>" >
+		<li id="<?php echo $id; ?>" class="popular-category">
 			<label class="selectit" for="in-<?php echo $id; ?>">
 			<input id="in-<?php echo $id; ?>" type="checkbox" value="<?php echo (int) $category->term_id; ?>" />
 				<?php echo wp_specialchars( apply_filters( 'the_category', $category->name ) ); ?>
@@ -201,11 +198,17 @@ function wp_popular_terms_checklist( $taxonomy, $default = 0, $number = 10 ) {
 
 		<?php
 	}
+	return $popular_ids;
 }
 
+// Deprecated. Use wp_link_category_checklist
 function dropdown_link_categories( $default = 0 ) {
 	global $link_id;
 
+	wp_link_category_checklist($link_id);
+}
+
+function wp_link_category_checklist( $link_id = 0 ) {
 	if ( $link_id ) {
 		$checked_categories = wp_get_link_cats($link_id);
 
@@ -585,7 +588,7 @@ function _wp_get_comment_list( $status = '', $s = false, $start, $num ) {
 	elseif ( 'spam' == $status )
 		$approved = "comment_approved = 'spam'";
 	else
-		$approved = "comment_approved != 'spam'";
+		$approved = "( comment_approved = '0' OR comment_approved = '1' )";
 
 	if ( $s ) {
 		$s = $wpdb->escape($s);
@@ -1049,7 +1052,7 @@ function add_meta_box($id, $title, $callback, $page, $context = 'advanced') {
 	if ( !isset($wp_meta_boxes[$page][$context]) )
 		$wp_meta_boxes[$page][$context] = array();
 
-	$wp_meta_boxes[$page][$context][] = array('id' => $id, 'title' => $title, 'callback' => $callback);
+	$wp_meta_boxes[$page][$context][$id] = array('id' => $id, 'title' => $title, 'callback' => $callback);
 }
 
 function do_meta_boxes($page, $context, $object) {

wp-admin/includes/upgrade.php

@@ -62,13 +62,13 @@ function wp_install_defaults($user_id) {
 
 	// Default category
 	$cat_name = $wpdb->escape(__('Uncategorized'));
-	$cat_slug = sanitize_title(__('Uncategorized'));
+	$cat_slug = sanitize_title(_c('Uncategorized|Default category slug'));
 	$wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')");
 	$wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('1', 'category', '', '0', '1')");
 
 	// Default link category
 	$cat_name = $wpdb->escape(__('Blogroll'));
-	$cat_slug = sanitize_title(__('Blogroll'));
+	$cat_slug = sanitize_title(_c('Blogroll|Default link category slug'));
 	$wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')");
 	$wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('2', 'link_category', '', '0', '7')");
 
@@ -98,7 +98,7 @@ function wp_install_defaults($user_id) {
 	$now = date('Y-m-d H:i:s');
 	$now_gmt = gmdate('Y-m-d H:i:s');
 	$first_post_guid = get_option('home') . '/?p=1';
-	$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, comment_count, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(__('hello-world'))."', '$now', '$now_gmt', '$first_post_guid', '1', '', '', '')");
+	$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, comment_count, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(_c('hello-world|Default post slug'))."', '$now', '$now_gmt', '$first_post_guid', '1', '', '', '')");
 	$wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 1)" );
 
 	// Default comment
@@ -106,7 +106,7 @@ function wp_install_defaults($user_id) {
 
 	// First Page
 	$first_post_guid = get_option('home') . '/?page_id=2';
-	$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, post_status, post_type, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt','$first_post_guid', 'publish', 'page', '', '', '')");
+	$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, post_status, post_type, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(_c('about|Default page slug'))."', '$now', '$now_gmt','$first_post_guid', 'publish', 'page', '', '', '')");
 }
 endif;
 
@@ -202,6 +202,9 @@ function upgrade_all() {
 	if ( $wp_current_db_version < 7499 )
 		upgrade_250();
 
+	if ( $wp_current_db_version < 7796 )
+		upgrade_251();
+
 	maybe_disable_automattic_widgets();
 
 	$wp_rewrite->flush_rules();
@@ -729,6 +732,13 @@ function upgrade_250() {
 	
 }
 
+function upgrade_251() {
+	global $wp_current_db_version;
+
+	// Make the secret longer
+	update_option('secret', wp_generate_password(64));
+}
+
 // The functions we use to actually do stuff
 
 // General

wp-admin/includes/widgets.php

@@ -21,7 +21,7 @@ function wp_list_widgets( $show = 'all', $_search = false ) {
 		$no_widgets_shown = true;
 		$already_shown = array();
 		foreach ( $wp_registered_widgets as $name => $widget ) :
-			if ( in_array( $widget['callback'], $already_shown ) ) // We already showed this multi-widget
+			if ( 'all' == $show && in_array( $widget['callback'], $already_shown ) ) // We already showed this multi-widget
 				continue;
 
 			if ( $search_terms ) {
@@ -47,7 +47,7 @@ function wp_list_widgets( $show = 'all', $_search = false ) {
 				continue;
 
 			ob_start();
-				$args = wp_list_widget_controls_dynamic_sidebar( array( 0 => array( 'widget_id' => $widget['id'], 'widget_name' => $widget['name'], '_display' => 'template' ) ) );
+				$args = wp_list_widget_controls_dynamic_sidebar( array( 0 => array( 'widget_id' => $widget['id'], 'widget_name' => $widget['name'], '_display' => 'template', '_show' => $show ), 1 => $widget['params'][0] ) );
 				$sidebar_args = call_user_func_array( 'wp_widget_control', $args );
 			$widget_control_template = ob_get_contents();
 			ob_end_clean();
@@ -61,7 +61,7 @@ function wp_list_widgets( $show = 'all', $_search = false ) {
 					'key' => false,
 					'edit' => false
 				);
-				if ( $is_multi ) {
+				if ( 'all' == $show && $is_multi ) {
 					// it's a multi-widget.  We only need to show it in the list once.
 					$already_shown[] = $widget['callback'];
 					$num = (int) array_pop( explode( '-', $widget['id'] ) );
@@ -92,12 +92,17 @@ function wp_list_widgets( $show = 'all', $_search = false ) {
 
 			$no_widgets_shown = false;
 
+
+			if ( 'all' != $show && $sidebar_args['_widget_title'] )
+				$widget_title = $sidebar_args['_widget_title'];
+			else
+				$widget_title = $widget['name'];
 		?>
 
 		<li id="widget-list-item-<?php echo attribute_escape( $widget['id'] ); ?>" class="widget-list-item">
 			<h4 class="widget-title widget-draggable">
 
-				<?php echo wp_specialchars( $widget['name'] ); ?>
+				<?php echo $widget_title; ?>
 
 				<?php if ( 'add' == $action ) : ?>
 
@@ -192,7 +197,7 @@ function wp_widget_control( $sidebar_args ) {
 
 	$id_format = $widget['id'];
 	// We aren't showing a widget control, we're outputing a template for a mult-widget control
-	if ( 'template' == $sidebar_args['_display'] && isset($control['params'][0]['number']) ) {
+	if ( 'all' == $sidebar_args['_show'] && 'template' == $sidebar_args['_display'] && isset($control['params'][0]['number']) ) {
 		// number == -1 implies a template where id numbers are replaced by a generic '%i%'
 		$control['params'][0]['number'] = -1;
 		// if given, id_base means widget id's should be constructed like {$id_base}-{$id_number}
@@ -202,7 +207,7 @@ function wp_widget_control( $sidebar_args ) {
 
 	$widget_title = '';
 	// We grab the normal widget output to find the widget's title
-	if ( is_callable( $widget['_callback'] ) ) {
+	if ( ( 'all' != $sidebar_args['_show'] || 'template' != $sidebar_args['_display'] ) && is_callable( $widget['_callback'] ) ) {
 		ob_start();
 		$args = func_get_args();
 		call_user_func_array( $widget['_callback'], $args );
@@ -212,11 +217,13 @@ function wp_widget_control( $sidebar_args ) {
 	$wp_registered_widgets[$widget_id]['callback'] = $wp_registered_widgets[$widget_id]['_callback'];
 	unset($wp_registered_widgets[$widget_id]['_callback']);
 
-	if ( $widget_title && $widget_title != $control['name'] )
+	if ( $widget_title && $widget_title != $sidebar_args['widget_name'] )
 		$widget_title = sprintf( _c('%1$s: %2$s|1: widget name, 2: widget title' ), $sidebar_args['widget_name'], $widget_title );
 	else
 		$widget_title = wp_specialchars( strip_tags( $sidebar_args['widget_name'] ) );
 
+	$sidebar_args['_widget_title'] = $widget_title;
+
 	if ( empty($sidebar_args['_display']) || 'template' != $sidebar_args['_display'] )
 		echo $sidebar_args['before_widget'];
 ?>
@@ -270,7 +277,8 @@ function wp_widget_control_ob_filter( $string ) {
 	if ( false === $end = strpos( $string, '%END_OF_TITLE%' ) )
 		return '';
 	$string = substr( $string, $beg + 14 , $end - $beg - 14);
-	return wp_specialchars( strip_tags( $string ) );
+	$string = str_replace( '&nbsp;', ' ', $string );
+	return trim( wp_specialchars( strip_tags( $string ) ) );
 }
 
 function widget_css() {

wp-admin/index.php

@@ -9,12 +9,18 @@ wp_dashboard_setup();
 function index_js() {
 ?>
 <script type="text/javascript">
-	jQuery(function() {
-		jQuery('#dashboard_incoming_links div.dashboard-widget-content').not( '.dashboard-widget-control' ).find( '.widget-loading' ).parent().load('index-extra.php?jax=incominglinks');
-		jQuery('#dashboard_primary div.dashboard-widget-content').not( '.dashboard-widget-control' ).find( '.widget-loading' ).parent().load('index-extra.php?jax=devnews');
-		jQuery('#dashboard_secondary div.dashboard-widget-content').not( '.dashboard-widget-control' ).find( '.widget-loading' ).parent().load('index-extra.php?jax=planetnews');
-		jQuery('#dashboard_plugins div.dashboard-widget-content').not( '.dashboard-widget-control' ).find( '.widget-loading' ).parent().load('index-extra.php?jax=plugins');
-	});
+jQuery(function($) {
+	var ajaxWidgets = {
+		dashboard_incoming_links: 'incominglinks',
+		dashboard_primary: 'devnews',
+		dashboard_secondary: 'planetnews',
+		dashboard_plugins: 'plugins'
+	};
+	$.each( ajaxWidgets, function(i,a) {
+		var e = jQuery('#' + i + ' div.dashboard-widget-content').not('.dashboard-widget-control').find('.widget-loading');
+		if ( e.size() ) { e.parent().load('index-extra.php?jax=' + a); }
+	} );
+});
 </script>
 <?php
 }

wp-admin/js/editor.js

@@ -13,7 +13,7 @@ wpEditorInit = function() {
 switchEditors = {
 
     saveCallback : function(el, content, body) {
-    
+
         document.getElementById(el).style.color = '#fff';
         if ( tinyMCE.activeEditor.isHidden() ) 
             content = document.getElementById(el).value;
@@ -26,8 +26,14 @@ switchEditors = {
     pre_wpautop : function(content) {
         // We have a TON of cleanup to do. Line breaks are already stripped.
 
+        // Protect pre|script tags
+        content = content.replace(/<(pre|script)[^>]*>[\s\S]+?<\/\1>/g, function(a) {
+            a = a.replace(/<br ?\/?>[\r\n]*/g, '<wp_temp>');
+            return a.replace(/<\/?p( [^>]*)?>[\r\n]*/g, '<wp_temp>');
+        });
+
         // Pretty it up for the source editor
-        var blocklist1 = 'blockquote|ul|ol|li|table|thead|tbody|tr|th|td|div|h[1-6]|pre|p';
+        var blocklist1 = 'blockquote|ul|ol|li|table|thead|tbody|tr|th|td|div|h[1-6]|p';
         content = content.replace(new RegExp('\\s*</('+blocklist1+')>\\s*', 'mg'), '</$1>\n');
         content = content.replace(new RegExp('\\s*<(('+blocklist1+')[^>]*)>', 'mg'), '\n<$1>');
 
@@ -46,7 +52,7 @@ switchEditors = {
         // Fix some block element newline issues
         content = content.replace(new RegExp('\\s*<div', 'mg'), '\n<div');
         content = content.replace(new RegExp('</div>\\s*', 'mg'), '</div>\n');
-        
+
         var blocklist2 = 'blockquote|ul|ol|li|table|thead|tr|th|td|h[1-6]|pre';
         content = content.replace(new RegExp('\\s*<(('+blocklist2+') ?[^>]*)\\s*>', 'mg'), '\n<$1>');
         content = content.replace(new RegExp('\\s*</('+blocklist2+')>\\s*', 'mg'), '</$1>\n');
@@ -65,6 +71,9 @@ switchEditors = {
         content = content.replace(new RegExp('^\\s*', ''), '');
         content = content.replace(new RegExp('\\s*$', ''), '');
 
+        // put back the line breaks in pre|script
+        content = content.replace(/<wp_temp>/g, '\n');
+
         // Hope.
         return content;
     },
@@ -109,7 +118,7 @@ switchEditors = {
 				ec.style.padding = '6px';
             }
 
-			ta.style.color = '';
+            ta.style.color = '';
             this.wpSetDefaultEditor('html');
         }
     },
@@ -148,15 +157,21 @@ switchEditors = {
         pee = pee.replace(new RegExp('<p>\\s*?</p>', 'gi'), '');
         pee = pee.replace(new RegExp('<p>\\s*(</?(?:'+blocklist+')[^>]*>)\\s*</p>', 'gi'), "$1");
         pee = pee.replace(new RegExp("<p>(<li.+?)</p>", 'gi'), "$1");
-        pee = pee.replace(new RegExp('<p><blockquote([^>]*)>', 'gi'), "<blockquote$1><p>");
-        pee = pee.replace(new RegExp('</blockquote></p>', 'gi'), '</p></blockquote>');
+        pee = pee.replace(new RegExp('<p>\\s*<blockquote([^>]*)>', 'gi'), "<blockquote$1><p>");
+        pee = pee.replace(new RegExp('</blockquote>\\s*</p>', 'gi'), '</p></blockquote>');
         pee = pee.replace(new RegExp('<p>\\s*(</?(?:'+blocklist+')[^>]*>)', 'gi'), "$1");
         pee = pee.replace(new RegExp('(</?(?:'+blocklist+')[^>]*>)\\s*</p>', 'gi'), "$1");
         pee = pee.replace(new RegExp('\\s*\\n', 'gi'), "<br />\n");
         pee = pee.replace(new RegExp('(</?(?:'+blocklist+')[^>]*>)\\s*<br />', 'gi'), "$1");
         pee = pee.replace(new RegExp('<br />(\\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)>)', 'gi'), '$1');
-        pee = pee.replace(new RegExp('^((?:&nbsp;)*)\\s', 'mg'), '$1&nbsp;');
-        //pee = pee.replace(new RegExp('(<pre.*?>)(.*?)</pre>!ise', " stripslashes('$1') .  stripslashes(clean_pre('$2'))  . '</pre>' "); // Hmm...
-        return pee;
+        // pee = pee.replace(new RegExp('^((?:&nbsp;)*)\\s', 'mg'), '$1&nbsp;');
+
+        // Fix the pre|script tags	   
+        pee = pee.replace(/<(pre|script)[^>]*>[\s\S]+?<\/\1>/g, function(a) {
+			a = a.replace(/<br ?\/?>[\r\n]*/g, '\n');
+			return a.replace(/<\/?p( [^>]*)?>[\r\n]*/g, '\n');
+        });
+
+	    return pee;
     }
 }

wp-admin/js/post.js

@@ -118,6 +118,10 @@ jQuery(document).ready( function() {
 		jQuery('#in-category-' + id + ', #in-popular-category-' + id).attr( 'checked', c );
 		noSyncChecks = false;
 	};
+	var catAddBefore = function( s ) {
+		s.data += '&' + jQuery( '#categorychecklist :checked' ).serialize();
+		return s;
+	};
 	var catAddAfter = function( r, s ) {
 		if ( !newCatParent ) newCatParent = jQuery('#newcat_parent');
 		if ( !newCatParentOption ) newCatParentOption = newCatParent.find( 'option[value=-1]' );
@@ -127,7 +131,7 @@ jQuery(document).ready( function() {
 				var th = jQuery(this);
 				var val = th.find('input').val();
 				var id = th.find('input')[0].id
-				jQuery('#' + id).change( syncChecks );
+				jQuery('#' + id).change( syncChecks ).change();
 				if ( newCatParent.find( 'option[value=' + val + ']' ).size() )
 					return;
 				var name = jQuery.trim( th.text() );
@@ -140,6 +144,7 @@ jQuery(document).ready( function() {
 	jQuery('#categorychecklist').wpList( {
 		alt: '',
 		response: 'category-ajax-response',
+		addBefore: catAddBefore,
 		addAfter: catAddAfter
 	} );
 	jQuery('#category-add-toggle').click( function() {
@@ -148,7 +153,7 @@ jQuery(document).ready( function() {
 		jQuery('#newcat').focus();
 		return false;
 	} );
-	jQuery('.categorychecklist :checkbox').change( syncChecks ).filter( ':checked' ).change();
+	jQuery('.categorychecklist .popular-category :checkbox').change( syncChecks ).filter( ':checked' ).change();
 
 	jQuery('.edit-timestamp').click(function () {
 		if (jQuery('#timestampdiv').is(":hidden")) {

wp-admin/js/widgets.js

@@ -11,7 +11,7 @@ jQuery(function($) {
 		var widgetAnim = $.browser.msie ? function() {
 			var t = $(this);
 			if ( t.is(':visible') ) {
-				if ( disableFields ) { t.find( ':enabled' ).not( '[name="widget-id[]"], [name*="[submit]"]' ).attr( 'disabled', 'disabled' ); }
+				if ( disableFields ) { t.find( ':input:enabled' ).not( '[name="widget-id[]"], [name*="[submit]"]' ).attr( 'disabled', 'disabled' ); }
 				li.css( 'marginLeft', 0 );
 				t.siblings('h4').children('a').text( widgetsL10n.edit );
 			} else {
@@ -25,7 +25,7 @@ jQuery(function($) {
 			var t = $(this);
 
 			if ( t.is(':visible') ) {
-				if ( disableFields ) { t.find( ':enabled' ).not( '[name="widget-id[]"], [name*="[submit]"]' ).attr( 'disabled', 'disabled' ); }
+				if ( disableFields ) { t.find( ':input:enabled' ).not( '[name="widget-id[]"], [name*="[submit]"]' ).attr( 'disabled', 'disabled' ); }
 				if ( width > 250 )
 					li.animate( { marginLeft: 0 } );
 				t.siblings('h4').children('a').text( widgetsL10n.edit );

wp-admin/media.php

@@ -9,8 +9,14 @@ wp_reset_vars(array('action'));
 
 switch( $action ) :
 case 'editattachment' :
-	$errors = media_upload_form_handler();
 	$attachment_id = (int) $_POST['attachment_id'];
+	check_admin_referer('media-form');
+
+	if ( !current_user_can('edit_post', $attachment_id) )
+		wp_die ( __('You are not allowed to edit this attachment.') );
+
+	$errors = media_upload_form_handler();
+
 	if ( empty($errors) ) {
 		$location = 'media.php';
 		if ( $referer = wp_get_original_referer() ) {
@@ -39,6 +45,10 @@ case 'edit' :
 		exit();
 	}
 	$att_id = (int) $_GET['attachment_id'];
+
+	if ( !current_user_can('edit_post', $att_id) )
+		wp_die ( __('You are not allowed to edit this attachment.') );
+
 	$att = get_post($att_id);
 
 	add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2);

wp-admin/menu.php

@@ -20,7 +20,8 @@ elseif (strpos($_SERVER['REQUEST_URI'], 'link-add.php') !== false)
 else
 	$menu[10] = array(__('Manage'), 'edit_posts', 'edit.php');
 
-$awaiting_mod = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'");
+$awaiting_mod = wp_count_comments();
+$awaiting_mod = $awaiting_mod->moderated;
 $menu[15] = array(__('Design'), 'switch_themes', 'themes.php');
 $menu[20] = array( sprintf( __('Comments %s'), "<span id='awaiting-mod' class='count-$awaiting_mod'><span class='comment-count'>$awaiting_mod</span></span>" ), 'edit_posts', 'edit-comments.php');
 $menu[30] = array(__('Settings'), 'manage_options', 'options-general.php');
@@ -52,6 +53,7 @@ if ( current_user_can('edit_users') ) {
 	$submenu['users.php'][5] = array(__('Authors &amp; Users'), 'edit_users', 'users.php');
 	$submenu['users.php'][10] = array(__('Your Profile'), 'read', 'profile.php');
 } else {
+	$_wp_real_parent_file['users.php'] = 'profile.php';
 	$submenu['profile.php'][5] = array(__('Your Profile'), 'read', 'profile.php');
 }
 

wp-admin/page.php

@@ -8,8 +8,10 @@ wp_reset_vars(array('action'));
 
 function redirect_page($page_ID) {
 	$referredby = '';
-	if ( !empty($_POST['referredby']) )
+	if ( !empty($_POST['referredby']) ) {
 		$referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
+		$referredby = remove_query_arg('_wp_original_http_referer', $referredby);
+	}
 	$referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
 
 	if ( 'post' == $_POST['originalaction'] && !empty($_POST['mode']) && 'bookmarklet' == $_POST['mode'] ) {
@@ -31,6 +33,7 @@ function redirect_page($page_ID) {
 		$location = $location[0] . '#postcustom';
 	} elseif (!empty($referredby) && $referredby != $referer) {
 		$location = $_POST['referredby'];
+		$location = remove_query_arg('_wp_original_http_referer', $location);
 		if ( $_POST['referredby'] == 'redo' )
 			$location = get_permalink( $page_ID );
 		elseif ( false !== strpos($location, 'edit-pages.php') )
@@ -80,15 +83,18 @@ case 'edit':
 		wp_enqueue_script('editor');
 	wp_enqueue_script('thickbox');
 	wp_enqueue_script('media-upload');
-	if ( $last = wp_check_post_lock( $post->ID ) ) {
-		$last_user = get_userdata( $last );
-		$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
-		$message = sprintf( __( 'Warning: %s is currently editing this page' ), wp_specialchars( $last_user_name ) );
-		$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
-		add_action('admin_notices', create_function( '', "echo '$message';" ) );
-	} else {
-		wp_set_post_lock( $post->ID );
-		wp_enqueue_script('autosave');
+
+	if ( current_user_can('edit_page', $page_ID) ) {
+		if ( $last = wp_check_post_lock( $post->ID ) ) {
+			$last_user = get_userdata( $last );
+			$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
+			$message = sprintf( __( 'Warning: %s is currently editing this page' ), wp_specialchars( $last_user_name ) );
+			$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
+			add_action('admin_notices', create_function( '', "echo '$message';" ) );
+		} else {
+			wp_set_post_lock( $post->ID );
+			wp_enqueue_script('autosave');
+		}
 	}
 
 	require_once('admin-header.php');

wp-admin/post.php

@@ -10,8 +10,10 @@ function redirect_post($post_ID = '') {
 	global $action;
 
 	$referredby = '';
-	if ( !empty($_POST['referredby']) )
+	if ( !empty($_POST['referredby']) ) {
 		$referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
+		$referredby = remove_query_arg('_wp_original_http_referer', $referredby);
+	}
 	$referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
 
 	if ( !empty($_POST['mode']) && 'bookmarklet' == $_POST['mode'] ) {
@@ -33,6 +35,7 @@ function redirect_post($post_ID = '') {
 		$location = $location[0] . '#postcustom';
 	} elseif (!empty($referredby) && $referredby != $referer) {
 		$location = $_POST['referredby'];
+		$location = remove_query_arg('_wp_original_http_referer', $location);
 		if ( $_POST['referredby'] == 'redo' )
 			$location = get_permalink( $post_ID );
 		elseif ( false !== strpos($location, 'edit.php') )
@@ -87,15 +90,18 @@ case 'edit':
 		wp_enqueue_script('editor');
 	wp_enqueue_script('thickbox');
 	wp_enqueue_script('media-upload');
-	if ( $last = wp_check_post_lock( $post->ID ) ) {
-		$last_user = get_userdata( $last );
-		$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
-		$message = sprintf( __( 'Warning: %s is currently editing this post' ), wp_specialchars( $last_user_name ) );
-		$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
-		add_action('admin_notices', create_function( '', "echo '$message';" ) );
-	} else {
-		wp_set_post_lock( $post->ID );
-		wp_enqueue_script('autosave');
+
+	if ( current_user_can('edit_post', $post_ID) ) {
+		if ( $last = wp_check_post_lock( $post->ID ) ) {
+			$last_user = get_userdata( $last );
+			$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
+			$message = sprintf( __( 'Warning: %s is currently editing this post' ), wp_specialchars( $last_user_name ) );
+			$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
+			add_action('admin_notices', create_function( '', "echo '$message';" ) );
+		} else {
+			wp_set_post_lock( $post->ID );
+			wp_enqueue_script('autosave');
+		}
 	}
 
 	require_once('admin-header.php');

wp-admin/rtl.css

@@ -114,6 +114,12 @@ p#post-search
 	float:right!important
 }
 
+.tablenav .delete 
+{
+	margin-left: 40px;
+	margin-right: 0;
+}
+
 ul.view-switch
 {
 	float:left;

wp-admin/users.php

@@ -362,9 +362,9 @@ foreach ( $wp_user_search->get_results() as $userid ) {
 <br class="clear" />
 </div>
 
-</form>
 <?php endif; ?>
 
+</form>
 </div>
 
 <?php
@@ -378,6 +378,7 @@ foreach ( $wp_user_search->get_results() as $userid ) {
 ?>
 
 <br class="clear" />
+<?php if ( current_user_can('create_users') ) { ?>
 
 <div class="wrap">
 <h2 id="add-new-user"><?php _e('Add New User') ?></h2>
@@ -452,6 +453,7 @@ foreach ( $wp_user_search->get_results() as $userid ) {
 </div>
 
 <?php
+}
 break;
 
 } // end of the $action switch

wp-admin/widgets.php

@@ -18,7 +18,7 @@ if ( isset($_GET['sidebar']) && isset($wp_registered_sidebars[$_GET['sidebar']])
 	$sidebar = attribute_escape( $_GET['sidebar'] );
 } elseif ( is_array($wp_registered_sidebars) && !empty($wp_registered_sidebars) ) {
 	// By default we look at the first defined sidebar
-	$sidebar = array_shift( array_keys($wp_registered_sidebars) );
+	$sidebar = array_shift( $keys = array_keys($wp_registered_sidebars) );
 } else {
 	// If no sidebars, die.
 	require_once( 'admin-header.php' );
@@ -317,5 +317,7 @@ if ( isset($_GET['message']) && isset($messages[$_GET['message']]) ) : ?>
 
 <?php do_action( 'sidebar_admin_page' ); ?>
 
+<br class="clear" />
+
 <?php require_once( 'admin-footer.php' ); ?>
 

wp-admin/wp-admin.css

@@ -34,8 +34,8 @@ form#upload #post_content, form#upload #post_title {
 }
 
 .form-invalid input {
-	border-width: 1px; !important
-	border-style: solid; !important
+	border-width: 1px !important;
+	border-style: solid !important;
 }
 
 
@@ -879,6 +879,10 @@ html, body {
 	margin-bottom: 6px;
 }
 
+#profile-page .form-table input[type=text] { 
+	width: 300px;
+}
+
 #pass-strength-result {
 	width: 197px;
 	float: left;
@@ -1436,7 +1440,7 @@ ul.view-switch li.current {
 	background-image: url(images/tail.gif);
 	background-repeat: no-repeat;
 	background-position: 15px bottom;
-	background-color: thansparent;
+	background-color: transparent;
 }
 
 #tTips p#tTips_inside {

wp-config-sample.php

@@ -8,8 +8,8 @@ define('DB_CHARSET', 'utf8');
 define('DB_COLLATE', '');
 
 // Change SECRET_KEY to a unique phrase.  You won't have to remember it later,
-// so make it long and complicated.  You can visit https://www.grc.com/passwords.htm
-// to get a phrase generated for you, or just make something up.
+// so make it long and complicated.  You can visit http://api.wordpress.org/secret-key/1.0/
+// to get a secret key generated for you, or just make something up.
 define('SECRET_KEY', 'put your unique phrase here'); // Change this to a unique phrase.
 
 // You can have multiple installations in one database if you give each a unique prefix

wp-includes/class-IXR.php

@@ -571,7 +571,7 @@ class IXR_Error {
     var $message;
     function IXR_Error($code, $message) {
         $this->code = $code;
-        $this->message = $message;
+        $this->message = htmlspecialchars($message);
     }
     function getXml() {
         $xml = <<<EOD

wp-includes/classes.php

@@ -395,26 +395,26 @@ class Walker {
 	var $db_fields;
 
 	//abstract callbacks
-	function start_lvl($output) { return $output; }
-	function end_lvl($output)   { return $output; }
-	function start_el($output)  { return $output; }
-	function end_el($output)    { return $output; }
+	function start_lvl(&$output) {}
+	function end_lvl(&$output)   {}
+	function start_el(&$output)  {}
+	function end_el(&$output)    {}
 
 	/*
  	 * display one element if the element doesn't have any children
  	 * otherwise, display the element and its children
  	 */
-	function display_element( $element, &$children_elements, $max_depth, $depth=0, $args, $output ) {
+	function display_element( $element, &$children_elements, $max_depth, $depth=0, $args, &$output ) {
 
-		if ( !$element)
-			return $output;
+		if ( !$element )
+			return;
 
 		$id_field = $this->db_fields['id'];
 		$parent_field = $this->db_fields['parent'];
 
 		//display this element
-		$cb_args = array_merge( array($output, $element, $depth), $args);
-		$output = call_user_func_array(array(&$this, 'start_el'), $cb_args);
+		$cb_args = array_merge( array(&$output, $element, $depth), $args);
+		call_user_func_array(array(&$this, 'start_el'), $cb_args);
 
 		if ( $max_depth == 0 ||
 		     ($max_depth != 0 &&  $max_depth > $depth+1 )) { //whether to descend
@@ -427,12 +427,12 @@ class Walker {
 					if ( !isset($newlevel) ) {
 						$newlevel = true;
 						//start the child delimiter
-						$cb_args = array_merge( array($output, $depth), $args);
-						$output = call_user_func_array(array(&$this, 'start_lvl'), $cb_args);
+						$cb_args = array_merge( array(&$output, $depth), $args);
+						call_user_func_array(array(&$this, 'start_lvl'), $cb_args);
 					}
 
 					array_splice( $children_elements, $i, 1 );
-					$output = $this->display_element( $child, $children_elements, $max_depth, $depth + 1, $args, $output );
+					$this->display_element( $child, $children_elements, $max_depth, $depth + 1, $args, $output );
 					$i = -1;
 				}
 			}
@@ -440,15 +440,13 @@ class Walker {
 
 		if ( isset($newlevel) && $newlevel ){
 			//end the child delimiter
-			$cb_args = array_merge( array($output, $depth), $args);
-			$output = call_user_func_array(array(&$this, 'end_lvl'), $cb_args);
+			$cb_args = array_merge( array(&$output, $depth), $args);
+			call_user_func_array(array(&$this, 'end_lvl'), $cb_args);
 		}
 
 		//end this element
-		$cb_args = array_merge( array($output, $element, $depth), $args);
-		$output = call_user_func_array(array(&$this, 'end_el'), $cb_args);
-
-		return $output;
+		$cb_args = array_merge( array(&$output, $element, $depth), $args);
+		call_user_func_array(array(&$this, 'end_el'), $cb_args);
 	}
 
 	/*
@@ -476,7 +474,7 @@ class Walker {
 		if ( -1 == $max_depth ) {
 			$empty_array = array();
 			foreach ( $elements as $e )
-				$output = $this->display_element( $e, $empty_array, 1, 0, $args, $output );
+				$this->display_element( $e, $empty_array, 1, 0, $args, $output );
 			return $output;
 		}
 
@@ -512,7 +510,7 @@ class Walker {
 		}
 
 		foreach ( $top_level_elements as $e )
-			$output = $this->display_element( $e, $children_elements, $max_depth, 0, $args, $output );
+			$this->display_element( $e, $children_elements, $max_depth, 0, $args, $output );
 
 		/*
 		* if we are displaying all levels, and remaining children_elements is not empty,
@@ -521,7 +519,7 @@ class Walker {
 		if ( ( $max_depth == 0 ) && sizeof( $children_elements ) > 0 ) {
 			$empty_array = array();
 			foreach ( $children_elements as $orphan_e )
-				$output = $this->display_element( $orphan_e, $empty_array, 1, 0, $args, $output );
+				$this->display_element( $orphan_e, $empty_array, 1, 0, $args, $output );
 		 }
 		 return $output;
 	}
@@ -531,19 +529,17 @@ class Walker_Page extends Walker {
 	var $tree_type = 'page';
 	var $db_fields = array ('parent' => 'post_parent', 'id' => 'ID'); //TODO: decouple this
 
-	function start_lvl($output, $depth) {
+	function start_lvl(&$output, $depth) {
 		$indent = str_repeat("\t", $depth);
 		$output .= "\n$indent<ul>\n";
-		return $output;
 	}
 
-	function end_lvl($output, $depth) {
+	function end_lvl(&$output, $depth) {
 		$indent = str_repeat("\t", $depth);
 		$output .= "$indent</ul>\n";
-		return $output;
 	}
 
-	function start_el($output, $page, $depth, $current_page, $args) {
+	function start_el(&$output, $page, $depth, $current_page, $args) {
 		if ( $depth )
 			$indent = str_repeat("\t", $depth);
 		else
@@ -571,14 +567,10 @@ class Walker_Page extends Walker {
 
 			$output .= " " . mysql2date($date_format, $time);
 		}
-
-		return $output;
 	}
 
-	function end_el($output, $page, $depth) {
+	function end_el(&$output, $page, $depth) {
 		$output .= "</li>\n";
-
-		return $output;
 	}
 
 }
@@ -587,18 +579,16 @@ class Walker_PageDropdown extends Walker {
 	var $tree_type = 'page';
 	var $db_fields = array ('parent' => 'post_parent', 'id' => 'ID'); //TODO: decouple this
 
-	function start_el($output, $page, $depth, $args) {
-				$pad = str_repeat('&nbsp;', $depth * 3);
+	function start_el(&$output, $page, $depth, $args) {
+		$pad = str_repeat('&nbsp;', $depth * 3);
 
-				$output .= "\t<option value=\"$page->ID\"";
-				if ( $page->ID == $args['selected'] )
-								$output .= ' selected="selected"';
-				$output .= '>';
-				$title = wp_specialchars($page->post_title);
-				$output .= "$pad$title";
-				$output .= "</option>\n";
-
-				return $output;
+		$output .= "\t<option value=\"$page->ID\"";
+		if ( $page->ID == $args['selected'] )
+			$output .= ' selected="selected"';
+		$output .= '>';
+		$title = wp_specialchars($page->post_title);
+		$output .= "$pad$title";
+		$output .= "</option>\n";
 	}
 }
 
@@ -606,25 +596,23 @@ class Walker_Category extends Walker {
 	var $tree_type = 'category';
 	var $db_fields = array ('parent' => 'parent', 'id' => 'term_id'); //TODO: decouple this
 
-	function start_lvl($output, $depth, $args) {
+	function start_lvl(&$output, $depth, $args) {
 		if ( 'list' != $args['style'] )
-			return $output;
+			return;
 
 		$indent = str_repeat("\t", $depth);
 		$output .= "$indent<ul class='children'>\n";
-		return $output;
 	}
 
-	function end_lvl($output, $depth, $args) {
+	function end_lvl(&$output, $depth, $args) {
 		if ( 'list' != $args['style'] )
-			return $output;
+			return;
 
 		$indent = str_repeat("\t", $depth);
 		$output .= "$indent</ul>\n";
-		return $output;
 	}
 
-	function start_el($output, $category, $depth, $args) {
+	function start_el(&$output, $category, $depth, $args) {
 		extract($args);
 
 		$cat_name = attribute_escape( $category->name);
@@ -687,16 +675,13 @@ class Walker_Category extends Walker {
 		} else {
 			$output .= "\t$link<br />\n";
 		}
-
-		return $output;
 	}
 
-	function end_el($output, $page, $depth, $args) {
+	function end_el(&$output, $page, $depth, $args) {
 		if ( 'list' != $args['style'] )
-			return $output;
+			return;
 
 		$output .= "</li>\n";
-		return $output;
 	}
 
 }
@@ -705,7 +690,7 @@ class Walker_CategoryDropdown extends Walker {
 	var $tree_type = 'category';
 	var $db_fields = array ('parent' => 'parent', 'id' => 'term_id'); //TODO: decouple this
 
-	function start_el($output, $category, $depth, $args) {
+	function start_el(&$output, $category, $depth, $args) {
 		$pad = str_repeat('&nbsp;', $depth * 3);
 
 		$cat_name = apply_filters('list_cats', $category->name, $category);
@@ -721,8 +706,6 @@ class Walker_CategoryDropdown extends Walker {
 			$output .= '&nbsp;&nbsp;' . gmdate($format, $category->last_update_timestamp);
 		}
 		$output .= "</option>\n";
-
-		return $output;
 	}
 }
 

wp-includes/comment.php

@@ -451,6 +451,11 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age
 function wp_count_comments() {
 	global $wpdb;
 
+	$count = wp_cache_get('comments', 'counts');
+
+	if ( false !== $count )
+		return $count;
+
 	$count = $wpdb->get_results( "SELECT comment_approved, COUNT( * ) AS num_comments FROM {$wpdb->comments} GROUP BY comment_approved", ARRAY_A );
 
 	$stats = array( );
@@ -464,7 +469,10 @@ function wp_count_comments() {
 			$stats[$key] = 0;
 	}
 
-	return (object) $stats;
+	$stats = (object) $stats;
+	wp_cache_set('comments', $stats, 'counts');
+
+	return $stats;
 }
 
 /**

wp-includes/feed-atom.php

@@ -49,7 +49,7 @@ $more = 1;
 <?php atom_enclosure(); ?>
 <?php do_action('atom_entry'); ?>
 		<link rel="replies" type="text/html" href="<?php the_permalink_rss() ?>#comments" thr:count="<?php echo get_comments_number()?>"/>
-		<link rel="replies" type="appication/atom+xml" href="<?php echo get_post_comments_feed_link(0,'atom') ?>" thr:count="<?php echo get_comments_number()?>"/>
+		<link rel="replies" type="application/atom+xml" href="<?php echo get_post_comments_feed_link(0,'atom') ?>" thr:count="<?php echo get_comments_number()?>"/>
 		<thr:total><?php echo get_comments_number()?></thr:total>
 	</entry>
 	<?php endwhile ; ?>

wp-includes/formatting.php

@@ -5,7 +5,7 @@ function wptexturize($text) {
 	$next = true;
 	$output = '';
 	$curl = '';
-	$textarr = preg_split('/(<.*>)/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
+	$textarr = preg_split('/(<.*>|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
 	$stop = count($textarr);
 
 	// if a plugin has provided an autocorrect array, use it
@@ -26,7 +26,7 @@ function wptexturize($text) {
 	for ( $i = 0; $i < $stop; $i++ ) {
  		$curl = $textarr[$i];
 
-		if (isset($curl{0}) && '<' != $curl{0} && $next) { // If it's not a tag
+		if (isset($curl{0}) && '<' != $curl{0} && '[' != $curl{0} && $next) { // If it's not a tag
 			// static strings
 			$curl = str_replace($static_characters, $static_replacements, $curl);
 			// regular expressions
@@ -92,6 +92,7 @@ function wpautop($pee, $br = 1) {
 	if (strpos($pee, '<pre') !== false)
 		$pee = preg_replace_callback('!(<pre.*?>)(.*?)</pre>!is', 'clean_pre', $pee );
 	$pee = preg_replace( "|\n</p>$|", '</p>', $pee );
+	$pee = preg_replace('/<p>\s*?(' . get_shortcode_regex() . ')\s*<\/p>/s', '$1', $pee); // don't auto-p wrap shortcodes that stand alone
 
 	return $pee;
 }
@@ -366,6 +367,15 @@ function sanitize_title_with_dashes($title) {
 	return $title;
 }
 
+// ensures a string is a valid SQL order by clause like: post_name ASC, ID DESC
+// accepts one or more columns, with or without ASC/DESC, and also accepts RAND()
+function sanitize_sql_orderby( $orderby ){
+	preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
+	if ( !$obmatches )
+		return false;
+	return $orderby;
+}
+
 function convert_chars($content, $deprecated = '') {
 	// Translation of invalid Unicode references range to valid range
 	$wp_htmltranswinuni = array(

wp-includes/functions.php

@@ -1142,7 +1142,8 @@ function wp_unique_filename( $dir, $filename, $unique_filename_callback = NULL )
 			$ext = strtolower( ".$ext" );
 
 		$filename = str_replace( $ext, '', $filename );
-		$filename = sanitize_title_with_dashes( $filename ) . $ext;
+		// Strip % so the server doesn't try to decode entities.
+		$filename = str_replace('%', '', sanitize_title_with_dashes( $filename ) ) . $ext;
 
 		while ( file_exists( $dir . "/$filename" ) ) {
 			if ( '' == "$number$ext" )

wp-includes/js/autosave.js

@@ -10,8 +10,7 @@ jQuery(function($) {
 	$("#post").submit(function() { $.cancel(autosavePeriodical); });
 });
 
-// called when autosaving pre-existing post
-function autosave_saved(response) {
+function autosave_parse_response(response) {
 	var res = wpAjax.parseAjaxResponse(response, 'autosave'); // parse the ajax response
 	var message = '';
 
@@ -41,22 +40,29 @@ function autosave_saved(response) {
 	}
 	if ( message ) { jQuery('#autosave').html(message); } // update autosave message
 	else if ( autosaveOldMessage && res ) { jQuery('#autosave').html( autosaveOldMessage ); }
-	autosave_enable_buttons(); // re-enable disabled form buttons
 	return res;
 }
 
+// called when autosaving pre-existing post
+function autosave_saved(response) {
+	autosave_parse_response(response); // parse the ajax response
+	autosave_enable_buttons(); // re-enable disabled form buttons
+}
+
 // called when autosaving new post
 function autosave_saved_new(response) {
-	var res = autosave_saved(response); // parse the ajax response do the above
+	var res = autosave_parse_response(response); // parse the ajax response
 	// if no errors: update post_ID from the temporary value, grab new save-nonce for that new ID
 	if ( res && res.responses.length && !res.errors ) {
 		var tempID = jQuery('#post_ID').val();
 		var postID = parseInt( res.responses[0].id );
-		autosave_update_post_ID( postID );
+		autosave_update_post_ID( postID ); // disabled form buttons are re-enabled here
 		if ( tempID < 0 && postID > 0) // update media buttons
 			jQuery('#media-buttons a').each(function(){
 				this.href = this.href.replace(tempID, postID);
 			});
+	} else {
+		autosave_enable_buttons(); // re-enable disabled form buttons
 	}
 }
 
@@ -73,6 +79,7 @@ function autosave_update_post_ID( postID ) {
 			post_type: jQuery('#post_type').val()
 		}, function(html) {
 			jQuery('#_wpnonce').val(html);
+			autosave_enable_buttons(); // re-enable disabled form buttons
 		});
 		jQuery('#hiddenaction').val('editpost');
 	}
@@ -122,7 +129,7 @@ function autosave_enable_buttons() {
 
 function autosave_disable_buttons() {
 	jQuery("#submitpost :button:enabled, #submitpost :submit:enabled").attr('disabled', 'disabled');
-	setTimeout(autosave_enable_buttons, 1000); // Re-enable 1 sec later.  Just gives autosave a head start to avoid collisions.
+	setTimeout(autosave_enable_buttons, 5000); // Re-enable 5 sec later.  Just gives autosave a head start to avoid collisions.
 }
 
 var autosave = function() {
@@ -175,8 +182,10 @@ var autosave = function() {
 		post_data["comment_status"] = 'open';
 	if ( jQuery("#ping_status").attr("checked") )
 		post_data["ping_status"] = 'open';
-	if( jQuery("#excerpt"))
+	if ( jQuery("#excerpt") )
 		post_data["excerpt"] = jQuery("#excerpt").val();
+	if ( jQuery("#post_author") )
+		post_data["post_author"] = jQuery("#post_author").val();
 
 	// Don't run while the TinyMCE spellcheck is on.  Why?  Who knows.
 	if ( rich && tinyMCE.activeEditor.plugins.spellchecker && tinyMCE.activeEditor.plugins.spellchecker.active ) {

wp-includes/js/swfupload/handlers.js

@@ -12,7 +12,9 @@ function fileQueued(fileObj) {
 		jQuery('.slidetoggle').slideUp(200).siblings().removeClass('hidden');
 	}
 	// Create a progress bar containing the filename
-	jQuery('#media-items').append('<div id="media-item-' + fileObj.id + '" class="media-item child-of-' + post_id + '"><div class="filename original">' + fileObj.name + '</div><div class="progress"><div class="bar"></div></div></div>');
+	jQuery('#media-items').append('<div id="media-item-' + fileObj.id + '" class="media-item child-of-' + post_id + '"><div class="progress"><div class="bar"></div></div><div class="filename original">' + fileObj.name + '</div></div>');
+	// Display the progress div
+	jQuery('#media-item-' + fileObj.id + ' .progress').show();
 
 	// Disable the submit button
 	jQuery('#insert-gallery').attr('disabled', 'disabled');
@@ -24,16 +26,27 @@ function uploadProgress(fileObj, bytesDone, bytesTotal) {
 	// Lengthen the progress bar
 	jQuery('#media-item-' + fileObj.id + ' .bar').width(620*bytesDone/bytesTotal);
 
-	if ( bytesDone== bytesTotal )
-		jQuery('#media-item-' + fileObj.id + ' .bar').html('<strong style="display: block; padding-top: 9px; padding-left: 1em;">' + swfuploadL10n.crunching + '</strong>');
+	if ( bytesDone == bytesTotal )
+		jQuery('#media-item-' + fileObj.id + ' .bar').html('<strong class="crunching">' + swfuploadL10n.crunching + '</strong>');
 }
 
 function prepareMediaItem(fileObj, serverData) {
 	// Move the progress bar to 100%
 	jQuery('#media-item-' + fileObj.id + ' .bar').remove();
+	jQuery('#media-item-' + fileObj.id + ' .progress').hide();
 
-	// Append the HTML returned by the server -- thumbnail and form inputs
-	jQuery('#media-item-' + fileObj.id).append(serverData);
+	// Old style: Append the HTML returned by the server -- thumbnail and form inputs
+	if ( isNaN(serverData) || !serverData ) {
+		jQuery('#media-item-' + fileObj.id).append(serverData);
+		prepareMediaItemInit(fileObj);
+	}
+	// New style: server data is just the attachment ID, fetch the thumbnail and form html from the server
+	else {
+		jQuery('#media-item-' + fileObj.id).load('async-upload.php', {attachment_id:serverData, fetch:1}, function(){prepareMediaItemInit(fileObj);updateMediaForm()});
+	}
+}
+		
+function prepareMediaItemInit(fileObj) {
 
 	// Clone the thumbnail as a "pinkynail" -- a tiny image to the left of the filename
 	jQuery('#media-item-' + fileObj.id + ' .thumbnail').clone().attr('className', 'pinkynail toggle').prependTo('#media-item-' + fileObj.id);
@@ -41,9 +54,6 @@ function prepareMediaItem(fileObj, serverData) {
 	// Replace the original filename with the new (unique) one assigned during upload
 	jQuery('#media-item-' + fileObj.id + ' .filename.original').replaceWith(jQuery('#media-item-' + fileObj.id + ' .filename.new'));
 
-	// Bind toggle function to a new mask over the progress bar area
-	jQuery('#media-item-' + fileObj.id + ' .progress').clone().empty().addClass('clickmask').bind('click', function(){jQuery(this).siblings('.slidetoggle').slideToggle(150);jQuery(this).siblings('.toggle').toggle();}).appendTo('#media-item-' + fileObj.id);
-
 	// Also bind toggle to the links
 	jQuery('#media-item-' + fileObj.id + ' a.toggle').bind('click', function(){jQuery(this).siblings('.slidetoggle').slideToggle(150);jQuery(this).parent().eq(0).children('.toggle').toggle();jQuery(this).siblings('a.toggle').focus();return false;});
 
@@ -96,7 +106,7 @@ function deleteSuccess(data, textStatus) {
 	jQuery('#media-item-' + this.id + ' .filename').append(' <span class="file-error">'+swfuploadL10n.deleted+'</span>').siblings('a.toggle').remove();
 	jQuery('#media-item-' + this.id).children('.describe').css({backgroundColor:'#fff'}).end()
 			.animate({backgroundColor:'#ffc0c0'}, {queue:false,duration:50})
-			.animate({minHeight:0,height:36,}, 400, null, function(){jQuery(this).children('.describe').remove()})
+			.animate({minHeight:0,height:36}, 400, null, function(){jQuery(this).children('.describe').remove()})
 			.animate({backgroundColor:'#fff'}, 400)
 			.animate({height:0}, 800, null, function(){jQuery(this).remove();updateMediaForm();});
 

wp-includes/js/tinymce/plugins/fullscreen/editor_plugin.js

@@ -1 +1 @@
-(function(){var DOM=tinymce.DOM;tinymce.create('tinymce.plugins.FullScreenPlugin',{init:function(ed,url){var t=this,s={},vp;t.editor=ed;ed.addCommand('mceFullScreen',function(){var win,de=document.documentElement;if(ed.getParam('fullscreen_is_enabled')){if(ed.getParam('fullscreen_new_window'))closeFullscreen();else{window.setTimeout(function(){tinymce.dom.Event.remove(window,'resize',t.resizeFunc);tinyMCE.get(ed.getParam('fullscreen_editor_id')).setContent(ed.getContent({format:'raw'}),{format:'raw'});tinyMCE.remove(ed);DOM.remove('mce_fullscreen_container');de.style.overflow=ed.getParam('fullscreen_html_overflow');DOM.setStyle(document.body,'overflow',ed.getParam('fullscreen_overflow'));window.scrollTo(ed.getParam('fullscreen_scrollx'),ed.getParam('fullscreen_scrolly'));tinyMCE.settings=tinyMCE.oldSettings;},10);}return;}if(ed.getParam('fullscreen_new_window')){win=window.open(url+"/fullscreen.htm","mceFullScreenPopup","fullscreen=yes,menubar=no,toolbar=no,scrollbars=no,resizable=yes,left=0,top=0,width="+screen.availWidth+",height="+screen.availHeight);try{win.resizeTo(screen.availWidth,screen.availHeight);}catch(e){}}else{tinyMCE.oldSettings=tinyMCE.settings;s.fullscreen_overflow=DOM.getStyle(document.body,'overflow',1)||'auto';s.fullscreen_html_overflow=DOM.getStyle(de,'overflow',1);vp=DOM.getViewPort();s.fullscreen_scrollx=vp.x;s.fullscreen_scrolly=vp.y;if(tinymce.isOpera&&s.fullscreen_overflow=='visible')s.fullscreen_overflow='auto';if(tinymce.isIE&&s.fullscreen_overflow=='scroll')s.fullscreen_overflow='auto';if(s.fullscreen_overflow=='0px')s.fullscreen_overflow='';DOM.setStyle(document.body,'overflow','hidden');de.style.overflow='hidden';vp=DOM.getViewPort();window.scrollTo(0,0);if(tinymce.isIE)vp.h-=1;n=DOM.add(document.body,'div',{id:'mce_fullscreen_container',style:'position:absolute;top:0;left:0;width:'+vp.w+'px;height:'+vp.h+'px;z-index:150;'});DOM.add(n,'div',{id:'mce_fullscreen'});tinymce.each(ed.settings,function(v,n){s[n]=v;});s.id='mce_fullscreen';s.width=n.clientWidth;s.height=n.clientHeight-15;s.fullscreen_is_enabled=true;s.fullscreen_editor_id=ed.id;s.theme_advanced_resizing=false;s.save_onsavecallback=function(){ed.setContent(tinyMCE.get(s.id).getContent({format:'raw'}),{format:'raw'});ed.execCommand('mceSave');};tinymce.each(ed.getParam('fullscreen_settings'),function(v,k){s[k]=v;});if(s.theme_advanced_toolbar_location==='external')s.theme_advanced_toolbar_location='top';t.fullscreenEditor=new tinymce.Editor('mce_fullscreen',s);t.fullscreenEditor.onInit.add(function(){t.fullscreenEditor.setContent(ed.getContent());});t.fullscreenEditor.render();tinyMCE.add(t.fullscreenEditor);t.fullscreenElement=new tinymce.dom.Element('mce_fullscreen_container');t.fullscreenElement.update();t.resizeFunc=tinymce.dom.Event.add(window,'resize',function(){var vp=tinymce.DOM.getViewPort();t.fullscreenEditor.theme.resizeTo(vp.w,vp.h);});}});ed.addButton('fullscreen',{title:'fullscreen.desc',cmd:'mceFullScreen'});ed.onNodeChange.add(function(ed,cm){cm.setActive('fullscreen',ed.getParam('fullscreen_is_enabled'));});},getInfo:function(){return{longname:'Fullscreen',author:'Moxiecode Systems AB',authorurl:'http://tinymce.moxiecode.com',infourl:'http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/fullscreen',version:tinymce.majorVersion+"."+tinymce.minorVersion};}});tinymce.PluginManager.add('fullscreen',tinymce.plugins.FullScreenPlugin);})();
+(function(){var DOM=tinymce.DOM;tinymce.create('tinymce.plugins.FullScreenPlugin',{init:function(ed,url){var t=this,s={},vp;t.editor=ed;ed.addCommand('mceFullScreen',function(){var win,de=DOM.doc.documentElement;if(ed.getParam('fullscreen_is_enabled')){if(ed.getParam('fullscreen_new_window'))closeFullscreen();else{DOM.win.setTimeout(function(){tinymce.dom.Event.remove(DOM.win,'resize',t.resizeFunc);tinyMCE.get(ed.getParam('fullscreen_editor_id')).setContent(ed.getContent({format:'raw'}),{format:'raw'});tinyMCE.remove(ed);DOM.remove('mce_fullscreen_container');de.style.overflow=ed.getParam('fullscreen_html_overflow');DOM.setStyle(DOM.doc.body,'overflow',ed.getParam('fullscreen_overflow'));DOM.win.scrollTo(ed.getParam('fullscreen_scrollx'),ed.getParam('fullscreen_scrolly'));tinyMCE.settings=tinyMCE.oldSettings;},10);}return;}if(ed.getParam('fullscreen_new_window')){win=DOM.win.open(url+"/fullscreen.htm","mceFullScreenPopup","fullscreen=yes,menubar=no,toolbar=no,scrollbars=no,resizable=yes,left=0,top=0,width="+screen.availWidth+",height="+screen.availHeight);try{win.resizeTo(screen.availWidth,screen.availHeight);}catch(e){}}else{tinyMCE.oldSettings=tinyMCE.settings;s.fullscreen_overflow=DOM.getStyle(DOM.doc.body,'overflow',1)||'auto';s.fullscreen_html_overflow=DOM.getStyle(de,'overflow',1);vp=DOM.getViewPort();s.fullscreen_scrollx=vp.x;s.fullscreen_scrolly=vp.y;if(tinymce.isOpera&&s.fullscreen_overflow=='visible')s.fullscreen_overflow='auto';if(tinymce.isIE&&s.fullscreen_overflow=='scroll')s.fullscreen_overflow='auto';if(s.fullscreen_overflow=='0px')s.fullscreen_overflow='';DOM.setStyle(DOM.doc.body,'overflow','hidden');de.style.overflow='hidden';vp=DOM.getViewPort();DOM.win.scrollTo(0,0);if(tinymce.isIE)vp.h-=1;n=DOM.add(DOM.doc.body,'div',{id:'mce_fullscreen_container',style:'position:absolute;top:0;left:0;width:'+vp.w+'px;height:'+vp.h+'px;z-index:200000;'});DOM.add(n,'div',{id:'mce_fullscreen'});tinymce.each(ed.settings,function(v,n){s[n]=v;});s.id='mce_fullscreen';s.width=n.clientWidth;s.height=n.clientHeight-15;s.fullscreen_is_enabled=true;s.fullscreen_editor_id=ed.id;s.theme_advanced_resizing=false;s.save_onsavecallback=function(){ed.setContent(tinyMCE.get(s.id).getContent({format:'raw'}),{format:'raw'});ed.execCommand('mceSave');};tinymce.each(ed.getParam('fullscreen_settings'),function(v,k){s[k]=v;});if(s.theme_advanced_toolbar_location==='external')s.theme_advanced_toolbar_location='top';t.fullscreenEditor=new tinymce.Editor('mce_fullscreen',s);t.fullscreenEditor.onInit.add(function(){t.fullscreenEditor.setContent(ed.getContent());t.fullscreenEditor.focus();});t.fullscreenEditor.render();tinyMCE.add(t.fullscreenEditor);t.fullscreenElement=new tinymce.dom.Element('mce_fullscreen_container');t.fullscreenElement.update();t.resizeFunc=tinymce.dom.Event.add(DOM.win,'resize',function(){var vp=tinymce.DOM.getViewPort();t.fullscreenEditor.theme.resizeTo(vp.w,vp.h);});}});ed.addButton('fullscreen',{title:'fullscreen.desc',cmd:'mceFullScreen'});ed.onNodeChange.add(function(ed,cm){cm.setActive('fullscreen',ed.getParam('fullscreen_is_enabled'));});},getInfo:function(){return{longname:'Fullscreen',author:'Moxiecode Systems AB',authorurl:'http://tinymce.moxiecode.com',infourl:'http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/fullscreen',version:tinymce.majorVersion+"."+tinymce.minorVersion};}});tinymce.PluginManager.add('fullscreen',tinymce.plugins.FullScreenPlugin);})();

wp-includes/js/tinymce/plugins/fullscreen/fullscreen.htm

@@ -3,7 +3,7 @@
 <head>
 	<title></title>
 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-	<script type="text/javascript" src="../../tiny_mce.js"></script>
+	<script type="text/javascript" src="../../tiny_mce.js?v=307"></script>
 	<script type="text/javascript">
 		function patchCallback(settings, key) {
 			if (settings[key])

wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/window.css

@@ -8,6 +8,7 @@
 .clearlooks2 .mceWrapper {position:static}
 .mceEventBlocker {position:absolute; left:0; top:0; background:url(img/horizontal.gif) no-repeat 0 -75px; width:100%; height:100%;}
 .clearlooks2 .mcePlaceHolder {border:1px solid #000; background:#888; top:0; left:0; opacity:0.5; filter:alpha(opacity=50);}
+.clearlooks2_modalBlocker {position:absolute; left:0; top:0; width:100%; height:100%; background:#FFF; opacity:0.6; filter:alpha(opacity=60); display:none}
 
 /* Top */
 .clearlooks2 .mceTop, 
@@ -57,69 +58,69 @@ color:#FFF
 }
 
 /* Middle */
-.clearlooks2 .mceMiddle, .clearlooks2 .mceMiddle div {top:0;}
-.clearlooks2 .mceMiddle {width:100%; height:100%; clip:rect(23px auto auto auto);}
-.clearlooks2 .mceMiddle .mceLeft {left:0; width:5px; height:100%; background:#E4F2FD;border-left:1px solid #c6d9e9;}
-.clearlooks2 .mceMiddle span {top:23px; left:5px; width:100%; height:100%; background:#FFF;}
-.clearlooks2 .mceMiddle .mceRight {right:0; width:5px; height:100%; background:#E4F2FD;border-right:1px solid #c6d9e9;}
+.clearlooks2 .mceMiddle, .clearlooks2 .mceMiddle div {top:0}
+.clearlooks2 .mceMiddle {width:100%; height:100%; clip:rect(23px auto auto auto)}
+.clearlooks2 .mceMiddle .mceLeft {left:0; width:5px; height:100%; background:#E4F2FD;border-left:1px solid #c6d9e9}
+.clearlooks2 .mceMiddle span {top:23px; left:5px; width:100%; height:100%; background:#FFF}
+.clearlooks2 .mceMiddle .mceRight {right:0; width:5px; height:100%; background:#E4F2FD;border-right:1px solid #c6d9e9}
 
 /* Bottom */
-.clearlooks2 .mceBottom, .clearlooks2 .mceBottom div {height:6px;}
-.clearlooks2 .mceBottom {left:0; bottom:0; width:100%;background:#E4F2FD;border-bottom:1px solid #c6d9e9;}
-.clearlooks2 .mceBottom div {top:0;}
-.clearlooks2 .mceBottom .mceLeft {left:0; width:5px; background:#E4F2FD  ;border-left:1px solid #c6d9e9;}
-.clearlooks2 .mceBottom .mceCenter {left:5px; width:100%;}
-.clearlooks2 .mceBottom .mceRight {right:0; width:6px; background:#E4F2FD url(img/drag.gif) no-repeat;border-right:1px solid #c6d9e9;}
-.clearlooks2 .mceBottom span {display:none;}
-.clearlooks2 .mceStatusbar .mceBottom, .clearlooks2 .mceStatusbar .mceBottom div {height:23px;}
-.clearlooks2 .mceStatusbar .mceBottom .mceLeft {background:url(img/corners.gif) -29px 0;}
-.clearlooks2 .mceStatusbar .mceBottom .mceCenter {background:url(img/horizontal.gif) 0 -52px;}
-.clearlooks2 .mceStatusbar .mceBottom .mceRight {background:url(img/corners.gif) -24px 0;}
-.clearlooks2 .mceStatusbar .mceBottom span {display:block; left:7px; font-family:Arial, Verdana; font-size:11px; line-height:23px;}
+.clearlooks2 .mceBottom, .clearlooks2 .mceBottom div {height:6px}
+.clearlooks2 .mceBottom {left:0; bottom:0; width:100%;background:#E4F2FD;border-bottom:1px solid #c6d9e9}
+.clearlooks2 .mceBottom div {top:0}
+.clearlooks2 .mceBottom .mceLeft {left:0; width:5px; background:#E4F2FD  ;border-left:1px solid #c6d9e9}
+.clearlooks2 .mceBottom .mceCenter {left:5px; width:100%}
+.clearlooks2 .mceBottom .mceRight {right:0; width:6px; background:#E4F2FD url(img/drag.gif) no-repeat;border-right:1px solid #c6d9e9}
+.clearlooks2 .mceBottom span {display:none}
+.clearlooks2 .mceStatusbar .mceBottom, .clearlooks2 .mceStatusbar .mceBottom div {height:23px}
+.clearlooks2 .mceStatusbar .mceBottom .mceLeft {background:url(img/corners.gif) -29px 0}
+.clearlooks2 .mceStatusbar .mceBottom .mceCenter {background:url(img/horizontal.gif) 0 -52px}
+.clearlooks2 .mceStatusbar .mceBottom .mceRight {background:url(img/corners.gif) -24px 0}
+.clearlooks2 .mceStatusbar .mceBottom span {display:block; left:7px; font-family:Arial, Verdana; font-size:11px; line-height:23px}
 
 /* Actions */
-.clearlooks2 a {width:29px; height:16px; top:3px;}
-.clearlooks2 .mceClose {right:6px; background:url(img/buttons.gif) -87px 0;}
-.clearlooks2 .mceMin {display:none; right:68px; background:url(img/buttons.gif) 0 0;}
-.clearlooks2 .mceMed {display:none; right:37px; background:url(img/buttons.gif) -29px 0;}
-.clearlooks2 .mceMax {display:none; right:37px; background:url(img/buttons.gif) -58px 0;}
-.clearlooks2 .mceMove {display:none;width:100%;cursor:move;background:url(img/corners.gif) no-repeat -100px -100px;}
-.clearlooks2 .mceMovable .mceMove {display:block;}
-.clearlooks2 .mceFocus .mceClose {right:6px; background:url(img/buttons.gif) -87px -16px;}
-.clearlooks2 .mceFocus .mceMin {right:68px; background:url(img/buttons.gif) 0 -16px;}
-.clearlooks2 .mceFocus .mceMed {right:37px; background:url(img/buttons.gif) -29px -16px;}
-.clearlooks2 .mceFocus .mceMax {right:37px; background:url(img/buttons.gif) -58px -16px;}
-.clearlooks2 .mceFocus .mceClose:hover {right:6px; background:url(img/buttons.gif) -87px -32px;}
-.clearlooks2 .mceFocus .mceClose:hover {right:6px; background:url(img/buttons.gif) -87px -32px;}
-.clearlooks2 .mceFocus .mceMin:hover {right:68px; background:url(img/buttons.gif) 0 -32px;}
-.clearlooks2 .mceFocus .mceMed:hover {right:37px; background:url(img/buttons.gif) -29px -32px;}
-.clearlooks2 .mceFocus .mceMax:hover {right:37px; background:url(img/buttons.gif) -58px -32px;}
+.clearlooks2 a {width:29px; height:16px; top:3px}
+.clearlooks2 .mceClose {right:6px; background:url(img/buttons.gif) -87px 0}
+.clearlooks2 .mceMin {display:none; right:68px; background:url(img/buttons.gif) 0 0}
+.clearlooks2 .mceMed {display:none; right:37px; background:url(img/buttons.gif) -29px 0}
+.clearlooks2 .mceMax {display:none; right:37px; background:url(img/buttons.gif) -58px 0}
+.clearlooks2 .mceMove {display:none;width:100%;cursor:move;background:url(img/corners.gif) no-repeat -100px -100px}
+.clearlooks2 .mceMovable .mceMove {display:block}
+.clearlooks2 .mceFocus .mceClose {right:6px; background:url(img/buttons.gif) -87px -16px}
+.clearlooks2 .mceFocus .mceMin {right:68px; background:url(img/buttons.gif) 0 -16px}
+.clearlooks2 .mceFocus .mceMed {right:37px; background:url(img/buttons.gif) -29px -16px}
+.clearlooks2 .mceFocus .mceMax {right:37px; background:url(img/buttons.gif) -58px -16px}
+.clearlooks2 .mceFocus .mceClose:hover {right:6px; background:url(img/buttons.gif) -87px -32px}
+.clearlooks2 .mceFocus .mceClose:hover {right:6px; background:url(img/buttons.gif) -87px -32px}
+.clearlooks2 .mceFocus .mceMin:hover {right:68px; background:url(img/buttons.gif) 0 -32px}
+.clearlooks2 .mceFocus .mceMed:hover {right:37px; background:url(img/buttons.gif) -29px -32px}
+.clearlooks2 .mceFocus .mceMax:hover {right:37px; background:url(img/buttons.gif) -58px -32px}
 
 /* Resize */
-.clearlooks2 .mceResize {top:auto; left:auto; display:none; width:5px; height:5px; background:url(img/horizontal.gif) no-repeat 0 -75px;}
-.clearlooks2 .mceResizable .mceResize {display:block;}
-.clearlooks2 .mceResizable .mceMin, .clearlooks2 .mceMax {display:none;}
-.clearlooks2 .mceMinimizable .mceMin {display:block;}
-.clearlooks2 .mceMaximizable .mceMax {display:block;}
-.clearlooks2 .mceMaximized .mceMed {display:block;}
-.clearlooks2 .mceMaximized .mceMax {display:none;}
-.clearlooks2 a.mceResizeN {top:0; left:0; width:100%; cursor:n-resize;}
-.clearlooks2 a.mceResizeNW {top:0; left:0; cursor:nw-resize;}
+.clearlooks2 .mceResize {top:auto; left:auto; display:none; width:5px; height:5px; background:url(img/horizontal.gif) no-repeat 0 -75px}
+.clearlooks2 .mceResizable .mceResize {display:block}
+.clearlooks2 .mceResizable .mceMin, .clearlooks2 .mceMax {display:none}
+.clearlooks2 .mceMinimizable .mceMin {display:block}
+.clearlooks2 .mceMaximizable .mceMax {display:block}
+.clearlooks2 .mceMaximized .mceMed {display:block}
+.clearlooks2 .mceMaximized .mceMax {display:none}
+.clearlooks2 a.mceResizeN {top:0; left:0; width:100%; cursor:n-resize}
+.clearlooks2 a.mceResizeNW {top:0; left:0; cursor:nw-resize}
 .clearlooks2 a.mceResizeNE {top:0; right:0; cursor:ne-resize}
-.clearlooks2 a.mceResizeW {top:0; left:0; height:100%; cursor:w-resize;}
-.clearlooks2 a.mceResizeE {top:0; right:0; height:100%; cursor:e-resize;}
+.clearlooks2 a.mceResizeW {top:0; left:0; height:100%; cursor:w-resize}
+.clearlooks2 a.mceResizeE {top:0; right:0; height:100%; cursor:e-resize}
 .clearlooks2 a.mceResizeS {bottom:0; left:0; width:100%; cursor:s-resize}
-.clearlooks2 a.mceResizeSW {bottom:0; left:0; cursor:sw-resize;}
-.clearlooks2 a.mceResizeSE {bottom:0; right:0; cursor:se-resize;}
+.clearlooks2 a.mceResizeSW {bottom:0; left:0; cursor:sw-resize}
+.clearlooks2 a.mceResizeSE {bottom:0; right:0; cursor:se-resize}
 
 /* Alert/Confirm */
-.clearlooks2 .mceButton {font-weight:bold; bottom:10px; width:80px; height:30px; background:url(img/button.gif); line-height:30px; vertical-align:middle; text-align:center; outline:0;}
-.clearlooks2 .mceMiddle .mceIcon {left:15px; top:35px; width:32px; height:32px;}
-.clearlooks2 .mceAlert .mceMiddle span, .clearlooks2 .mceConfirm .mceMiddle span {background:transparent;left:60px; top:35px; width:320px; height:50px; font-weight:bold; overflow:auto; white-space:normal;}
-.clearlooks2 a:hover {font-weight:bold;}
-.clearlooks2 .mceAlert .mceMiddle, .clearlooks2 .mceConfirm .mceMiddle {background:#E4F2FD;}
-.clearlooks2 .mceAlert .mceOk {left:50%; top:auto; margin-left: -40px;}
-.clearlooks2 .mceAlert .mceIcon {background:url(img/alert.gif);}
-.clearlooks2 .mceConfirm .mceOk {left:50%; top:auto; margin-left: -90px;}
-.clearlooks2 .mceConfirm .mceCancel {left:50%; top:auto;}
-.clearlooks2 .mceConfirm .mceIcon {background:url(img/confirm.gif);}
+.clearlooks2 .mceButton {font-weight:bold; bottom:10px; width:80px; height:30px; background:url(img/button.gif); line-height:30px; vertical-align:middle; text-align:center; outline:0}
+.clearlooks2 .mceMiddle .mceIcon {left:15px; top:35px; width:32px; height:32px}
+.clearlooks2 .mceAlert .mceMiddle span, .clearlooks2 .mceConfirm .mceMiddle span {background:transparent;left:60px; top:35px; width:320px; height:50px; font-weight:bold; overflow:auto; white-space:normal}
+.clearlooks2 a:hover {font-weight:bold}
+.clearlooks2 .mceAlert .mceMiddle, .clearlooks2 .mceConfirm .mceMiddle {background:#E4F2FD}
+.clearlooks2 .mceAlert .mceOk {left:50%; top:auto; margin-left: -40px}
+.clearlooks2 .mceAlert .mceIcon {background:url(img/alert.gif)}
+.clearlooks2 .mceConfirm .mceOk {left:50%; top:auto; margin-left: -90px}
+.clearlooks2 .mceConfirm .mceCancel {left:50%; top:auto}
+.clearlooks2 .mceConfirm .mceIcon {background:url(img/confirm.gif)}

wp-includes/js/tinymce/plugins/inlinepopups/template.htm

@@ -2,7 +2,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>Template for dialogs</title>
-<link rel="stylesheet" type="text/css" href="skins/clearlooks2/window.css" />
+<link rel="stylesheet" type="text/css" href="skins/clearlooks2/window.css?v=307" />
 </head>
 <body>
 

wp-includes/js/tinymce/plugins/media/media.htm

@@ -2,13 +2,13 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#media_dlg.title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/media.js"></script>
-	<script type="text/javascript" src="../../utils/mctabs.js"></script>
-	<script type="text/javascript" src="../../utils/validate.js"></script>
-	<script type="text/javascript" src="../../utils/form_utils.js"></script>
-	<script type="text/javascript" src="../../utils/editable_selects.js"></script>
-	<link href="css/media.css" rel="stylesheet" type="text/css" />
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/media.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/mctabs.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/validate.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/form_utils.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/editable_selects.js?v=307"></script>
+	<link href="css/media.css?v=307" rel="stylesheet" type="text/css" />
 	<base target="_self" />
 </head>
 <body style="display: none">

wp-includes/js/tinymce/plugins/paste/blank.htm

@@ -2,7 +2,7 @@
 <head>
 <title>blank_page</title>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<link href="css/blank.css" rel="stylesheet" type="text/css" />
+<link href="css/blank.css?v=307" rel="stylesheet" type="text/css" />
 <base target="_self" />
 <script type="text/javascript">
 function init() {

wp-includes/js/tinymce/plugins/paste/pastetext.htm

@@ -2,8 +2,8 @@
 <head>
 	<title>{#paste.paste_text_desc}</title>
 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/pastetext.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/pastetext.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body onresize="resizeInputs();" style="display:none; overflow:hidden;">

wp-includes/js/tinymce/plugins/paste/pasteword.htm

@@ -2,9 +2,9 @@
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
 	<title>{#paste.paste_word_desc}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/pasteword.js"></script>
-	<link href="css/pasteword.css" rel="stylesheet" type="text/css" />
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/pasteword.js?v=307"></script>
+	<link href="css/pasteword.css?v=307" rel="stylesheet" type="text/css" />
 	<base target="_self" />
 </head>
 <body onresize="resizeInputs();" style="display:none; overflow:hidden;">

wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js

@@ -11,8 +11,8 @@
 	tinymce.create('tinymce.plugins.WordPress', {
 		init : function(ed, url) {
 			var t = this, tbId = ed.getParam('wordpress_adv_toolbar', 'toolbar2');
-            var moreHTML = '<img src="' + url + '/img/trans.gif" class="mceWPmore mceItemNoResize" title="'+ed.getLang('wordpress.wp_more_alt')+'" />';
-            var nextpageHTML = '<img src="' + url + '/img/trans.gif" class="mceWPnextpage mceItemNoResize" title="'+ed.getLang('wordpress.wp_page_alt')+'" />';
+			var moreHTML = '<img src="' + url + '/img/trans.gif" class="mceWPmore mceItemNoResize" title="'+ed.getLang('wordpress.wp_more_alt')+'" />';
+			var nextpageHTML = '<img src="' + url + '/img/trans.gif" class="mceWPnextpage mceItemNoResize" title="'+ed.getLang('wordpress.wp_page_alt')+'" />';
 
 			if ( tinymce.util.Cookie.get('kitchenSink') == '1' )
 				ed.settings.wordpress_adv_hidden = 0;
@@ -42,13 +42,13 @@
 						inline : 1
 					});
 				});
-			
+
 			ed.addCommand('WP_Adv', function() {
 				var id = ed.controlManager.get(tbId).id, cm = ed.controlManager, cook = tinymce.util.Cookie, date;
 
 				date = new Date();
-        		date.setTime(date.getTime()+(10*365*24*60*60*1000));
-				
+				date.setTime(date.getTime()+(10*365*24*60*60*1000));
+
 				if (DOM.isHidden(id)) {
 					cm.setActive('wp_adv', 1);
 					DOM.show(id);
@@ -89,27 +89,52 @@
 				cmd : 'WP_Adv'
 			});
 
-			// Add class "alignleft" or "alignright" when selecting align for images.
+			// Add class "alignleft", "alignright" and "aligncenter" when selecting align for images.
+			ed.onExecCommand.add(function( editor, cmd ) {
+				var node, bl, dom = editor.dom;
+
+				if ( 'JustifyCenter' == cmd ) {
+					if ( ( node = editor.selection.getNode() ) && node.nodeName == 'IMG' ) {
+						if ( ! dom.hasClass( node, "aligncenter" ) && ( bl = editor.forceBlocks.getParentBlock(node) ) && bl.childNodes.length == 1 )
+							dom.setStyle(bl, 'text-align', '');
+					}
+					editor.execCommand('mceRepaint');
+				}
+			});
+
 			ed.onBeforeExecCommand.add(function( editor, cmd ) {
-				var node, dir, xdir;
-	
+				var node, dir, xdir, bl, dom = editor.dom;
+
 				if ( ( cmd.indexOf('Justify') != -1 ) && ( node = editor.selection.getNode() ) ) {
-					if ( node.nodeName !== 'IMG' ) return;
+					if ( 'JustifyFull' == cmd || node.nodeName !== 'IMG' ) return;
 					dir = cmd.substring(7).toLowerCase();
-					if ( 'JustifyCenter' == cmd || editor.queryCommandState( cmd ) ) {
-						editor.dom.removeClass( node, "alignleft" );
-						editor.dom.removeClass( node, "alignright" );
+
+					if (  editor.queryCommandState( cmd ) ) {
+						dom.removeClass( node, "alignleft" );
+						dom.removeClass( node, "alignright" );
+						dom.removeClass( node, "aligncenter" );
+					} else if ( 'JustifyCenter' == cmd ) {
+						dom.removeClass( node, "alignleft" );
+						dom.removeClass( node, "alignright" );
+
+						if ( dom.hasClass( node, "aligncenter" ) ) {
+							dom.removeClass( node, "aligncenter" );
+							if ( ( bl = editor.forceBlocks.getParentBlock(node) ) && bl.childNodes.length == 1 && tinymce.isGecko )
+								editor.selection.select(bl.firstChild);
+						} else dom.addClass( node, "aligncenter" );
+
 					} else {
 						xdir = ( dir == 'left' ) ? 'right' : 'left';
-						editor.dom.removeClass( node, "align"+xdir );
-						editor.dom.addClass( node, "align"+dir );
+						dom.removeClass( node, "aligncenter" );
+						dom.removeClass( node, "align"+xdir );
+						dom.addClass( node, "align"+dir );
 					}
 				}
 			});
-			
+
 			// Add listeners to handle more break
 			t._handleMoreBreak(ed, url);
-			
+
 			// Add custom shortcuts
 			ed.addShortcut('alt+shift+c', ed.getLang('justifycenter_desc'), 'JustifyCenter');
 			ed.addShortcut('alt+shift+r', ed.getLang('justifyright_desc'), 'JustifyRight');
@@ -157,7 +182,7 @@
 
 		_handleMoreBreak : function(ed, url) {
 			var moreHTML = '<img src="' + url + '/img/trans.gif" alt="$1" class="mceWPmore mceItemNoResize" title="'+ed.getLang('wordpress.wp_more_alt')+'" />';
-            var nextpageHTML = '<img src="' + url + '/img/trans.gif" class="mceWPnextpage mceItemNoResize" title="'+ed.getLang('wordpress.wp_page_alt')+'" />';
+			var nextpageHTML = '<img src="' + url + '/img/trans.gif" class="mceWPnextpage mceItemNoResize" title="'+ed.getLang('wordpress.wp_page_alt')+'" />';
 
 			// Load plugin specific CSS into editor
 			ed.onInit.add(function() {
@@ -169,12 +194,12 @@
 				if (ed.theme.onResolveName) {
 					ed.theme.onResolveName.add(function(th, o) {
 						if (o.node.nodeName == 'IMG') {
-                            if ( ed.dom.hasClass(o.node, 'mceWPmore') )
-                                o.name = 'wpmore';
-                            if ( ed.dom.hasClass(o.node, 'mceWPnextpage') )
-                                o.name = 'wppage';
-                        }
-							
+							if ( ed.dom.hasClass(o.node, 'mceWPmore') )
+								o.name = 'wpmore';
+							if ( ed.dom.hasClass(o.node, 'mceWPnextpage') )
+								o.name = 'wppage';
+						}
+
 					});
 				}
 			});
@@ -190,15 +215,13 @@
 				if (o.get)
 					o.content = o.content.replace(/<img[^>]+>/g, function(im) {
 						if (im.indexOf('class="mceWPmore') !== -1) {
-                            var m;
-                            var moretext = (m = im.match(/alt="(.*?)"/)) ? m[1] : '';
-
-                            im = '<!--more'+moretext+'-->';
-                        }
-                        if (im.indexOf('class="mceWPnextpage') !== -1)
+							var m, moretext = (m = im.match(/alt="(.*?)"/)) ? m[1] : '';
+							im = '<!--more'+moretext+'-->';
+						}
+						if (im.indexOf('class="mceWPnextpage') !== -1)
 							im = '<!--nextpage-->';
-						
-                        return im;
+
+						return im;
 					});
 			});
 
@@ -212,4 +235,4 @@
 
 	// Register plugin
 	tinymce.PluginManager.add('wordpress', tinymce.plugins.WordPress);
-})();
+})();

wp-includes/js/tinymce/themes/advanced/about.htm

@@ -2,9 +2,9 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#advanced_dlg.about_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="../../utils/mctabs.js"></script>
-	<script type="text/javascript" src="js/about.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/mctabs.js?v=307"></script>
+	<script type="text/javascript" src="js/about.js?v=307"></script>
 </head>
 <body id="about" style="display: none">
 		<div class="tabs">

wp-includes/js/tinymce/themes/advanced/anchor.htm

@@ -2,8 +2,8 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#advanced_dlg.anchor_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/anchor.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/anchor.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body style="display: none">

wp-includes/js/tinymce/themes/advanced/charmap.htm

@@ -3,8 +3,8 @@
 <head>
 	<title>{#advanced_dlg.charmap_title}</title>
 	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/charmap.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/charmap.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body id="charmap" style="display:none">

wp-includes/js/tinymce/themes/advanced/color_picker.htm

@@ -2,9 +2,9 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#advanced_dlg.colorpicker_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="../../utils/mctabs.js"></script>
-	<script type="text/javascript" src="js/color_picker.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/mctabs.js?v=307"></script>
+	<script type="text/javascript" src="js/color_picker.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body id="colorpicker" style="display: none">

wp-includes/js/tinymce/themes/advanced/image.htm

@@ -2,10 +2,10 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#advanced_dlg.image_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="../../utils/mctabs.js"></script>
-	<script type="text/javascript" src="../../utils/form_utils.js"></script>
-	<script type="text/javascript" src="js/image.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/mctabs.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/form_utils.js?v=307"></script>
+	<script type="text/javascript" src="js/image.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body id="image" style="display: none">

wp-includes/js/tinymce/themes/advanced/js/image.js

@@ -108,7 +108,7 @@ var ImageDialog = {
 			// Handle align
 			v = getSelectValue(f, 'align');
 			cls = f.class_name.value || '';
-			cls = cls ? cls.replace(/alignright\s*|alignleft\s*/g, '') : '';
+			cls = cls ? cls.replace(/alignright\s*|alignleft\s*|aligncenter\s*/g, '') : '';
 			cls = cls ? cls.replace(/^\s*(.+?)\s*$/, '$1') : '';
 			if (v) {
 				if (v == 'left' || v == 'right') {

wp-includes/js/tinymce/themes/advanced/js/link.js

@@ -34,10 +34,10 @@ var LinkDialog = {
 		var f = document.forms[0], ed = tinyMCEPopup.editor, e, b;
 
 		tinyMCEPopup.restoreSelection();
+		e = ed.dom.getParent(ed.selection.getNode(), 'A');
 
 		// Remove element if there is no href
 		if (!f.href.value) {
-			e = ed.dom.getParent(ed.selection.getNode(), 'A');
 			if (e) {
 				tinyMCEPopup.execCommand("mceBeginUndoLevel");
 				b = ed.selection.getBookmark();
@@ -49,13 +49,42 @@ var LinkDialog = {
 			}
 		}
 
-		ed.execCommand('mceInsertLink', false, {
-			href : f.href.value,
-			title : f.linktitle.value,
-			target : f.target_list ? f.target_list.options[f.target_list.selectedIndex].value : null,
-			'class' : f.class_list ? f.class_list.options[f.class_list.selectedIndex].value : null
-		});
+		tinyMCEPopup.execCommand("mceBeginUndoLevel");
 
+		// Create new anchor elements
+		if (e == null) {
+			tinyMCEPopup.execCommand("CreateLink", false, "#mce_temp_url#", {skip_undo : 1});
+
+			tinymce.each(ed.dom.select("a"), function(n) {
+				if (ed.dom.getAttrib(n, 'href') == '#mce_temp_url#') {
+					e = n;
+
+					ed.dom.setAttribs(e, {
+						href : f.href.value,
+						title : f.linktitle.value,
+						target : f.target_list ? f.target_list.options[f.target_list.selectedIndex].value : null,
+						'class' : f.class_list ? f.class_list.options[f.class_list.selectedIndex].value : null
+					});
+				}
+			});
+		} else {
+			ed.dom.setAttribs(e, {
+				href : f.href.value,
+				title : f.linktitle.value,
+				target : f.target_list ? f.target_list.options[f.target_list.selectedIndex].value : null,
+				'class' : f.class_list ? f.class_list.options[f.class_list.selectedIndex].value : null
+			});
+		}
+
+		// Don't move caret if selection was image
+		if (e.childNodes.length != 1 || e.firstChild.nodeName != 'IMG') {
+			ed.focus();
+			ed.selection.select(e);
+			ed.selection.collapse(0);
+			tinyMCEPopup.storeSelection();
+		}
+
+		tinyMCEPopup.execCommand("mceEndUndoLevel");
 		tinyMCEPopup.close();
 	},
 

wp-includes/js/tinymce/themes/advanced/link.htm

@@ -2,11 +2,11 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#advanced_dlg.link_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="../../utils/mctabs.js"></script>
-	<script type="text/javascript" src="../../utils/form_utils.js"></script>
-	<script type="text/javascript" src="../../utils/validate.js"></script>
-	<script type="text/javascript" src="js/link.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/mctabs.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/form_utils.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/validate.js?v=307"></script>
+	<script type="text/javascript" src="js/link.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body id="link" style="display: none">
@@ -25,7 +25,7 @@
             <td nowrap="nowrap"><label for="href">{#advanced_dlg.link_url}</label></td>
             <td><table border="0" cellspacing="0" cellpadding="0"> 
 				  <tr> 
-					<td><input id="href" name="href" type="text" class="mceFocus" value="http://" style="width: 200px" /></td> 
+					<td><input id="href" name="href" type="text" class="mceFocus" value="http://" style="width: 200px" onfocus="try{this.select();}catch(e){}" /></td> 
 					<td id="hrefbrowsercontainer">&nbsp;</td>
 				  </tr> 
 				</table></td>

wp-includes/js/tinymce/themes/advanced/skins/default/content.css

@@ -11,6 +11,8 @@ h6 {font-size: .75em}
 a.mceItemAnchor {width:12px; line-height:6px; overflow:hidden; padding-left:12px; background:url(img/items.gif) no-repeat bottom left;}
 img.mceItemAnchor {width:12px; height:12px; background:url(img/items.gif) no-repeat;}
 img {border:0;}
+table {cursor:default}
+table td, table th {cursor:text}
 
 /* IE */
 * html body {

wp-includes/js/tinymce/themes/advanced/skins/default/ui.css

@@ -34,15 +34,20 @@
 .defaultSkin td.mceRight table {margin:0 0 0 auto;}
 
 /* Button */
-.defaultSkin .mceButton {display:block; border:1px solid #F0F0EE; width:20px; height:20px; margin-right:1px;}
+.defaultSkin .mceButton {display:block; border:1px solid #F0F0EE; width:20px; height:20px; margin-right:1px}
 .defaultSkin a.mceButtonEnabled:hover {border:1px solid #0A246A; background-color:#B2BBD0}
 .defaultSkin a.mceButtonActive, .defaultSkin a.mceButtonSelected {border:1px solid #0A246A; background-color:#C2CBE0}
 .defaultSkin .mceButtonDisabled .mceIcon {opacity:0.3; filter:alpha(opacity=30)}
+.defaultSkin .mceButtonLabeled {width:auto}
+.defaultSkin .mceButtonLabeled span.mceIcon {float:left}
+.defaultSkin span.mceButtonLabel {display:block; font-size:10px; padding:4px 6px 0 22px; font-family:Tahoma,Verdana,Arial,Helvetica}
+.defaultSkin .mceButtonDisabled .mceButtonLabel {color:#888}
 
 /* Separator */
 .defaultSkin .mceSeparator {display:block; background:url(../../img/icons.gif) -180px 0; width:2px; height:20px; margin:2px 2px 0 4px}
 
 /* ListBox */
+.defaultSkin .mceListBox {direction:ltr}
 .defaultSkin .mceListBox, .defaultSkin .mceListBox a {display:block}
 .defaultSkin .mceListBox .mceText {padding-left:4px; width:70px; text-align:left; border:1px solid #CCC; border-right:0; background:#FFF; font-family:Tahoma,Verdana,Arial,Helvetica; font-size:11px; height:20px; line-height:20px; overflow:hidden}
 .defaultSkin .mceListBox .mceOpen {width:9px; height:20px; background:url(../../img/icons.gif) -741px 0; margin-right:2px; border:1px solid #CCC;}
@@ -55,7 +60,7 @@
 .defaultSkin select.mceNativeListBox {font-family:'MS Sans Serif',sans-serif,Verdana,Arial; font-size:7pt; background:#F0F0EE; border:1px solid gray; margin-right:2px;}
 
 /* SplitButton */
-.defaultSkin .mceSplitButton {width:32px; height:20px}
+.defaultSkin .mceSplitButton {width:32px; height:20px; direction:ltr}
 .defaultSkin .mceSplitButton a, .defaultSkin .mceSplitButton span {height:20px; display:block}
 .defaultSkin .mceSplitButton a.mceAction {width:20px; border:1px solid #F0F0EE; border-right:0;}
 .defaultSkin .mceSplitButton span.mceAction {width:20px; background:url(../../img/icons.gif) 20px 20px;}
@@ -153,8 +158,8 @@
 .defaultSkin span.mce_blockquote {background-position:-220px 0}
 .defaultSkin .mce_forecolor span.mceAction {background-position:-720px 0}
 .defaultSkin .mce_backcolor span.mceAction {background-position:-760px 0}
-.defaultSkin .mce_forecolorpicker {background-position:-720px 0}
-.defaultSkin .mce_backcolorpicker {background-position:-760px 0}
+.defaultSkin span.mce_forecolorpicker {background-position:-720px 0}
+.defaultSkin span.mce_backcolorpicker {background-position:-760px 0}
 
 /* Plugins */
 .defaultSkin span.mce_advhr {background-position:-0px -20px}

wp-includes/js/tinymce/themes/advanced/skins/o2k7/content.css

@@ -11,6 +11,8 @@ h6 {font-size: .75em}
 a.mceItemAnchor {width:12px; line-height:6px; overflow:hidden; padding-left:12px; background:url(../default/img/items.gif) no-repeat bottom left;}
 img.mceItemAnchor {width:12px; height:12px; background:url(../default/img/items.gif) no-repeat;}
 img {border:0;}
+table {cursor:default}
+table td, table th {cursor:text}
 
 /* IE */
 * html body {

wp-includes/js/tinymce/themes/advanced/skins/o2k7/ui.css

@@ -41,6 +41,10 @@
 .o2k7Skin a.mceButtonEnabled:hover {background-color:#B2BBD0; background-position:0 -22px}
 .o2k7Skin a.mceButtonActive, .o2k7Skin a.mceButtonSelected {background-position:0 -44px}
 .o2k7Skin .mceButtonDisabled .mceIcon {opacity:0.3; filter:alpha(opacity=30)}
+.o2k7Skin .mceButtonLabeled {width:auto}
+.o2k7Skin .mceButtonLabeled span.mceIcon {float:left}
+.o2k7Skin span.mceButtonLabel {display:block; font-size:10px; padding:4px 6px 0 22px; font-family:Tahoma,Verdana,Arial,Helvetica}
+.o2k7Skin .mceButtonDisabled .mceButtonLabel {color:#888}
 
 /* Separator */
 .o2k7Skin .mceSeparator {display:block; background:url(img/button_bg.png) -22px 0; width:5px; height:22px}
@@ -77,8 +81,8 @@
 .o2k7Skin .mceColorSplitMenu a.mceMoreColors {width:100%; height:auto; text-align:center; font-family:Tahoma,Verdana,Arial,Helvetica; font-size:11px; line-height:20px; border:1px solid #FFF}
 .o2k7Skin .mceColorSplitMenu a.mceMoreColors:hover {border:1px solid #0A246A; background-color:#B6BDD2}
 .o2k7Skin a.mceMoreColors:hover {border:1px solid #0A246A}
-.o2k7Skin .mceColorPreview {margin-left:2px; width:16px; height:4px; overflow:hidden; background:#9a9b9a}
-.o2k7Skin .mce_forecolor span.mceAction, .o2k7Skin .mce_backcolor span.mceAction {height:15px}
+.o2k7Skin .mceColorPreview {margin-left:2px; width:16px; height:4px; overflow:hidden; background:#9a9b9a;overflow:hidden}
+.o2k7Skin .mce_forecolor span.mceAction, .o2k7Skin .mce_backcolor span.mceAction {height:15px;overflow:hidden}
 
 /* Menu */
 .o2k7Skin .mceMenu {position:absolute; left:0; top:0; z-index:1000; border:1px solid #ABC6DD}
@@ -154,8 +158,8 @@
 .o2k7Skin span.mce_blockquote {background-position:-220px 0}
 .o2k7Skin .mce_forecolor span.mceAction {background-position:-720px 0}
 .o2k7Skin .mce_backcolor span.mceAction {background-position:-760px 0}
-.o2k7Skin .mce_forecolorpicker {background-position:-720px 0}
-.o2k7Skin .mce_backcolorpicker {background-position:-760px 0}
+.o2k7Skin span.mce_forecolorpicker {background-position:-720px 0}
+.o2k7Skin span.mce_backcolorpicker {background-position:-760px 0}
 
 /* Plugins */
 .o2k7Skin span.mce_advhr {background-position:-0px -20px}

wp-includes/js/tinymce/themes/advanced/source_editor.htm

@@ -2,8 +2,8 @@
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
 	<title>{#advanced_dlg.code_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/source_editor.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/source_editor.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body onresize="resizeInputs();" style="display:none; overflow:hidden;">

wp-includes/js/tinymce/tiny_mce_config.php

@@ -8,11 +8,16 @@
  *
  * This file compresses the TinyMCE JavaScript using GZip.
  **/
-  
+
+// Discard any buffers
+while ( @ob_end_clean() );
+
 @ require('../../../wp-config.php');
 
 function getFileContents($path) {
-	$path = realpath($path);
+
+	if ( function_exists('realpath') )
+		$path = realpath($path);
 
 	if ( ! $path || ! @is_file($path) )
 		return '';
@@ -49,11 +54,11 @@ function putFileContents( $path, $content ) {
 $https = ( isset($_SERVER['HTTPS']) && 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false;
 	
 $baseurl = get_option('siteurl') . '/wp-includes/js/tinymce';
-if ( $https ) str_replace('http://', 'https://', $baseurl);
+if ( $https ) $baseurl = str_replace('http://', 'https://', $baseurl);
 
 $mce_css = $baseurl . '/wordpress.css';
 $mce_css = apply_filters('mce_css', $mce_css);
-if ( $https ) str_replace('http://', 'https://', $mce_css);
+if ( $https ) $mce_css = str_replace('http://', 'https://', $mce_css);
 
 $mce_locale = ( '' == get_locale() ) ? 'en' : strtolower( substr(get_locale(), 0, 2) ); // only ISO 639-1
 
@@ -104,7 +109,7 @@ if ( ! empty($mce_external_plugins) ) {
 
 	foreach ( $mce_external_plugins as $name => $url ) {
 		
-		if ( $https ) str_replace('http://', 'https://', $url);
+		if ( $https ) $url = str_replace('http://', 'https://', $url);
 		
 		$plugins[] = '-' . $name;
 
@@ -150,6 +155,7 @@ $initArray = array (
 	'dialog_type' => 'modal',
 	'relative_urls' => false,
 	'remove_script_host' => false,
+	'convert_urls' => false,
 	'apply_source_formatting' => false,
 	'remove_linebreaks' => true,
 	'paste_convert_middot_lists' => true,
@@ -220,7 +226,7 @@ if ( $compress && isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) {
 // Setup cache info
 if ( $disk_cache ) {
 
-	$cacheKey = apply_filters('tiny_mce_version', '20080327');
+	$cacheKey = apply_filters('tiny_mce_version', '20080414');
 
 	foreach ( $initArray as $v )
 		$cacheKey .= $v;
@@ -256,8 +262,6 @@ if ( $disk_cache && is_file($cache_file) && is_readable($cache_file) ) {
 	if ( '.gz' == $cache_ext )
 		header( 'Content-Encoding: gzip' );
 
-	header( 'Content-Length: ' . strlen($content) );
-
 	echo $content;
 	exit;
 }
@@ -301,7 +305,6 @@ if ( '.gz' == $cache_ext ) {
 }
 
 // Stream to client
-header( 'Content-Length: ' . strlen($content) );
 echo $content;
 
 // Write file
@@ -326,4 +329,4 @@ if ( '' != $cacheKey && is_dir($cache_path) && is_readable($cache_path) ) {
 	putFileContents( $cache_file, $content );
 }
 
-?>
+?>

wp-includes/js/tinymce/tiny_mce_popup.js

@@ -101,7 +101,7 @@ tinyMCEPopup = {
 			u += '/langs/' + this.editor.settings.language + '_dlg.js';
 
 			if (!tinymce.ScriptLoader.isDone(u)) {
-				document.write('<script type="text/javascript" src="' + u + '"></script>');
+				document.write('<script type="text/javascript" src="' + tinymce._addVer(u) + '"></script>');
 				tinymce.ScriptLoader.markDone(u);
 			}
 		}
@@ -219,7 +219,7 @@ tinyMCEPopup = {
 			});
 		}
 
-		document.onkeydown = tinyMCEPopup._closeWinKeyHandler;
+		document.onkeyup = tinyMCEPopup._closeWinKeyHandler;
 	},
 
 	_accessHandler : function(e) {

wp-includes/js/tinymce/wordpress.css

@@ -1,5 +1,19 @@
 /* This file contains the CSS data for the editable area(iframe) of TinyMCE */
 
+.aligncenter {
+	display: block;
+	margin-left: auto;
+	margin-right: auto;
+}
+
+.alignleft {
+	float: left;
+}
+
+.alignright {
+	float: right;
+}
+
 body.mceContentBody {
 	background: #fff;
 	color: #000;

wp-includes/js/wp-lists.js

@@ -313,11 +313,11 @@ var wpList = {
 				var addEl = this;
 				var c = wpList.parseClass(this,'add')[2] || addEl.id;
 				if ( !c ) { return; }
-				var forms = []; var ins = [];
+				var forms = []; var ins = []; // this is all really inefficient
 				$('#' + c + ' :input').focus( function() { currentFormEl = this; } ).blur( function() { currentFormEl = false; } ).each( function() {
 					ins.push(this);
-					$.merge(forms,$(this).parents('form'));
-					forms = $.unique(forms);
+					var f = $(this).parents('form:first').get(0);
+					if ( $.inArray(f,forms) < 0 ) { forms.push(f); }
 				} );
 				$(forms).submit( function() {
 					if ( 0 <= $.inArray(currentFormEl,ins) ) {

wp-includes/link-template.php

@@ -80,13 +80,13 @@ function get_permalink($id = 0, $leavename=false) {
 			$category = $cats[0]->slug;
 			if ( $parent=$cats[0]->parent )
 				$category = get_category_parents($parent, FALSE, '/', TRUE) . $category;
-		}
 
-		// show default category in permalinks, without
-		// having to assign it explicitly
-		if ( empty($category) ) {
-			$default_category = get_category( get_option( 'default_category' ) );
-			$category = is_wp_error( $default_category)? '' : $default_category->slug; 
+			// show default category in permalinks, without
+			// having to assign it explicitly
+			if ( empty($category) ) {
+				$default_category = get_category( get_option( 'default_category' ) );
+				$category = is_wp_error( $default_category ) ? '' : $default_category->slug; 
+			}
 		}
 
 		$author = '';
@@ -179,7 +179,7 @@ function get_attachment_link($id = false) {
 			$parentlink = _get_page_link( $object->post_parent ); // Ignores page_on_front
 		else
 			$parentlink = get_permalink( $object->post_parent );
-		if ( ctype_digit($object->post_name) || false !== strpos(get_option('permalink_structure'), '%category%') )
+		if ( is_numeric($object->post_name) || false !== strpos(get_option('permalink_structure'), '%category%') )
 			$name = 'attachment/' . $object->post_name; // <permalink>/<int>/ is paged so we use the explicit attachment marker
 		else
 			$name = $object->post_name;
@@ -554,7 +554,7 @@ function get_adjacent_post($in_same_cat = false, $excluded_categories = '', $pre
 			}
 
 			if ( !empty($excluded_categories) ) {
-				$posts_in_ex_cats_sql = " AND tt.term_id NOT IN (" . implode($excluded_categories, ',') . ')';
+				$posts_in_ex_cats_sql = " AND tt.taxonomy = 'category' AND tt.term_id NOT IN (" . implode($excluded_categories, ',') . ')';
 			}
 		}
 	}

wp-includes/media.php

@@ -98,7 +98,8 @@ function get_image_tag($id, $alt, $title, $align, $size='medium') {
 
 	$html = '<img src="'.attribute_escape($img_src).'" alt="'.attribute_escape($alt).'" title="'.attribute_escape($title).'" '.$hwstring.'class="align'.attribute_escape($align).' size-'.attribute_escape($size).' wp-image-'.$id.'" />';
 
-	$html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url );
+	$url = '';
+	$html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size );
 
 	return $html;
 }
@@ -243,6 +244,7 @@ function image_make_intermediate_size($file, $width, $height, $crop=false) {
 	if ( $width || $height ) {
 		$resized_file = image_resize($file, $width, $height, $crop);
 		if ( !is_wp_error($resized_file) && $resized_file && $info = getimagesize($resized_file) ) {
+			$resized_file = apply_filters('image_make_intermediate_size', $resized_file);
 			return array(
 				'file' => basename( $resized_file ),
 				'width' => $info[0],
@@ -324,7 +326,7 @@ function wp_get_attachment_image($attachment_id, $size='thumbnail', $icon = fals
 		$hwstring = image_hwstring($width, $height);
 		if ( is_array($size) )
 			$size = join('x', $size);
-		$html = '<img src="'.attribute_escape($src).'" '.$hwstring.'class="attachment-'.attribute_escape($size).'" />';
+		$html = '<img src="'.attribute_escape($src).'" '.$hwstring.'class="attachment-'.attribute_escape($size).'" alt="" />';
 	}
 	
 	return $html;
@@ -339,7 +341,14 @@ function gallery_shortcode($attr) {
 	$output = apply_filters('post_gallery', '', $attr);
 	if ( $output != '' )
 		return $output;
-		
+
+	// We're trusting author input, so let's at least make sure it looks like a valid orderby statement
+	if ( isset( $attr['orderby'] ) ) {
+		$attr['orderby'] = sanitize_sql_orderby( $attr['orderby'] );
+		if ( !$attr['orderby'] )
+			unset( $attr['orderby'] );
+	}
+
 	extract(shortcode_atts(array(
 		'orderby'    => 'menu_order ASC, ID ASC',
 		'id'         => $post->ID,
@@ -351,8 +360,7 @@ function gallery_shortcode($attr) {
 	), $attr));
 
 	$id = intval($id);
-	$orderby = addslashes($orderby);
-	$attachments = get_children("post_parent=$id&post_type=attachment&post_mime_type=image&orderby=\"{$orderby}\"");
+	$attachments = get_children("post_parent=$id&post_type=attachment&post_mime_type=image&orderby={$orderby}");
 
 	if ( empty($attachments) )
 		return '';
@@ -409,7 +417,7 @@ function gallery_shortcode($attr) {
 	}
 
 	$output .= "
-			<br style='clear: both;' >
+			<br style='clear: both;' />
 		</div>\n";
 
 	return $output;
@@ -426,7 +434,7 @@ function next_image_link() {
 function adjacent_image_link($prev = true) {
 	global $post;
 	$post = get_post($post);
-	$attachments = array_values(get_children("post_parent=$post->post_parent&post_type=attachment&post_mime_type=image&orderby=\"menu_order ASC, ID ASC\""));
+	$attachments = array_values(get_children("post_parent=$post->post_parent&post_type=attachment&post_mime_type=image&orderby=menu_order ASC, ID ASC"));
 
 	foreach ( $attachments as $k => $attachment )
 		if ( $attachment->ID == $post->ID )

wp-includes/pluggable.php

@@ -474,7 +474,11 @@ function wp_validate_auth_cookie($cookie = '') {
 		$cookie = $_COOKIE[AUTH_COOKIE];
 	}
 
-	list($username, $expiration, $hmac) = explode('|', $cookie);
+	$cookie_elements = explode('|', $cookie);
+	if ( count($cookie_elements) != 3 )
+		return false;
+
+	list($username, $expiration, $hmac) = $cookie_elements;
 
 	$expired = $expiration;
 
@@ -482,11 +486,12 @@ function wp_validate_auth_cookie($cookie = '') {
 	if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )
 		$expired += 3600;
 
+	// Quick check to see if an honest cookie has expired
 	if ( $expired < time() )
 		return false;
 
-	$key = wp_hash($username . $expiration);
-	$hash = hash_hmac('md5', $username . $expiration, $key);
+	$key = wp_hash($username . '|' . $expiration);
+	$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
 
 	if ( $hmac != $hash )
 		return false;
@@ -514,8 +519,8 @@ if ( !function_exists('wp_generate_auth_cookie') ) :
 function wp_generate_auth_cookie($user_id, $expiration) {
 	$user = get_userdata($user_id);
 
-	$key = wp_hash($user->user_login . $expiration);
-	$hash = hash_hmac('md5', $user->user_login . $expiration, $key);
+	$key = wp_hash($user->user_login . '|' . $expiration);
+	$hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
 
 	$cookie = $user->user_login . '|' . $expiration . '|' . $hash;
 
@@ -1071,11 +1076,7 @@ if ( !function_exists('wp_hash') ) :
 function wp_hash($data) {
 	$salt = wp_salt();
 
-	if ( function_exists('hash_hmac') ) {
-		return hash_hmac('md5', $data, $salt);
-	} else {
-		return md5($data . $salt);
-	}
+	return hash_hmac('md5', $data, $salt);
 }
 endif;
 
@@ -1167,12 +1168,11 @@ if ( !function_exists('wp_generate_password') ) :
  *
  * @return string The random password
  **/
-function wp_generate_password() {
-	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-	$length = 7;
+function wp_generate_password($length = 12) {
+	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()";
 	$password = '';
 	for ( $i = 0; $i < $length; $i++ )
-		$password .= substr($chars, mt_rand(0, 61), 1);
+		$password .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
 	return $password;
 }
 endif;
@@ -1329,7 +1329,7 @@ if ( !function_exists('wp_login') ) :
  * global for why there was a failure can utilize it later.
  *
  * @since 1.2.2
- * @deprecated Use wp_signin()
+ * @deprecated Use wp_signon()
  * @global string $error Error when false is returned
  *
  * @param string $username User's username

wp-includes/post-template.php

@@ -373,7 +373,8 @@ function the_attachment_link($id = 0, $fullsize = false, $deprecated = false, $p
 
 // get an attachment page link using an image or icon if possible
 function wp_get_attachment_link($id = 0, $size = 'thumbnail', $permalink = false, $icon = false) {
-	$_post = & get_post( intval($id) );
+	$id = intval($id);
+	$_post = & get_post( $id );
 
 	if ( ('attachment' != $_post->post_type) || !$url = wp_get_attachment_url($_post->ID) )
 		return __('Missing Attachment');

wp-includes/post.php

@@ -165,20 +165,18 @@ function &get_post(&$post, $output = OBJECT, $filter = 'raw') {
 		else
 			return $null;
 	} elseif ( is_object($post) ) {
+		_get_post_ancestors($post);
 		wp_cache_add($post->ID, $post, 'posts');
 		$_post = &$post;
 	} else {
 		$post = (int) $post;
 		if ( ! $_post = wp_cache_get($post, 'posts') ) {
 			$_post = & $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post));
+			_get_post_ancestors($_post);
 			wp_cache_add($_post->ID, $_post, 'posts');
 		}
 	}
 
-	// Populate the ancestors field.
-	// Not cached since we don't clear cache for ancestors when a post changes.
-	_get_post_ancestors($_post);
-
 	$_post = sanitize_post($_post, $filter);
 
 	if ( $output == OBJECT ) {
@@ -403,7 +401,7 @@ function set_post_type( $post_id = 0, $post_type = 'post' ) {
  * @param array $args {@internal Missing Description}}
  * @return array {@internal Missing Description}}
  */
-function get_posts($args) {
+function get_posts($args = null) {
 	global $wpdb;
 
 	$defaults = array(
@@ -460,6 +458,10 @@ function get_posts($args) {
 	if (!empty($exclusions))
 		$exclusions .= ')';
 
+	// orderby
+	if ( preg_match( '/.+ +(ASC|DESC)/i', $orderby ) )
+		$order = ''; // orderby has its own order, so we'll use that
+
 	$query  = "SELECT DISTINCT * FROM $wpdb->posts ";
 	$query .= empty( $category ) ? '' : ", $wpdb->term_relationships, $wpdb->term_taxonomy  ";
 	$query .= empty( $meta_key ) ? '' : ", $wpdb->postmeta ";
@@ -824,12 +826,21 @@ function wp_count_posts( $type = 'post', $perm = '' ) {
 
 	$user = wp_get_current_user();
 
+	$cache_key = $type;
+
 	$query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s";
 	if ( 'readable' == $perm && is_user_logged_in() ) {
-		if ( !current_user_can("read_private_{$type}s") )
+		if ( !current_user_can("read_private_{$type}s") ) {
+			$cache_key .= '_' . $perm . '_' . $user->ID;
 			$query .= " AND (post_status != 'private' OR ( post_author = '$user->ID' AND post_status = 'private' ))";
+		}
 	}
 	$query .= ' GROUP BY post_status';
+
+	$count = wp_cache_get($cache_key, 'counts');
+	if ( false !== $count )
+		return $count;
+
 	$count = $wpdb->get_results( $wpdb->prepare( $query, $type ), ARRAY_A );
 
 	$stats = array( );
@@ -837,9 +848,13 @@ function wp_count_posts( $type = 'post', $perm = '' ) {
 		$stats[$row['post_status']] = $row['num_posts'];
 	}
 
-	return (object) $stats;
+	$stats = (object) $stats;
+	wp_cache_set($cache_key, $stats, 'counts');
+
+	return $stats;
 }
 
+
 /**
  * wp_count_attachments() - Count number of attachments
  *
@@ -2408,7 +2423,7 @@ function wp_mime_type_icon( $mime = 0 ) {
 			$dirs = apply_filters( 'icon_dirs', array($icon_dir => $icon_dir_uri) );
 			$icon_files = array();
 			while ( $dirs ) {
-				$dir = array_shift(array_keys($dirs));
+				$dir = array_shift($keys = array_keys($dirs));
 				$uri = array_shift($dirs);
 				if ( $dh = opendir($dir) ) {
 					while ( false !== $file = readdir($dh) ) {
@@ -2668,6 +2683,9 @@ function update_post_cache(&$posts) {
  * @param int $id The Post ID in the cache to clean
  */
 function clean_post_cache($id) {
+	global $wpdb;
+	$id = (int) $id;
+
 	wp_cache_delete($id, 'posts');
 	wp_cache_delete($id, 'post_meta');
 
@@ -2676,6 +2694,11 @@ function clean_post_cache($id) {
 	wp_cache_delete( 'wp_get_archives', 'general' );
 
 	do_action('clean_post_cache', $id);
+
+	if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) ) {
+		foreach( $children as $cid )
+			clean_post_cache( $cid );
+	}
 }
 
 /**
@@ -2937,22 +2960,22 @@ function _save_post_hook($post_id, $post) {
 //
 
 function _get_post_ancestors(&$_post) {
-    global $wpdb;
+	global $wpdb;
 
-    if ( !empty($_post->ancestors) )
-    	return;
+	if ( isset($_post->ancestors) )
+		return;
 
-    $_post->ancestors = array();
+	$_post->ancestors = array();
 
-    if ( empty($_post->post_parent) || $_post->ID == $_post->post_parent )
-    	return;
+	if ( empty($_post->post_parent) || $_post->ID == $_post->post_parent )
+		return;
 
-    $id = $_post->ancestors[] = $_post->post_parent;
-    while ( $ancestor = $wpdb->get_var("SELECT `post_parent` FROM $wpdb->posts WHERE ID= '{$id}' LIMIT 1") ) {
-    	if ( $id == $ancestor )
-    		break;
-    	$id = $_post->ancestors[] = $ancestor;
-    }
+	$id = $_post->ancestors[] = $_post->post_parent;
+	while ( $ancestor = $wpdb->get_var( $wpdb->prepare("SELECT `post_parent` FROM $wpdb->posts WHERE ID = %d LIMIT 1", $id) ) ) {
+		if ( $id == $ancestor )
+			break;
+		$id = $_post->ancestors[] = $ancestor;
+	}
 }
 
 ?>

wp-includes/query.php

@@ -519,6 +519,7 @@ class WP_Query {
 		$qv['day'] = (int) $qv['day'];
 		$qv['w'] = (int) $qv['w'];
 		$qv['m'] =  (int) $qv['m'];
+		$qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers
 		if ( '' !== $qv['hour'] ) $qv['hour'] = (int) $qv['hour'];
 		if ( '' !== $qv['minute'] ) $qv['minute'] = (int) $qv['minute'];
 		if ( '' !== $qv['second'] ) $qv['second'] = (int) $qv['second'];
@@ -1249,6 +1250,7 @@ class WP_Query {
 				$orderby = $orderby_array[$i];
 				switch ($orderby) {
 					case 'menu_order':
+						break;
 					case 'ID':
 						$orderby = "$wpdb->posts.ID";
 						break;

wp-includes/rewrite.php

@@ -793,12 +793,12 @@ class WP_Rewrite {
 		$robots_rewrite = array('robots.txt$' => $this->index . '?robots=1');
 
 		//Default Feed rules - These are require to allow for the direct access files to work with permalink structure starting with %category%
-		$default_feeds = array(	'wp-atom.php$'	=>	$this->index .'?feed=atom',
-								'wp-rdf.php$'	=>	$this->index .'?feed=rdf',
-								'wp-rss.php$'	=>	$this->index .'?feed=rss',
-								'wp-rss2.php$'	=>	$this->index .'?feed=rss2',
-								'wp-feed.php$'	=>	$this->index .'?feed=feed',
-								'wp-commentsrss2.php$'	=>	$this->index . '?feed=rss2&withcomments=1');
+		$default_feeds = array(	'.*/wp-atom.php$'	=>	$this->index .'?feed=atom',
+								'.*/wp-rdf.php$'	=>	$this->index .'?feed=rdf',
+								'.*/wp-rss.php$'	=>	$this->index .'?feed=rss',
+								'.*/wp-rss2.php$'	=>	$this->index .'?feed=rss2',
+								'.*/wp-feed.php$'	=>	$this->index .'?feed=feed',
+								'.*/wp-commentsrss2.php$'	=>	$this->index . '?feed=rss2&withcomments=1');
 
 		// Post
 		$post_rewrite = $this->generate_rewrite_rules($this->permalink_structure, EP_PERMALINK);
@@ -993,6 +993,8 @@ class WP_Rewrite {
 
 		// Enable generic rules for pages if permalink structure doesn't begin with a wildcard.
 		$structure = ltrim($this->permalink_structure, '/');
+		if ( $this->using_index_permalinks() )
+			$structure = ltrim($this->permalink_structure, $this->index . '/');
 		if ( 0 === strpos($structure, '%postname%') ||
 			 0 === strpos($structure, '%category%') ||
 			 0 === strpos($structure, '%tag%') ||

wp-includes/script-loader.php

@@ -27,7 +27,7 @@ class WP_Scripts {
 			'enterImageDescription' => __('Enter a description of the image')
 		) );
 
-		$this->add( 'colorpicker', '/wp-includes/js/colorpicker.js', false, '3517' );
+		$this->add( 'colorpicker', '/wp-includes/js/colorpicker.js', array('prototype'), '3517' );
 
 		// Let a plugin replace the visual editor
 		$visual_editor = apply_filters('visual_editor', array('tiny_mce'));
@@ -36,7 +36,7 @@ class WP_Scripts {
 		$this->add( 'editor_functions', '/wp-admin/js/editor.js', false, '20080325' );
 
 		// Modify this version when tinyMCE plugins are changed.
-		$mce_version = apply_filters('tiny_mce_version', '20080327');
+		$mce_version = apply_filters('tiny_mce_version', '20080414');
 		$this->add( 'tiny_mce', '/wp-includes/js/tinymce/tiny_mce_config.php', array('editor_functions'), $mce_version );
 
 		$this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.6');
@@ -47,7 +47,7 @@ class WP_Scripts {
 			'broken' => __('An unidentified error has occurred.')
 		) );
 
-		$this->add( 'autosave', '/wp-includes/js/autosave.js', array('schedule', 'wp-ajax-response'), '20080326b' );
+		$this->add( 'autosave', '/wp-includes/js/autosave.js', array('schedule', 'wp-ajax-response'), '20080424' );
 
 		$this->add( 'wp-ajax', '/wp-includes/js/wp-ajax.js', array('prototype'), '20070306');
 		$this->localize( 'wp-ajax', 'WPAjaxL10n', array(
@@ -57,7 +57,7 @@ class WP_Scripts {
 			'whoaText' => __("Slow down, I'm still sending your data!")
 		) );
 
-		$this->add( 'wp-lists', '/wp-includes/js/wp-lists.js', array('wp-ajax-response'), '20080322' );
+		$this->add( 'wp-lists', '/wp-includes/js/wp-lists.js', array('wp-ajax-response'), '20080411' );
 		$this->localize( 'wp-lists', 'wpListL10n', array(
 			'url' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php'
 		) );
@@ -87,11 +87,11 @@ class WP_Scripts {
 			'is_lighttpd_before_150' => is_lighttpd_before_150(),
 		) );
 		$this->add( 'swfupload-queue', '/wp-includes/js/swfupload/plugins/swfupload.queue.js', array('swfupload'), '2.0.2');
-		$this->add( 'swfupload-handlers', '/wp-includes/js/swfupload/handlers.js', array('swfupload'), '2.0.2-20080301');
+		$this->add( 'swfupload-handlers', '/wp-includes/js/swfupload/handlers.js', array('swfupload'), '2.0.2-20080407');
 		// these error messages came from the sample swfupload js, they might need changing.
 		$this->localize( 'swfupload-handlers', 'swfuploadL10n', array(
 				'queue_limit_exceeded' => __('You have attempted to queue too many files.'),
-				'file_exceeds_size_limit' => sprintf(__('This file is too big. Your php.ini upload_max_filesize is %s.'), ini_get('upload_max_filesize')),
+				'file_exceeds_size_limit' => sprintf(__('This file is too big. Your php.ini upload_max_filesize is %s.'), @ini_get('upload_max_filesize')),
 				'zero_byte_file' => __('This file is empty. Please try another.'),
 				'invalid_filetype' => __('This file type is not allowed. Please try another.'),
 				'default_error' => __('An error occurred in the upload. Please try again later.'),
@@ -144,7 +144,7 @@ class WP_Scripts {
 				'save' => __('Save'),
 				'cancel' => __('Cancel'),
 			) );
-			$this->add( 'post', '/wp-admin/js/post.js', array('suggest', 'jquery-ui-tabs', 'wp-lists', 'postbox', 'slug'), '20080322' );
+			$this->add( 'post', '/wp-admin/js/post.js', array('suggest', 'jquery-ui-tabs', 'wp-lists', 'postbox', 'slug'), '20080422' );
 			$this->localize( 'post', 'postL10n', array(
 				'tagsUsed' =>  __('Tags used on this post:'),
 				'add' => attribute_escape(__('Add')),
@@ -187,7 +187,7 @@ class WP_Scripts {
 				'saveText' => attribute_escape(__('Save »')),
 				'confirmText' => __("Are you sure you want to delete the file '%title%'?\nClick ok to delete or cancel to go back.")
 			) );
-			$this->add( 'admin-widgets', '/wp-admin/js/widgets.js', array( 'interface' ), '20080319' );
+			$this->add( 'admin-widgets', '/wp-admin/js/widgets.js', array( 'interface' ), '20080407c' );
 			$this->localize( 'admin-widgets', 'widgetsL10n', array(
 				'add' => __('Add'),
 				'edit' => __('Edit'),

wp-includes/shortcodes.php

@@ -72,12 +72,16 @@ function do_shortcode($content) {
 	if (empty($shortcode_tags) || !is_array($shortcode_tags))
 		return $content;
 
+	$pattern = get_shortcode_regex();
+	return preg_replace_callback('/'.$pattern.'/s', 'do_shortcode_tag', $content);
+}
+
+function get_shortcode_regex() {
+	global $shortcode_tags;
 	$tagnames = array_keys($shortcode_tags);
 	$tagregexp = join( '|', array_map('preg_quote', $tagnames) );
 
-	$pattern = '/\[('.$tagregexp.')\b(.*?)(?:(\/))?\](?:(.+?)\[\/\1\])?/s';
-
-	return preg_replace_callback($pattern, 'do_shortcode_tag', $content);
+	return '\[('.$tagregexp.')\b(.*?)(?:(\/))?\](?:(.+?)\[\/\1\])?';
 }
 
 function do_shortcode_tag($m) {
@@ -98,6 +102,7 @@ function do_shortcode_tag($m) {
 function shortcode_parse_atts($text) {
 	$atts = array();
 	$pattern = '/(\w+)\s*=\s*"([^"]*)"(?:\s|$)|(\w+)\s*=\s*\'([^\']*)\'(?:\s|$)|(\w+)\s*=\s*([^\s\'"]+)(?:\s|$)|"([^"]*)"(?:\s|$)|(\S+)(?:\s|$)/';
+	$text = preg_replace("/[\x{00a0}\x{200b}]+/u", " ", $text);
 	if ( preg_match_all($pattern, $text, $match, PREG_SET_ORDER) ) {
 		foreach ($match as $m) {
 			if (!empty($m[1]))
@@ -129,6 +134,6 @@ function shortcode_atts($pairs, $atts) {
 	return $out;
 }
 
-add_filter( 'the_content', 'do_shortcode', 9 );
+add_filter('the_content', 'do_shortcode', 11); // AFTER wpautop() 
 
 ?>

wp-includes/taxonomy.php

@@ -580,7 +580,9 @@ function &get_terms($taxonomies, $args = '') {
 			return $empty_array;
 	}
 
-	$key = md5( serialize( $args ) . serialize( $taxonomies ) );
+	// $args can be whatever, only use the args defined in defaults to compute the key
+	$key = md5( serialize( compact(array_keys($defaults)) ) . serialize( $taxonomies ) );
+
 	if ( $cache = wp_cache_get( 'get_terms', 'terms' ) ) {
 		if ( isset( $cache[ $key ] ) )
 			return apply_filters('get_terms', $cache[$key], $taxonomies, $args);

wp-includes/theme.php

@@ -363,8 +363,8 @@ function get_author_template() {
 
 function get_category_template() {
 	$template = '';
-	if ( file_exists(TEMPLATEPATH . "/category-" . get_query_var('cat') . '.php') )
-		$template = TEMPLATEPATH . "/category-" . get_query_var('cat') . '.php';
+	if ( file_exists(TEMPLATEPATH . "/category-" . absint( get_query_var('cat') ) . '.php') )
+		$template = TEMPLATEPATH . "/category-" . absint( get_query_var('cat') ) . '.php';
 	elseif ( file_exists(TEMPLATEPATH . "/category.php") )
 		$template = TEMPLATEPATH . "/category.php";
 

wp-includes/user.php

@@ -19,6 +19,8 @@ function wp_signon( $credentials = '' ) {
 	else
 		$credentials['remember'] = false;
 
+	do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
+
 	// If no credential info provided, check cookie.
 	if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) {
 			$user = wp_validate_auth_cookie();
@@ -42,8 +44,6 @@ function wp_signon( $credentials = '' ) {
 		return $error;
 	}
 
-	do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
-
 	$user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
 	if ( is_wp_error($user) )
 		return $user;
@@ -148,9 +148,14 @@ function get_usermeta( $user_id, $meta_key = '') {
 
 	if ( !empty($meta_key) ) {
 		$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
-		$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
+		$user = wp_cache_get($user_id, 'users');
+		// Check the cached user object
+		if ( false !== $user && isset($user->$meta_key) )
+			$metas = array($user->$meta_key);
+		else
+			$metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
 	} else {
-		$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
+		$metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) );
 	}
 
 	if ( empty($metas) ) {
@@ -160,13 +165,12 @@ function get_usermeta( $user_id, $meta_key = '') {
 			return '';
 	}
 
-	foreach ($metas as $meta)
-		$values[] = maybe_unserialize($meta->meta_value);
+	$metas = array_map('maybe_unserialize', $metas);
 
-	if ( count($values) == 1 )
-		return $values[0];
+	if ( count($metas) == 1 )
+		return $metas[0];
 	else
-		return $values;
+		return $metas;
 }
 
 function update_usermeta( $user_id, $meta_key, $meta_value ) {

wp-includes/version.php

@@ -8,7 +8,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '2.5';
+$wp_version = '2.5.1';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB scheme
@@ -16,6 +16,6 @@ $wp_version = '2.5';
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 7558;
+$wp_db_version = 7796;
 
 ?>

wp-includes/widgets.php

@@ -306,6 +306,24 @@ function wp_get_sidebars_widgets($update = true) {
 					$_sidebars_widgets[$index][$i] = $id;
 					continue;
 				}
+				
+				$found = false;
+				
+				foreach ( $wp_registered_widgets as $widget_id => $widget ) {
+					if ( strtolower($widget['name']) == strtolower($name) ) {
+						$_sidebars_widgets[$index][$i] = $widget['id'];
+						$found = true;
+						break;
+					} elseif ( sanitize_title($widget['name']) == sanitize_title($name) ) {
+						$_sidebars_widgets[$index][$i] = $widget['id'];
+						$found = true;
+						break;
+					}
+				}
+				
+				if ( $found )
+					continue;
+				
 				unset($_sidebars_widgets[$index][$i]);
 			}
 			$_sidebars_widgets['array_version'] = 2;
@@ -428,6 +446,8 @@ function wp_widget_pages_control() {
 
 function wp_widget_links($args) {
 	extract($args, EXTR_SKIP);
+
+	$before_widget = preg_replace('/id="[^"]*"/','id="%id"', $before_widget);
 	wp_list_bookmarks(array(
 		'title_before' => $before_title, 'title_after' => $after_title,
 		'category_before' => $before_widget, 'category_after' => $after_widget,
@@ -614,6 +634,8 @@ function wp_widget_text_control($widget_args) {
 		}
 
 		foreach ( (array) $_POST['widget-text'] as $widget_number => $widget_text ) {
+			if ( !isset($widget_text['text']) && isset($options[$widget_number]) ) // user clicked cancel
+				continue;
 			$title = strip_tags(stripslashes($widget_text['title']));
 			if ( current_user_can('unfiltered_html') )
 				$text = stripslashes( $widget_text['text'] );
@@ -750,6 +772,8 @@ function wp_widget_categories_control( $widget_args ) {
 		}
 
 		foreach ( (array) $_POST['widget-categories'] as $widget_number => $widget_cat ) {
+			if ( !isset($widget_cat['title']) && isset($options[$widget_number]) ) // user clicked cancel
+				continue;
 			$title = trim(strip_tags(stripslashes($widget_cat['title'])));
 			$count = isset($widget_cat['count']);
 			$hierarchical = isset($widget_cat['hierarchical']);
@@ -858,10 +882,12 @@ function wp_widget_categories_upgrade() {
 }
 
 function wp_widget_recent_entries($args) {
-	if ( $output = wp_cache_get('widget_recent_entries', 'widget') )
-		return print($output);
+	if ( '%BEG_OF_TITLE%' != $args['before_title'] ) {
+		if ( $output = wp_cache_get('widget_recent_entries', 'widget') )
+			return print($output);
+		ob_start();
+	}
 
-	ob_start();
 	extract($args);
 	$options = get_option('widget_recent_entries');
 	$title = empty($options['title']) ? __('Recent Posts') : $options['title'];
@@ -886,7 +912,9 @@ function wp_widget_recent_entries($args) {
 <?php
 		wp_reset_query();  // Restore global post data stomped by the_post().
 	endif;
-	wp_cache_add('widget_recent_entries', ob_get_flush(), 'widget');
+
+	if ( '%BEG_OF_TITLE%' != $args['before_title'] )
+		wp_cache_add('widget_recent_entries', ob_get_flush(), 'widget');
 }
 
 function wp_flush_widget_recent_entries() {
@@ -1170,6 +1198,8 @@ function wp_widget_rss_control($widget_args) {
 		}
 
 		foreach( (array) $_POST['widget-rss'] as $widget_number => $widget_rss ) {
+			if ( !isset($widget_rss['url']) && isset($options[$widget_number]) ) // user clicked cancel
+				continue;
 			$widget_rss = stripslashes_deep( $widget_rss );
 			$url = sanitize_url(strip_tags($widget_rss['url']));
 			$options[$widget_number] = wp_widget_rss_process( $widget_rss, !isset($urls[$url]) );
@@ -1460,6 +1490,8 @@ function widget_many_control( $widget_args = 1 ) {
 
 		foreach ( (array) $_POST['widget-many'] as $widget_number => $widget_many_instance ) {
 			// compile data from $widget_many_instance
+			if ( !isset($widget_many_instance['something']) && isset($options[$widget_number]) ) // user clicked cancel
+				continue;
 			$something = wp_specialchars( $widget_many_instance['something'] );
 			$options[$widget_number] = array( 'something' => $something );  // Even simple widgets should store stuff in array, rather than in scalar
 		}

wp-login.php

@@ -90,13 +90,13 @@ function retrieve_password() {
 	do_action('retreive_password', $user_login);  // Misspelled and deprecated
 	do_action('retrieve_password', $user_login);
 
-	$key = $wpdb->get_var("SELECT user_activation_key FROM $wpdb->users WHERE user_login = '$user_login'");
+	$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
 	if ( empty($key) ) {
 		// Generate something random for a key...
 		$key = wp_generate_password();
 		do_action('retrieve_password_key', $user_login, $key);
 		// Now insert the new md5 key into the db
-		$wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
+		$wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login));
 	}
 	$message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
 	$message .= get_option('siteurl') . "\r\n\r\n";
@@ -118,7 +118,7 @@ function reset_password($key) {
 	if ( empty( $key ) )
 		return new WP_Error('invalid_key', __('Invalid key'));
 
-	$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
+	$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key));
 	if ( empty( $user ) )
 		return new WP_Error('invalid_key', __('Invalid key'));
 

wp-settings.php

@@ -69,10 +69,12 @@ if ( empty( $_SERVER['REQUEST_URI'] ) ) {
 	else
 	{
 		// Some IIS + PHP configurations puts the script-name in the path-info (No need to append it twice)
-		if ( $_SERVER['PATH_INFO'] == $_SERVER['SCRIPT_NAME'] )
-			$_SERVER['REQUEST_URI'] = $_SERVER['PATH_INFO'];
-		else
-			$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
+		if ( isset($_SERVER['PATH_INFO']) ) {
+			if ( $_SERVER['PATH_INFO'] == $_SERVER['SCRIPT_NAME'] )
+				$_SERVER['REQUEST_URI'] = $_SERVER['PATH_INFO'];
+			else
+				$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
+		}
 
 		// Append the query string if it exists and isn't null
 		if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
@@ -330,6 +332,14 @@ if ( !defined('SITECOOKIEPATH') )
  */
 if ( !defined('COOKIE_DOMAIN') )
 	define('COOKIE_DOMAIN', false);
+	
+/**
+ * It is possible to define this in wp-config.php
+ * @since 2.5.0
+ */
+if ( !defined( 'AUTOSAVE_INTERVAL' ) )
+	define( 'AUTOSAVE_INTERVAL', 60 );
+	
 
 require (ABSPATH . WPINC . '/vars.php');