Tagging

git-svn-id: http://svn.automattic.com/wordpress/tags/2.2.2@5850 1a063a9b-81f0-0310-95a4-ce76da25c4cd

readme.html

@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo" style="text-align: center">
 	<img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
-	<br /> Version 2.1
+	<br /> Version 2.2
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
@@ -29,7 +29,7 @@
 
 <h1>Upgrading</h1>
 <p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
-<h2>Upgrading from any previous WordPress to 2.1:</h2>
+<h2>Upgrading from any previous WordPress to 2.2:</h2>
 <ol>
 	<li>Delete your old WP files, saving ones you've modified.</li>
 	<li>Upload the new files.</li>

wp-admin/admin-db.php

@@ -82,7 +82,7 @@ function get_nonauthor_user_ids() {
 function wp_insert_category($catarr) {
 	global $wpdb;
 
-	extract($catarr);
+	extract($catarr, EXTR_SKIP);
 
 	if( trim( $cat_name ) == '' )
 		return 0;
@@ -121,18 +121,11 @@ function wp_insert_category($catarr) {
 	else
 		$links_private = 0;
 
-	if ( empty($type) )
-		$type = TAXONOMY_CATEGORY;
-
-	// Let's check if we have this category already, if so just do an update
-	if ( !$update && $cat_ID = category_object_exists( $category_nicename ) )
-		$update = true;
-
 	if (!$update) {
-		$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_description, category_parent, links_private, posts_private, type) VALUES ('0', '$cat_name', '$category_nicename', '$category_description', '$category_parent', '$links_private', '$posts_private', '$type')");
+		$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_description, category_parent, links_private, posts_private) VALUES ('0', '$cat_name', '$category_nicename', '$category_description', '$category_parent', '$links_private', '$posts_private')");
 		$cat_ID = (int) $wpdb->insert_id;
 	} else {
-		$wpdb->query ("UPDATE $wpdb->categories SET cat_name = '$cat_name', category_nicename = '$category_nicename', category_description = '$category_description', category_parent = '$category_parent', links_private = '$links_private', posts_private = '$posts_private', type = '$type' WHERE cat_ID = '$cat_ID'");
+		$wpdb->query ("UPDATE $wpdb->categories SET cat_name = '$cat_name', category_nicename = '$category_nicename', category_description = '$category_description', category_parent = '$category_parent', links_private = '$links_private', posts_private = '$posts_private' WHERE cat_ID = '$cat_ID'");
 	}
 
 	if ( $category_nicename == '' ) {
@@ -198,18 +191,15 @@ function wp_delete_category($cat_ID) {
 
 	$parent = $category->category_parent;
 
-	// Delete the category if it is not also a tag.
-	if ( 0 == ($category->type & TAXONOMY_TAG) ) {
-		if ( !$wpdb->query("DELETE FROM $wpdb->categories WHERE cat_ID = '$cat_ID'") )
-			return 0;
-	} else {
-		$wpdb->query("UPDATE $wpdb->categories SET type = type & ~" . TAXONOMY_CATEGORY . " WHERE cat_ID = '$cat_ID'");
-	}
+	// Delete the category
+	if ( !$wpdb->query("DELETE FROM $wpdb->categories WHERE cat_ID = '$cat_ID'") )
+		return 0;
+
 	// Update children to point to new parent
 	$wpdb->query("UPDATE $wpdb->categories SET category_parent = '$parent' WHERE category_parent = '$cat_ID'");
 
 	// Only set posts and links to the default category if they're not in another category already
-	$posts = $wpdb->get_col("SELECT post_id FROM $wpdb->post2cat WHERE category_id='$cat_ID' AND rel_type = 'category'");
+	$posts = $wpdb->get_col("SELECT post_id FROM $wpdb->post2cat WHERE category_id='$cat_ID'");
 	foreach ( (array) $posts as $post_id ) {
 		$cats = wp_get_post_categories($post_id);
 		if ( 1 == count($cats) )
@@ -235,18 +225,8 @@ function wp_delete_category($cat_ID) {
 }
 
 function wp_create_category($cat_name) {
-	if ( $id = category_exists($cat_name) )
-		return $id;
-	$cat_array = array('cat_name' => $cat_name, 'type' => TAXONOMY_CATEGORY);
-
-	if ( $id = category_object_exists($cat_name) ) {
-		$category = get_category($id);
-		$cat_array['type'] = $category->type | $cat_array['type'];
-		$cat_array['cat_ID'] = $id;
-		return wp_update_category($cat_array);
-	} else {
-		return wp_insert_category($cat_array);
-	}
+	$cat_array = compact('cat_name');
+	return wp_insert_category($cat_array);
 }
 
 function wp_create_categories($categories, $post_id = '') {
@@ -265,44 +245,12 @@ function wp_create_categories($categories, $post_id = '') {
 	return $cat_ids;
 }
 
-function category_object_exists($cat_name) {
-	global $wpdb;
-	if (!$category_nicename = sanitize_title($cat_name))
-		return 0;
-
-	return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'");
-}
-
 function category_exists($cat_name) {
 	global $wpdb;
 	if (!$category_nicename = sanitize_title($cat_name))
 		return 0;
 
-	return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename' AND ( type & " . TAXONOMY_CATEGORY .  " != 0 )");
-}
-
-function tag_exists($tag_name) {
-	global $wpdb;
-	if (! $tag_nicename = sanitize_title($tag_name))
-		return 0;
-
-	return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$tag_nicename' AND ( type & " . TAXONOMY_TAG .  " != 0 )");
-}
-
-function wp_create_tag($tag_name) {
-	if ( $id = tag_exists($tag_name) )
-		return $id;
-	$tag_array = array('cat_name' => $tag_name, 'type' => TAXONOMY_TAG);
-
-	if ( $id = category_object_exists($tag_name) ) {
-		$category = get_category($id);
-		$tag_array['type'] = $category->type | $tag_array['type'];
-		$tag_array['cat_ID'] = $id;
-		$id = wp_update_category($tag_array);
-		return $id;
-	} else {
-		return wp_insert_category($tag_array);
-	}
+	return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'");
 }
 
 function wp_delete_user($id, $reassign = 'novalue') {
@@ -349,7 +297,7 @@ function wp_revoke_user($id) {
 function wp_insert_link($linkdata) {
 	global $wpdb, $current_user;
 
-	extract($linkdata);
+	extract($linkdata, EXTR_SKIP);
 
 	$update = false;
 
@@ -471,9 +419,11 @@ function wp_delete_link($link_id) {
 	}
 
 	$wpdb->query("DELETE FROM $wpdb->link2cat WHERE link_id = '$link_id'");
-	return $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
+	$wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
 	
 	do_action('deleted_link', $link_id);
+
+	return true;
 }
 
 function wp_get_link_cats($link_ID = 0) {

wp-admin/admin-functions.php

@@ -347,6 +347,8 @@ function get_post_to_edit( $id ) {
 	$post->post_title = apply_filters( 'title_edit_pre', $post->post_title );
 
 	$post->post_password = format_to_edit( $post->post_password );
+	
+	$post->menu_order = (int) $post->menu_order;
 
 	if ( $post->post_type == 'page' )
 		$post->page_template = get_post_meta( $id, '_wp_page_template', true );
@@ -396,12 +398,16 @@ function get_default_post_to_edit() {
 
 function get_comment_to_edit( $id ) {
 	$comment = get_comment( $id );
+	
+	$comment->comment_ID = (int) $comment->comment_ID;
+	$comment->comment_post_ID = (int) $comment->comment_post_ID;
 
-	$comment->comment_content = format_to_edit( $comment->comment_content, user_can_richedit() );
+	$comment->comment_content = format_to_edit( $comment->comment_content );
 	$comment->comment_content = apply_filters( 'comment_edit_pre', $comment->comment_content);
 
 	$comment->comment_author = format_to_edit( $comment->comment_author );
 	$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
+	$comment->comment_author_url = clean_url($comment->comment_author_url);
 	$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
 
 	return $comment;
@@ -409,6 +415,9 @@ function get_comment_to_edit( $id ) {
 
 function get_category_to_edit( $id ) {
 	$category = get_category( $id );
+	
+	$category->term_id = (int) $category->term_id;
+	$category->parent = (int) $category->parent;
 
 	return $category;
 }
@@ -647,7 +656,7 @@ function checked( $checked, $current) {
 
 function return_categories_list( $parent = 0 ) {
 	global $wpdb;
-	return $wpdb->get_col( "SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent AND ( type & " . TAXONOMY_CATEGORY . " != 0 ) AND ( link_count = 0 OR category_count != 0 ) ORDER BY category_count DESC" );
+	return $wpdb->get_col( "SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent AND ( link_count = 0 OR category_count != 0 OR ( link_count = 0 AND category_count = 0 ) ) ORDER BY category_count DESC" );
 }
 
 function sort_cats( $cat1, $cat2 ) {
@@ -657,29 +666,6 @@ function sort_cats( $cat1, $cat2 ) {
 		return strcasecmp( $cat1['cat_name'], $cat2['cat_name'] );
 }
 
-function get_tags_to_edit( $post_id ) {
-	global $wpdb;
-
-	$post_id = (int) $post_id;
-	if ( !$post_id )
-		return false;
-
-	$tags = $wpdb->get_results( "
-		     SELECT category_id, cat_name
-		     FROM $wpdb->categories, $wpdb->post2cat
-		     WHERE $wpdb->post2cat.category_id = cat_ID AND $wpdb->post2cat.post_id = '$post_id' AND rel_type = 'tag'
-		     " );
-	if ( !$tags )
-		return false;
-
-	foreach ( $tags as $tag )
-		$tag_names[] = $tag->cat_name;
-	$tags_to_edit = join( ', ', $tag_names );
-	$tags_to_edit = attribute_escape( $tags_to_edit );
-	$tags_to_edit = apply_filters( 'tags_to_edit', $tags_to_edit );
-	return $tags_to_edit;
-}
-
 function get_nested_categories( $default = 0, $parent = 0 ) {
 	global $post_ID, $link_id, $mode, $wpdb;
 
@@ -687,7 +673,7 @@ function get_nested_categories( $default = 0, $parent = 0 ) {
 		$checked_categories = $wpdb->get_col( "
 		     SELECT category_id
 		     FROM $wpdb->categories, $wpdb->post2cat
-		     WHERE $wpdb->post2cat.category_id = cat_ID AND $wpdb->post2cat.post_id = '$post_ID' AND rel_type = 'category'
+		     WHERE $wpdb->post2cat.category_id = cat_ID AND $wpdb->post2cat.post_id = '$post_ID'
 		     " );
 
 		if ( count( $checked_categories ) == 0 ) {
@@ -744,7 +730,7 @@ function dropdown_categories( $default = 0 ) {
 
 function return_link_categories_list( $parent = 0 ) {
 	global $wpdb;
-	return $wpdb->get_col( "SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent AND ( type & " . TAXONOMY_CATEGORY . " != 0 ) AND ( category_count = 0 OR link_count != 0 ) ORDER BY link_count DESC" );
+	return $wpdb->get_col( "SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent AND ( category_count = 0  OR link_count != 0 OR ( link_count = 0 AND category_count = 0 ) ) ORDER BY link_count DESC" );
 }
 
 function get_nested_link_categories( $default = 0, $parent = 0 ) {
@@ -915,7 +901,7 @@ function user_row( $user_object, $style = '' ) {
 function _wp_get_comment_list( $s = false, $start, $num ) {
 	global $wpdb;
 
-	$start = (int) $start;
+	$start = abs( (int) $start );
 	$num = (int) $num;
 
 	if ( $s ) {
@@ -958,7 +944,7 @@ function _wp_comment_list_item( $id, $alt = 0 ) {
 <?php
 if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 	echo " <a href='comment.php?action=editcomment&amp;c=".$comment->comment_ID."'>" .  __('Edit') . '</a>';
-	echo ' | <a href="' . wp_nonce_url('ocomment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
+	echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
 	if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
 		echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
 		echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
@@ -1049,6 +1035,7 @@ function list_meta( $meta ) {
 		$key_js = js_escape( $entry['meta_key'] );
 		$entry['meta_key']   = attribute_escape($entry['meta_key']);
 		$entry['meta_value'] = attribute_escape($entry['meta_value']);
+		$entry['meta_id'] = (int) $entry['meta_id'];
 		$r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
 		$r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>";
 		$r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>";
@@ -1101,7 +1088,7 @@ function meta_form() {
 <?php
 
 	foreach ( $keys as $key ) {
-		$key = attribute_escape( $key);
+		$key = attribute_escape( $key );
 		echo "\n\t<option value='$key'>$key</option>";
 	}
 ?>
@@ -1122,6 +1109,8 @@ function add_meta( $post_ID ) {
 	global $wpdb;
 	$post_ID = (int) $post_ID;
 
+	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
+
 	$metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
 	$metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
 	$metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
@@ -1137,6 +1126,9 @@ function add_meta( $post_ID ) {
 		if ( $metakeyinput)
 			$metakey = $metakeyinput; // default
 
+		if ( in_array($metakey, $protected) )
+			return false;
+
 		$result = $wpdb->query( "
 						INSERT INTO $wpdb->postmeta 
 						(post_id,meta_key,meta_value ) 
@@ -1156,6 +1148,12 @@ function delete_meta( $mid ) {
 
 function update_meta( $mid, $mkey, $mvalue ) {
 	global $wpdb;
+
+	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
+
+	if ( in_array($mkey, $protected) )
+		return false;
+
 	$mvalue = maybe_serialize( stripslashes( $mvalue ));
 	$mvalue = $wpdb->escape( $mvalue );
 	$mid = (int) $mid;
@@ -2025,6 +2023,7 @@ function wp_import_upload_form( $action ) {
 ?>
 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
 <p>
+<?php wp_nonce_field('import-upload'); ?>
 <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
 <input type="file" id="upload" name="import" size="25" />
 <input type="hidden" name="action" value="save" />

wp-admin/categories.php

@@ -118,15 +118,6 @@ cat_rows();
 </div>
 
 <?php include('edit-category-form.php'); ?>
-
-<div class="wrap">
-<h3><?php _e('Importers &amp; Converters'); ?></h3>
-
-<ul>
-	<li><a href="admin.php?import=wp-cat2tag"><?php _e('Selectively convert categories to tags'); ?></a></li>
-	<li><a href="admin.php?import=utw"><?php _e('Import Ultimate Tag Warrior tags'); ?></a></li>
-</ul>
-</div>
 <?php endif; ?>
 
 <?php

wp-admin/comment.php

@@ -39,7 +39,7 @@ case 'mac':
 	$nonce_action = 'cdc' == $action ? 'delete-comment_' : 'approve-comment_';
 	$nonce_action .= $comment;
 
-	if ( ! $comment = get_comment($comment) )
+	if ( ! $comment = get_comment_to_edit($comment) )
 		wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));
 
 	if ( !current_user_can('edit_post', $comment->comment_post_ID) )
@@ -96,7 +96,7 @@ case 'mac':
 <?php } ?>
 <tr>
 <th scope="row" valign="top"><p><?php _e('Comment:'); ?></p></th>
-<td><?php echo apply_filters( 'comment_text', $comment->comment_content ); ?></td>
+<td><?php echo $comment->comment_content; ?></td>
 </tr>
 </table>
 
@@ -155,7 +155,7 @@ case 'unapprovecomment':
 	if ((wp_get_referer() != "") && (false == $noredir)) {
 		wp_redirect(wp_get_referer());
 	} else {
-		wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments');
+		wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments');
 	}
 	exit();
 	break;
@@ -185,7 +185,7 @@ case 'approvecomment':
 	if ((wp_get_referer() != "") && (false == $noredir)) {
 		wp_redirect(wp_get_referer());
 	} else {
-		wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments');
+		wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments');
 	}
 	exit();
 	break;

wp-admin/custom-header.php

@@ -1,323 +1,332 @@
-<?php
-
-class Custom_Image_Header {
-	var $admin_header_callback;
-
-	function Custom_Image_Header($admin_header_callback) {
-		$this->admin_header_callback = $admin_header_callback;
-	}
-
-	function init() {
-		$page = add_theme_page(__('Custom Image Header'), __('Custom Image Header'), 'edit_themes', 'custom-header', array(&$this, 'admin_page'));
-
-		add_action("admin_print_scripts-$page", array(&$this, 'js_includes'));
-		add_action("admin_head-$page", array(&$this, 'js'), 50);
-		add_action("admin_head-$page", $this->admin_header_callback, 51);
-	}
-
-	function js_includes() {
-		wp_enqueue_script('cropper');
-		wp_enqueue_script('colorpicker');
-	}
-
-	function js() {
-
-		if ( isset( $_POST['textcolor'] ) ) {
-			if ( 'blank' == $_POST['textcolor'] ) {
-				set_theme_mod('header_textcolor', 'blank');
-			} else {
-				$color = preg_replace('/[^0-9a-fA-F]/', '', $_POST['textcolor']);
-				if ( strlen($color) == 6 || strlen($color) == 3 )
-					set_theme_mod('header_textcolor', $color);
-			}
-		}
-		if ( isset($_POST['resetheader']) )
-			remove_theme_mods();
-	?>
-<script type="text/javascript">
-
-	function onEndCrop( coords, dimensions ) {
-		$( 'x1' ).value = coords.x1;
-		$( 'y1' ).value = coords.y1;
-		$( 'x2' ).value = coords.x2;
-		$( 'y2' ).value = coords.y2;
-		$( 'width' ).value = dimensions.width;
-		$( 'height' ).value = dimensions.height;
-	}
-
-	// with a supplied ratio
-	Event.observe(
-		window,
-		'load',
-		function() {
-			var xinit = <?php echo HEADER_IMAGE_WIDTH; ?>;
-			var yinit = <?php echo HEADER_IMAGE_HEIGHT; ?>;
-			var ratio = xinit / yinit;
-			var ximg = $('upload').width;
-			var yimg = $('upload').height;
-			if ( yimg < yinit || ximg < xinit ) {
-				if ( ximg / yimg > ratio ) {
-					yinit = yimg;
-					xinit = yinit * ratio;
-				} else {
-					xinit = ximg;
-					yinit = xinit / ratio;
-				}
-			}
-			new Cropper.Img(
-				'upload',
-				{
-					ratioDim: { x: xinit, y: yinit },
-					displayOnInit: true,
-					onEndCrop: onEndCrop
-				}
-			)
-		}
-	);
-
-	var cp = new ColorPicker();
-
-	function pickColor(color) {
-		$('name').style.color = color;
-		$('desc').style.color = color;
-		$('textcolor').value = color;
-	}
-	function PopupWindow_hidePopup(magicword) {
-		if ( magicword != 'prettyplease' )
-			return false;
-		if (this.divName != null) {
-			if (this.use_gebi) {
-				document.getElementById(this.divName).style.visibility = "hidden";
-			}
-			else if (this.use_css) {
-				document.all[this.divName].style.visibility = "hidden";
-			}
-			else if (this.use_layers) {
-				document.layers[this.divName].visibility = "hidden";
-			}
-		}
-		else {
-			if (this.popupWindow && !this.popupWindow.closed) {
-				this.popupWindow.close();
-				this.popupWindow = null;
-			}
-		}
-		return false;
-	}
-	function colorSelect(t,p) {
-		if ( cp.p == p && document.getElementById(cp.divName).style.visibility != "hidden" ) {
-			cp.hidePopup('prettyplease');
-		} else {
-			cp.p = p;
-			cp.select(t,p);
-		}
-	}
-	function colorDefault() {
-		pickColor('<?php echo HEADER_TEXTCOLOR; ?>');
-	}
-
-	function hide_text() {
-		$('name').style.display = 'none';
-		$('desc').style.display = 'none';
-		$('pickcolor').style.display = 'none';
-		$('defaultcolor').style.display = 'none';
-		$('textcolor').value = 'blank';
-		$('hidetext').value = '<?php _e('Show Text'); ?>';
-//		$('hidetext').onclick = 'show_text()';
-		Event.observe( $('hidetext'), 'click', show_text );
-	}
-
-	function show_text() {
-		$('name').style.display = 'block';
-		$('desc').style.display = 'block';
-		$('pickcolor').style.display = 'inline';
-		$('defaultcolor').style.display = 'inline';
-		$('textcolor').value = '<?php echo HEADER_TEXTCOLOR; ?>';
-		$('hidetext').value = '<?php _e('Hide Text'); ?>';
-		Event.stopObserving( $('hidetext'), 'click', show_text );
-		Event.observe( $('hidetext'), 'click', hide_text );
-	}
-
-	<?php if ( 'blank' == get_theme_mod('header_textcolor', HEADER_TEXTCOLOR) ) { ?>
-Event.observe( window, 'load', hide_text );
-	<?php } ?>
-
-</script>
-<?php
-	}
-
-	function step_1() {
-		if ( $_GET['updated'] ) { ?>
-<div id="message" class="updated fade">
-<p><?php _e('Header updated.') ?></p>
-</div>
-		<?php } ?>
-
-<div class="wrap">
-<h2><?php _e('Your Header Image'); ?></h2>
-<p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p>
-
-<div id="headimg" style="background: url(<?php header_image() ?>) no-repeat;">
-<h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1>
-<div id="desc"><?php bloginfo('description');?></div>
-</div>
-<?php if ( !defined( 'NO_HEADER_TEXT' ) ) { ?>
-<form method="post" action="<?php echo get_option('siteurl') ?>/wp-admin/themes.php?page=custom-header&amp;updated=true">
-<input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
-<input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
-<input type="hidden" name="textcolor" id="textcolor" value="#<?php header_textcolor() ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> &raquo;" /></form>
-<?php } ?>
-
-<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
-</div>
-<div class="wrap">
-<h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p>
-<p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>
-
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
-<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
-<input type="hidden" name="action" value="save" />
-<p class="submit">
-<input type="submit" value="<?php _e('Upload'); ?> &raquo;" />
-</p>
-</form>
-
-</div>
-
-		<?php if ( get_theme_mod('header_image') || get_theme_mod('header_textcolor') ) : ?>
-<div class="wrap">
-<h2><?php _e('Reset Header Image and Color'); ?></h2>
-<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
-<form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
-<input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" />
-</form>
-</div>
-		<?php endif;
-
-	}
-
-	function step_2() {
-		$overrides = array('test_form' => false);
-		$file = wp_handle_upload($_FILES['import'], $overrides);
-
-		if ( isset($file['error']) )
-		die( $file['error'] );
-
-		$url = $file['url'];
-		$file = $file['file'];
-		$filename = basename($file);
-
-		// Construct the object array
-		$object = array(
-		'post_title' => $filename,
-		'post_content' => $url,
-		'post_mime_type' => 'import',
-		'guid' => $url);
-
-		// Save the data
-		$id = wp_insert_attachment($object, $file);
-
-		$upload = array('file' => $file, 'id' => $id);
-
-		list($width, $height, $type, $attr) = getimagesize( $file );
-
-		if ( $width == HEADER_IMAGE_WIDTH && $height == HEADER_IMAGE_HEIGHT ) {
-			set_theme_mod('header_image', $url);
-			$header = apply_filters('wp_create_file_in_uploads', $file, $id); // For replication
-			return $this->finished();
-		} elseif ( $width > HEADER_IMAGE_WIDTH ) {
-			$oitar = $width / HEADER_IMAGE_WIDTH;
-			$image = wp_crop_image($file, 0, 0, $width, $height, HEADER_IMAGE_WIDTH, $height / $oitar, false, str_replace(basename($file), 'midsize-'.basename($file), $file));
-			$image = apply_filters('wp_create_file_in_uploads', $image, $id); // For replication
-
-			$url = str_replace(basename($url), basename($image), $url);
-			$width = $width / $oitar;
-			$height = $height / $oitar;
-		} else {
-			$oitar = 1;
-		}
-		?>
-
-<div class="wrap">
-
-<form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>">
-
-<p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
-<div id="testWrap">
-<img src="<?php echo $url; ?>" id="upload" width="<?php echo $width; ?>" height="<?php echo $height; ?>" />
-</div>
-
-<p class="submit">
-<input type="hidden" name="x1" id="x1" />
-<input type="hidden" name="y1" id="y1" />
-<input type="hidden" name="x2" id="x2" />
-<input type="hidden" name="y2" id="y2" />
-<input type="hidden" name="width" id="width" />
-<input type="hidden" name="height" id="height" />
-<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo $id; ?>" />
-<input type="hidden" name="oitar" id="oitar" value="<?php echo $oitar; ?>" />
-<input type="submit" value="<?php _e('Crop Header &raquo;'); ?>" />
-</p>
-
-</form>
-</div>
-		<?php
-	}
-
-	function step_3() {
-		if ( $_POST['oitar'] > 1 ) {
-			$_POST['x1'] = $_POST['x1'] * $_POST['oitar'];
-			$_POST['y1'] = $_POST['y1'] * $_POST['oitar'];
-			$_POST['width'] = $_POST['width'] * $_POST['oitar'];
-			$_POST['height'] = $_POST['height'] * $_POST['oitar'];
-		}
-
-		$header = wp_crop_image($_POST['attachment_id'], $_POST['x1'], $_POST['y1'], $_POST['width'], $_POST['height'], HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT);
-		$header = apply_filters('wp_create_file_in_uploads', $header); // For replication
-
-		$parent = get_post($_POST['attachment_id']);
-
-		$parent_url = $parent->guid;
-
-		$url = str_replace(basename($parent_url), basename($header), $parent_url);
-
-		set_theme_mod('header_image', $url);
-
-		// cleanup
-		$file = get_attached_file( $_POST['attachment_id'] );
-		$medium = str_replace(basename($file), 'midsize-'.basename($file), $file);
-		@unlink( apply_filters( 'wp_delete_file', $medium ) );
-		wp_delete_attachment( $_POST['attachment_id'] );
-
-		return $this->finished();
-	}
-
-	function finished() {
-		?>
-<div class="wrap">
-<h2><?php _e('Header complete!'); ?></h2>
-
-<p><?php _e('Visit your site and you should see the new header now.'); ?></p>
-
-</div>
-		<?php
-	}
-
-	function admin_page() {
-		if ( !isset( $_GET['step'] ) )
-			$step = 1;
-		else
-			$step = (int) $_GET['step'];
-
-		if ( 1 == $step ) {
-			$this->step_1();
-		} elseif ( 2 == $step ) {
-			$this->step_2();
-		} elseif ( 3 == $step ) {
-			$this->step_3();
-		}
-
-	}
-
-}
-?>
+<?php
+
+class Custom_Image_Header {
+	var $admin_header_callback;
+
+	function Custom_Image_Header($admin_header_callback) {
+		$this->admin_header_callback = $admin_header_callback;
+	}
+
+	function init() {
+		$page = add_theme_page(__('Custom Image Header'), __('Custom Image Header'), 'edit_themes', 'custom-header', array(&$this, 'admin_page'));
+
+		add_action("admin_print_scripts-$page", array(&$this, 'js_includes'));
+		add_action("admin_head-$page", array(&$this, 'js'), 50);
+		add_action("admin_head-$page", $this->admin_header_callback, 51);
+	}
+
+	function js_includes() {
+		wp_enqueue_script('cropper');
+		wp_enqueue_script('colorpicker');
+	}
+
+	function js() {
+
+		if ( isset( $_POST['textcolor'] ) ) {
+			check_admin_referer('custom-header');
+			if ( 'blank' == $_POST['textcolor'] ) {
+				set_theme_mod('header_textcolor', 'blank');
+			} else {
+				$color = preg_replace('/[^0-9a-fA-F]/', '', $_POST['textcolor']);
+				if ( strlen($color) == 6 || strlen($color) == 3 )
+					set_theme_mod('header_textcolor', $color);
+			}
+		}
+		if ( isset($_POST['resetheader']) ) {
+			check_admin_referer('custom-header');
+			remove_theme_mods();
+		}
+	?>
+<script type="text/javascript">
+
+	function onEndCrop( coords, dimensions ) {
+		$( 'x1' ).value = coords.x1;
+		$( 'y1' ).value = coords.y1;
+		$( 'x2' ).value = coords.x2;
+		$( 'y2' ).value = coords.y2;
+		$( 'width' ).value = dimensions.width;
+		$( 'height' ).value = dimensions.height;
+	}
+
+	// with a supplied ratio
+	Event.observe(
+		window,
+		'load',
+		function() {
+			var xinit = <?php echo HEADER_IMAGE_WIDTH; ?>;
+			var yinit = <?php echo HEADER_IMAGE_HEIGHT; ?>;
+			var ratio = xinit / yinit;
+			var ximg = $('upload').width;
+			var yimg = $('upload').height;
+			if ( yimg < yinit || ximg < xinit ) {
+				if ( ximg / yimg > ratio ) {
+					yinit = yimg;
+					xinit = yinit * ratio;
+				} else {
+					xinit = ximg;
+					yinit = xinit / ratio;
+				}
+			}
+			new Cropper.Img(
+				'upload',
+				{
+					ratioDim: { x: xinit, y: yinit },
+					displayOnInit: true,
+					onEndCrop: onEndCrop
+				}
+			)
+		}
+	);
+
+	var cp = new ColorPicker();
+
+	function pickColor(color) {
+		$('name').style.color = color;
+		$('desc').style.color = color;
+		$('textcolor').value = color;
+	}
+	function PopupWindow_hidePopup(magicword) {
+		if ( magicword != 'prettyplease' )
+			return false;
+		if (this.divName != null) {
+			if (this.use_gebi) {
+				document.getElementById(this.divName).style.visibility = "hidden";
+			}
+			else if (this.use_css) {
+				document.all[this.divName].style.visibility = "hidden";
+			}
+			else if (this.use_layers) {
+				document.layers[this.divName].visibility = "hidden";
+			}
+		}
+		else {
+			if (this.popupWindow && !this.popupWindow.closed) {
+				this.popupWindow.close();
+				this.popupWindow = null;
+			}
+		}
+		return false;
+	}
+	function colorSelect(t,p) {
+		if ( cp.p == p && document.getElementById(cp.divName).style.visibility != "hidden" ) {
+			cp.hidePopup('prettyplease');
+		} else {
+			cp.p = p;
+			cp.select(t,p);
+		}
+	}
+	function colorDefault() {
+		pickColor('<?php echo HEADER_TEXTCOLOR; ?>');
+	}
+
+	function hide_text() {
+		$('name').style.display = 'none';
+		$('desc').style.display = 'none';
+		$('pickcolor').style.display = 'none';
+		$('defaultcolor').style.display = 'none';
+		$('textcolor').value = 'blank';
+		$('hidetext').value = '<?php _e('Show Text'); ?>';
+//		$('hidetext').onclick = 'show_text()';
+		Event.observe( $('hidetext'), 'click', show_text );
+	}
+
+	function show_text() {
+		$('name').style.display = 'block';
+		$('desc').style.display = 'block';
+		$('pickcolor').style.display = 'inline';
+		$('defaultcolor').style.display = 'inline';
+		$('textcolor').value = '<?php echo HEADER_TEXTCOLOR; ?>';
+		$('hidetext').value = '<?php _e('Hide Text'); ?>';
+		Event.stopObserving( $('hidetext'), 'click', show_text );
+		Event.observe( $('hidetext'), 'click', hide_text );
+	}
+
+	<?php if ( 'blank' == get_theme_mod('header_textcolor', HEADER_TEXTCOLOR) ) { ?>
+Event.observe( window, 'load', hide_text );
+	<?php } ?>
+
+</script>
+<?php
+	}
+
+	function step_1() {
+		if ( $_GET['updated'] ) { ?>
+<div id="message" class="updated fade">
+<p><?php _e('Header updated.') ?></p>
+</div>
+		<?php } ?>
+
+<div class="wrap">
+<h2><?php _e('Your Header Image'); ?></h2>
+<p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p>
+
+<div id="headimg" style="background: url(<?php clean_url(header_image()) ?>) no-repeat;">
+<h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1>
+<div id="desc"><?php bloginfo('description');?></div>
+</div>
+<?php if ( !defined( 'NO_HEADER_TEXT' ) ) { ?>
+<form method="post" action="<?php echo get_option('siteurl') ?>/wp-admin/themes.php?page=custom-header&amp;updated=true">
+<input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
+<input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
+<?php wp_nonce_field('custom-header') ?>
+<input type="hidden" name="textcolor" id="textcolor" value="#<?php attribute_escape(header_textcolor()) ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> &raquo;" /></form>
+<?php } ?>
+
+<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
+</div>
+<div class="wrap">
+<h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p>
+<p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>
+
+<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
+<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
+<input type="hidden" name="action" value="save" />
+<?php wp_nonce_field('custom-header') ?>
+<p class="submit">
+<input type="submit" value="<?php _e('Upload'); ?> &raquo;" />
+</p>
+</form>
+
+</div>
+
+		<?php if ( get_theme_mod('header_image') || get_theme_mod('header_textcolor') ) : ?>
+<div class="wrap">
+<h2><?php _e('Reset Header Image and Color'); ?></h2>
+<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
+<form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
+<?php wp_nonce_field('custom-header'); ?>
+<input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" />
+</form>
+</div>
+		<?php endif;
+
+	}
+
+	function step_2() {
+		check_admin_referer('custom-header');
+		$overrides = array('test_form' => false);
+		$file = wp_handle_upload($_FILES['import'], $overrides);
+
+		if ( isset($file['error']) )
+		die( $file['error'] );
+
+		$url = $file['url'];
+		$file = $file['file'];
+		$filename = basename($file);
+
+		// Construct the object array
+		$object = array(
+		'post_title' => $filename,
+		'post_content' => $url,
+		'post_mime_type' => 'import',
+		'guid' => $url);
+
+		// Save the data
+		$id = wp_insert_attachment($object, $file);
+
+		$upload = array('file' => $file, 'id' => $id);
+
+		list($width, $height, $type, $attr) = getimagesize( $file );
+
+		if ( $width == HEADER_IMAGE_WIDTH && $height == HEADER_IMAGE_HEIGHT ) {
+			set_theme_mod('header_image', clean_url($url));
+			$header = apply_filters('wp_create_file_in_uploads', $file, $id); // For replication
+			return $this->finished();
+		} elseif ( $width > HEADER_IMAGE_WIDTH ) {
+			$oitar = $width / HEADER_IMAGE_WIDTH;
+			$image = wp_crop_image($file, 0, 0, $width, $height, HEADER_IMAGE_WIDTH, $height / $oitar, false, str_replace(basename($file), 'midsize-'.basename($file), $file));
+			$image = apply_filters('wp_create_file_in_uploads', $image, $id); // For replication
+
+			$url = str_replace(basename($url), basename($image), $url);
+			$width = $width / $oitar;
+			$height = $height / $oitar;
+		} else {
+			$oitar = 1;
+		}
+		?>
+
+<div class="wrap">
+
+<form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>">
+
+<p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
+<div id="testWrap">
+<img src="<?php echo $url; ?>" id="upload" width="<?php echo $width; ?>" height="<?php echo $height; ?>" />
+</div>
+
+<p class="submit">
+<input type="hidden" name="x1" id="x1" />
+<input type="hidden" name="y1" id="y1" />
+<input type="hidden" name="x2" id="x2" />
+<input type="hidden" name="y2" id="y2" />
+<input type="hidden" name="width" id="width" />
+<input type="hidden" name="height" id="height" />
+<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo $id; ?>" />
+<input type="hidden" name="oitar" id="oitar" value="<?php echo $oitar; ?>" />
+<?php wp_nonce_field('custom-header') ?>
+<input type="submit" value="<?php _e('Crop Header &raquo;'); ?>" />
+</p>
+
+</form>
+</div>
+		<?php
+	}
+
+	function step_3() {
+		check_admin_referer('custom-header');
+		if ( $_POST['oitar'] > 1 ) {
+			$_POST['x1'] = $_POST['x1'] * $_POST['oitar'];
+			$_POST['y1'] = $_POST['y1'] * $_POST['oitar'];
+			$_POST['width'] = $_POST['width'] * $_POST['oitar'];
+			$_POST['height'] = $_POST['height'] * $_POST['oitar'];
+		}
+
+		$header = wp_crop_image($_POST['attachment_id'], $_POST['x1'], $_POST['y1'], $_POST['width'], $_POST['height'], HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT);
+		$header = apply_filters('wp_create_file_in_uploads', $header); // For replication
+
+		$parent = get_post($_POST['attachment_id']);
+
+		$parent_url = $parent->guid;
+
+		$url = str_replace(basename($parent_url), basename($header), $parent_url);
+
+		set_theme_mod('header_image', $url);
+
+		// cleanup
+		$file = get_attached_file( $_POST['attachment_id'] );
+		$medium = str_replace(basename($file), 'midsize-'.basename($file), $file);
+		@unlink( apply_filters( 'wp_delete_file', $medium ) );
+		wp_delete_attachment( $_POST['attachment_id'] );
+
+		return $this->finished();
+	}
+
+	function finished() {
+		?>
+<div class="wrap">
+<h2><?php _e('Header complete!'); ?></h2>
+
+<p><?php _e('Visit your site and you should see the new header now.'); ?></p>
+
+</div>
+		<?php
+	}
+
+	function admin_page() {
+		if ( !isset( $_GET['step'] ) )
+			$step = 1;
+		else
+			$step = (int) $_GET['step'];
+
+		if ( 1 == $step ) {
+			$this->step_1();
+		} elseif ( 2 == $step ) {
+			$this->step_2();
+		} elseif ( 3 == $step ) {
+			$this->step_3();
+		}
+
+	}
+
+}
+?>

wp-admin/edit-comments.php

@@ -76,9 +76,10 @@ if ( !empty( $_POST['delete_comments'] ) ) :
 endif;
 
 if ( isset( $_GET['apage'] ) )
-	$page = (int) $_GET['apage'];
+	$page = abs( (int) $_GET['apage'] );
 else
 	$page = 1;
+
 $start = $offset = ( $page - 1 ) * 20;
 
 list($_comments, $total) = _wp_get_comment_list( isset($_GET['s']) ? $_GET['s'] : false, $start, 25 ); // Grab a few extra
@@ -87,8 +88,8 @@ $comments = array_slice($_comments, 0, 20);
 $extra_comments = array_slice($_comments, 20);
 
 $page_links = paginate_links( array(
-	'base' => 'edit-comments.php?%_%',
-	'format' => 'apage=%#%',
+	'base' => add_query_arg( 'apage', '%#%' ), 
+	'format' => '',
 	'total' => ceil($total / 20),
 	'current' => $page
 ));

wp-admin/edit-form-advanced.php

@@ -1,10 +1,12 @@
 <?php
+if ( isset($_GET['message']) )
+	  $_GET['message'] = (int) $_GET['message'];
 $messages[1] = __('Post updated');
 $messages[2] = __('Custom field updated');
 $messages[3] = __('Custom field deleted.');
 ?>
 <?php if (isset($_GET['message'])) : ?>
-<div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>
+<div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div>
 <?php endif; ?>
 
 <form name="post" action="post.php" method="post" id="post">
@@ -21,16 +23,17 @@ if (0 == $post_ID) {
 	$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
 	wp_nonce_field('add-post');
 } else {
+	$post_ID = (int) $post_ID;
 	$form_action = 'editpost';
 	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 	wp_nonce_field('update-post_' .  $post_ID);
 }
 
-$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
+$form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />';
 
-$form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status . '" />';
+$form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />';
 
-$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />';
+$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
 
 if ('' != $post->pinged) {
 	$pings = '<p>'. __('Already pinged:') . '</p><ul>';
@@ -41,16 +44,16 @@ if ('' != $post->pinged) {
 	$pings .= '</ul>';
 }
 
-$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />';
+$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape( __('Save and Continue Editing') ) . '" />';
 
 if (empty($post->post_status)) $post->post_status = 'draft';
 
 ?>
 
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" />
 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
-<input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" />
+<input type="hidden" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
 <input type="hidden" id="post_type" name="post_type" value="post" />
 
 <?php echo $form_extra ?>
@@ -88,12 +91,12 @@ addLoadEvent(focusit);
 
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Password') ?></h3> 
-<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div>
 </fieldset>
 
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Slug') ?></h3> 
-<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div>
 </fieldset>
 
 <fieldset id="poststatusdiv" class="dbx-box">
@@ -125,7 +128,7 @@ foreach ($authors as $o) :
 $o = get_userdata( $o->ID );
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
-echo "<option value='$o->ID' $selected>$o->display_name</option>";
+echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars( $o->display_name ) . "</option>";
 endforeach;
 ?>
 </select>
@@ -140,7 +143,7 @@ endforeach;
 
 <fieldset id="titlediv">
 	<legend><?php _e('Title') ?></legend>
-	<div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+	<div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
 </fieldset>
 
 <fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
@@ -159,10 +162,6 @@ endforeach;
 <?php echo $form_pingback ?>
 <?php echo $form_prevstatus ?>
 
-<fieldset id="tagdiv">
-	<legend><?php _e('Tags (separate multiple tags with commas: cats, pet food, dogs)'); ?></legend>
-	<div><input type="text" name="tags_input" id="tags-input" size="30" tabindex="3" value="<?php echo get_tags_to_edit( $post_ID ); ?>" /></div>
-</fieldset>
 
 <p class="submit">
 <span id="autosave"></span>
@@ -172,7 +171,7 @@ endforeach;
 if ('publish' != $post->post_status || 0 == $post_ID) {
 ?>
 <?php if ( current_user_can('publish_posts') ) : ?>
-	<input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" /> 
+	<input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish'); ?>" /> 
 <?php endif; ?>
 <?php
 }
@@ -190,7 +189,7 @@ else
 
 <?php
 if (current_user_can('upload_files')) {
-	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
+	$uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID);
 	$uploading_iframe_src = wp_nonce_url("upload.php?style=inline&amp;tab=upload&amp;post_id=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )

wp-admin/edit-form-comment.php

@@ -2,13 +2,13 @@
 $submitbutton_text = __('Edit Comment »');
 $toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
 $form_action = 'editedcomment';
-$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='".$comment->comment_post_ID;
+$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" . $comment->comment_post_ID;
 ?>
 
 <form name="post" action="comment.php" method="post" id="post">
 <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
 
 <script type="text/javascript">
@@ -20,19 +20,19 @@ addLoadEvent(focusit);
 <fieldset id="namediv">
     <legend><label for="name"><?php _e('Name:') ?></label></legend>
 	<div>
-	  <input type="text" name="newcomment_author" size="25" value="<?php echo $comment->comment_author ?>" tabindex="1" id="name" />
+	  <input type="text" name="newcomment_author" size="25" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" />
     </div>
 </fieldset>
 <fieldset id="emaildiv">
         <legend><label for="email"><?php _e('E-mail:') ?></label></legend>
 		<div>
-		  <input type="text" name="newcomment_author_email" size="20" value="<?php echo $comment->comment_author_email ?>" tabindex="2" id="email" />
+		  <input type="text" name="newcomment_author_email" size="20" value="<?php echo attribute_escape( $comment->comment_author_email ); ?>" tabindex="2" id="email" />
     </div>
 </fieldset>
 <fieldset id="uridiv">
         <legend><label for="newcomment_author_url"><?php _e('URL:') ?></label></legend>
 		<div>
-		  <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" />
+		  <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape( $comment->comment_author_url ); ?>" tabindex="3" />
     </div>
 </fieldset>
 

wp-admin/edit-form.php

@@ -6,7 +6,7 @@
 <?php if (isset($mode) && 'bookmarklet' == $mode) : ?>
 <input type="hidden" name="mode" value="bookmarklet" />
 <?php endif; ?>
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='post' />
 
 <script type="text/javascript">
@@ -21,7 +21,7 @@ addLoadEvent(focusit);
 <div id="poststuff">
     <fieldset id="titlediv">
       <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend> 
-	  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+	  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div>
     </fieldset>
 
     <fieldset id="categorydiv">
@@ -49,7 +49,7 @@ edCanvas = document.getElementById('content');
 //-->
 </script>
 
-<input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />
+<input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" />
 
 <p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)'), 'http://wordpress.org/docs/reference/post/#trackback'); echo '<br />'; ?>
 	<input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p>
@@ -64,7 +64,7 @@ edCanvas = document.getElementById('content');
 <?php if ('bookmarklet' != $mode) {
 		echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
 	} ?>
-	<input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />
+	<input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" />
 </p>
 
 <?php do_action('simple_edit_form', ''); ?>

wp-admin/edit-page-form.php

@@ -2,17 +2,22 @@
 <div class="wrap">
 <h2 id="write-post"><?php _e('Write Page'); ?></h2>
 <?php
+
 if (0 == $post_ID) {
 	$form_action = 'post';
 	$nonce_action = 'add-page';
 	$temp_ID = -1 * time(); // don't change this formula without looking at wp_write_post()
 	$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
 } else {
+	$post_ID = (int) $post_ID;
 	$form_action = 'editpost';
 	$nonce_action = 'update-page_' . $post_ID;
 	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
+$temp_ID = (int) $temp_ID;
+$user_ID = (int) $user_ID;
+
 $sendto = clean_url(stripslashes(wp_get_referer()));
 
 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
@@ -68,7 +73,7 @@ addLoadEvent(focusit);
 
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Page Password') ?></h3>
-<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div>
 </fieldset>
 
 <fieldset id="pageparent" class="dbx-box">
@@ -93,7 +98,7 @@ addLoadEvent(focusit);
 
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Page Slug') ?></h3>
-<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div>
 </fieldset>
 
 <?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
@@ -106,6 +111,8 @@ foreach ($authors as $o) :
 $o = get_userdata( $o->ID );
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
+$o->ID = (int) $o->ID;
+$o->display_name = wp_specialchars( $o->display_name );
 echo "<option value='$o->ID' $selected>$o->display_name</option>";
 endforeach;
 ?>
@@ -126,7 +133,7 @@ endforeach;
 
 <fieldset id="titlediv">
   <legend><?php _e('Page Title') ?></legend>
-  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div>
 </fieldset>
 
 

wp-admin/export.php

@@ -147,7 +147,7 @@ print '<?xml version="1.0" encoding="' . get_bloginfo('charset') . '"?' . ">\n";
 		contained in this file onto your blog.
 -->
 
-<!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H:m'); ?>"-->
+<!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H:i'); ?>"-->
 <rss version="2.0"
 	xmlns:content="http://purl.org/rss/1.0/modules/content/"
 	xmlns:wfw="http://wellformedweb.org/CommentAPI/"

wp-admin/import/blogger.php

@@ -743,10 +743,11 @@ class Blogger_Import {
 
 	// Step 9: Congratulate the user
 	function congrats() {
+		$blog = (int) $_GET['blog'];
 		echo '<h1>'.__('Congratulations!').'</h1><p>'.__('Now that you have imported your Blogger blog into WordPress, what are you going to do? Here are some suggestions:').'</p><ul><li>'.__('That was hard work! Take a break.').'</li>';
 		if ( count($this->import['blogs']) > 1 )
 			echo '<li>'.__('In case you haven\'t done it already, you can import the posts from your other blogs:'). $this->show_blogs() . '</li>';
-		if ( $n = count($this->import['blogs'][$_GET['blog']]['newusers']) )
+		if ( $n = count($this->import['blogs'][$blog]['newusers']) )
 			echo '<li>'.sprintf(__('Go to <a href="%s" target="%s">Authors &amp; Users</a>, where you can modify the new user(s) or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.'), 'users.php', '_parent').'</li>';
 		echo '<li>'.__('For security, click the link below to reset this importer.').'</li>';
 		echo '</ul>';
@@ -765,6 +766,7 @@ class Blogger_Import {
 
 		if ( isset( $_REQUEST['blog'] ) ) {
 			$blog = is_array($_REQUEST['blog']) ? array_shift( array_keys( $_REQUEST['blog'] ) ) : $_REQUEST['blog'];
+			$blog = (int) $blog;
 			$this->import_blog( $blog );
 		} elseif ( isset($_GET['token']) )
 			$this->auth();

wp-admin/import/dotclear.php

@@ -147,8 +147,9 @@ class Dotclear_Import {
 		echo '<div class="narrow"><p>'.__('Howdy! This importer allows you to extract posts from a DotClear database into your blog.  Mileage may vary.').'</p>';
 		echo '<p>'.__('Your DotClear Configuration settings are as follows:').'</p>';
 		echo '<form action="admin.php?import=dotclear&amp;step=1" method="post">';
+		wp_nonce_field('import-dotclear');
 		$this->db_form();
-		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Import Categories').' &raquo;" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
 		echo '</form></div>';
 	}
 
@@ -558,7 +559,8 @@ class Dotclear_Import {
 
 
 		echo '<form action="admin.php?import=dotclear&amp;step=2" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
 		echo '</form>';
 
 	}
@@ -570,7 +572,8 @@ class Dotclear_Import {
 		$this->users2wp($users);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=3" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
 		echo '</form>';
 	}
 
@@ -581,7 +584,8 @@ class Dotclear_Import {
 		$this->posts2wp($posts);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=4" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
 		echo '</form>';
 	}
 
@@ -592,7 +596,8 @@ class Dotclear_Import {
 		$this->comments2wp($comments);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=5" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
 		echo '</form>';
 	}
 
@@ -604,7 +609,8 @@ class Dotclear_Import {
 		add_option('dc_links', $links);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=6" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
 		echo '</form>';
 	}
 
@@ -667,42 +673,44 @@ class Dotclear_Import {
 
 		if ( $step > 0 )
 		{
+			check_admin_referer('import-dotclear');
+
 			if($_POST['dbuser'])
 			{
 				if(get_option('dcuser'))
 					delete_option('dcuser');
-				add_option('dcuser',$_POST['dbuser']);
+				add_option('dcuser', sanitize_user($_POST['dbuser'], true));
 			}
 			if($_POST['dbpass'])
 			{
 				if(get_option('dcpass'))
 					delete_option('dcpass');
-				add_option('dcpass',$_POST['dbpass']);
+				add_option('dcpass', sanitize_user($_POST['dbpass'], true));
 			}
 
 			if($_POST['dbname'])
 			{
 				if(get_option('dcname'))
 					delete_option('dcname');
-				add_option('dcname',$_POST['dbname']);
+				add_option('dcname', sanitize_user($_POST['dbname'], true));
 			}
 			if($_POST['dbhost'])
 			{
 				if(get_option('dchost'))
 					delete_option('dchost');
-				add_option('dchost',$_POST['dbhost']);
+				add_option('dchost', sanitize_user($_POST['dbhost'], true));
 			}
 			if($_POST['dccharset'])
 			{
 				if(get_option('dccharset'))
 					delete_option('dccharset');
-				add_option('dccharset',$_POST['dccharset']);
+				add_option('dccharset', sanitize_user($_POST['dccharset'], true));
 			}
 			if($_POST['dbprefix'])
 			{
 				if(get_option('dcdbprefix'))
 					delete_option('dcdbprefix');
-				add_option('dcdbprefix',$_POST['dbprefix']);
+				add_option('dcdbprefix', sanitize_user($_POST['dbprefix'], true));
 			}
 
 

wp-admin/import/greymatter.php

@@ -34,6 +34,7 @@ class GM_Import {
 <form name="stepOne" method="get">
 <input type="hidden" name="import" value="greymatter" />
 <input type="hidden" name="step" value="1" />
+<?php wp_nonce_field('import-greymatter'); ?>
 <h3><?php _e('Second step: GreyMatter details:') ?></h3>
 <p><table cellpadding="0">
 <tr>
@@ -87,10 +88,12 @@ class GM_Import {
 		}
 
 		if (!chdir($archivespath))
-			wp_die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $archivespath));
+			wp_die(__("Wrong path, the path to the GM entries does not exist on the server"));
 
 		if (!chdir($gmpath))
-			wp_die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $gmpath));
+			wp_die(__("Wrong path, the path to the GM files does not exist on the server"));
+
+		$lastentry = (int) $lastentry;
 
 		$this->header();
 ?>
@@ -297,6 +300,7 @@ class GM_Import {
 				$this->greet();
 				break;
 			case 1:
+				check_admin_referer('import-greymatter');
 				$this->import();
 				break;
 		}

wp-admin/import/livejournal.php

@@ -153,6 +153,7 @@ class LJ_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->import();
 				break;
 		}

wp-admin/import/mt.php

@@ -147,6 +147,7 @@ class MT_Import {
 		$authors = $this->get_mt_authors();
 		echo '<ol id="authors">';
 		echo '<form action="?import=mt&amp;step=2&amp;id=' . $this->id . '" method="post">';
+		wp_nonce_field('import-mt');
 		$j = -1;
 		foreach ($authors as $author) {
 			++ $j;
@@ -417,9 +418,11 @@ class MT_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->select_authors();
 				break;
 			case 2:
+				check_admin_referer('import-mt');
 				$this->import();
 				break;
 		}

wp-admin/import/rss.php

@@ -156,6 +156,7 @@ class RSS_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->import();
 				break;
 		}

wp-admin/import/textpattern.php

@@ -56,8 +56,9 @@ class Textpattern_Import {
 		echo '<p>'.__('This has not been tested on previous versions of Textpattern.  Mileage may vary.').'</p>';
 		echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>';
 		echo '<form action="admin.php?import=textpattern&amp;step=1" method="post">';
+		wp_nonce_field('import-textpattern');
 		$this->db_form();
-		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Import Categories').' &raquo;" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
@@ -483,7 +484,8 @@ class Textpattern_Import {
 
 
 		echo '<form action="admin.php?import=textpattern&amp;step=2" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
 		echo '</form>';
 
 	}
@@ -495,7 +497,8 @@ class Textpattern_Import {
 		$this->users2wp($users);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=3" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
 		echo '</form>';
 	}
 
@@ -506,7 +509,8 @@ class Textpattern_Import {
 		$this->posts2wp($posts);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=4" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
 		echo '</form>';
 	}
 
@@ -517,7 +521,8 @@ class Textpattern_Import {
 		$this->comments2wp($comments);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=5" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
 		echo '</form>';
 	}
 
@@ -529,7 +534,8 @@ class Textpattern_Import {
 		add_option('txp_links', $links);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=6" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
 		echo '</form>';
 	}
 
@@ -590,36 +596,38 @@ class Textpattern_Import {
 
 		if ( $step > 0 )
 		{
+			check_admin_referer('import-textpattern');
+
 			if($_POST['dbuser'])
 			{
 				if(get_option('txpuser'))
 					delete_option('txpuser');
-				add_option('txpuser',$_POST['dbuser']);
+				add_option('txpuser', sanitize_user($_POST['dbuser'], true));
 			}
 			if($_POST['dbpass'])
 			{
 				if(get_option('txppass'))
 					delete_option('txppass');
-				add_option('txppass',$_POST['dbpass']);
+				add_option('txppass',  sanitize_user($_POST['dbpass'], true));
 			}
 
 			if($_POST['dbname'])
 			{
 				if(get_option('txpname'))
 					delete_option('txpname');
-				add_option('txpname',$_POST['dbname']);
+				add_option('txpname',  sanitize_user($_POST['dbname'], true));
 			}
 			if($_POST['dbhost'])
 			{
 				if(get_option('txphost'))
 					delete_option('txphost');
-				add_option('txphost',$_POST['dbhost']);
+				add_option('txphost',  sanitize_user($_POST['dbhost'], true));
 			}
 			if($_POST['dbprefix'])
 			{
 				if(get_option('tpre'))
 					delete_option('tpre');
-				add_option('tpre',$_POST['dbprefix']);
+				add_option('tpre',  sanitize_user($_POST['dbprefix']));
 			}
 
 

wp-admin/import/utw.php

@@ -1,270 +0,0 @@
-<?php
-
-class UTW_Import {
-	
-	function header()  {
-		echo '<div class="wrap">';
-		echo '<h2>'.__('Import Ultimate Tag Warrior').'</h2>';
-		echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'<br /><br /></p>';
-	}
-
-	function footer() {
-		echo '</div>';
-	}
-
-	function greet() {
-		echo '<div class="narrow">';
-		echo '<p>'.__('Howdy! This imports tags from an existing Ultimate Tag Warrior 3 installation into this blog using the new WordPress native tagging structure.').'</p>';
-		echo '<p>'.__('This has not been tested on any other versions of Ultimate Tag Warrior. Mileage may vary.').'</p>';
-		echo '<p>'.__('To accommodate larger databases for those tag-crazy authors out there, we have made this into an easy 5-step program to help you kick that nasty UTW habit. Just keep clicking along and we will let you know when you are in the clear!').'</p>';
-		echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
-		echo '<form action="admin.php?import=utw&amp;step=1" method="post">';
-		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 1 &raquo;').'" /></p>';
-		echo '</form>';
-		echo '</div>';
-	}
-	
-	
-	function dispatch () {
-		if ( empty( $_GET['step'] ) ) {
-			$step = 0;
-		} else {
-			$step = (int) $_GET['step'];
-		}
-		
-		// load the header
-		$this->header();
-		
-		switch ( $step ) {
-			case 0 :
-				$this->greet();
-				break;
-			case 1 :
-				$this->import_tags();
-				break;
-			case 2 :
-				$this->import_posts();
-				break;
-			case 3:
-				$this->import_t2p();
-				break;
-			case 4:
-				$this->cleanup_import();
-				break;
-		}
-		
-		// load the footer
-		$this->footer();
-	}
-	
-	
-	function import_tags ( ) {
-		echo '<div class="narrow">';
-		echo '<p><h3>'.__('Reading UTW Tags&#8230;').'</h3></p>';
-		
-		$tags = $this->get_utw_tags();
-		
-		// if we didn't get any tags back, that's all there is folks!
-		if ( !is_array($tags) ) {
-			echo '<p>' . __('No Tags Found!') . '</p>';
-			return false;
-		}
-		else {
-
-			// if there's an existing entry, delete it
-			if ( get_option('utwimp_tags') ) {
-				delete_option('utwimp_tags');
-			}
-
-			add_option('utwimp_tags', $tags);
-			
-
-			$count = count($tags);
-			
-			echo '<p>' . sprintf( __('Done! <strong>%s</strong> tags were read.'), $count ) . '<br /></p>';
-			echo '<p>' . __('The following tags were found:') . '</p>';
-			
-			echo '<ul>';
-			
-			foreach ( $tags as $tag_id => $tag_name ) {
-				
-				echo '<li>' . $tag_name . '</li>';
-				
-			}
-			
-			echo '</ul>';
-			
-			echo '<br />';
-			
-			echo '<p>' . __('If you don&#8217;t want to import any of these tags, you should delete them from the UTW tag management page and then re-run this import.') . '</p>';
-			
-			
-		}
-		
-		echo '<form action="admin.php?import=utw&amp;step=2" method="post">';
-		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 2 &raquo;').'" /></p>';
-		echo '</form>';
-		echo '</div>';
-	}
-	
-	
-	function import_posts ( ) {
-		echo '<div class="narrow">';
-		echo '<p><h3>'.__('Reading UTW Post Tags&#8230;').'</h3></p>';
-
-		// read in all the UTW tag -> post settings
-		$posts = $this->get_utw_posts();
-
-		// if we didn't get any tags back, that's all there is folks!
-		if ( !is_array($posts) ) {
-			echo '<p>' . __('No posts were found to have tags!') . '</p>';
-			return false;
-		}
-		else {
-
-			// if there's an existing entry, delete it
-			if ( get_option('utwimp_posts') ) {
-				delete_option('utwimp_posts');
-			}
-
-			add_option('utwimp_posts', $posts);
-				
-
-			$count = count($posts);
-				
-			echo '<p>' . sprintf( __('Done! <strong>%s</strong> tag to post relationships were read.'), $count ) . '<br /></p>';
-				
-		}
-
-		echo '<form action="admin.php?import=utw&amp;step=3" method="post">';
-		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 3 &raquo;').'" /></p>';
-		echo '</form>';
-		echo '</div>';
-
-	}
-	
-	
-	function import_t2p ( ) {
-
-		echo '<div class="narrow">';
-		echo '<p><h3>'.__('Adding Tags to Posts&#8230;').'</h3></p>';
-
-		// run that funky magic!
-		$tags_added = $this->tag2post();
-		
-		echo '<p>' . sprintf( __('Done! <strong>%s</strong> tags where added!'), $tags_added ) . '<br /></p>';
-
-		echo '<form action="admin.php?import=utw&amp;step=4" method="post">';
-		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 4 &raquo;').'" /></p>';
-		echo '</form>';
-		echo '</div>';
-
-	}
-	
-	
-	function get_utw_tags ( ) {
-	
-		global $wpdb;
-		
-		// read in all the tags from the UTW tags table: should be wp_tags
-		$tags_query = "SELECT tag_id, tag FROM " . $wpdb->prefix . "tags";
-		
-		$tags = $wpdb->get_results($tags_query);
-		
-		// rearrange these tags into something we can actually use
-		foreach ( $tags as $tag ) {
-			
-			$new_tags[$tag->tag_id] = $tag->tag;
-			
-		}
-		
-		return $new_tags;
-
-	}
-	
-	function get_utw_posts ( ) {
-		
-		global $wpdb;
-		
-		// read in all the posts from the UTW post->tag table: should be wp_post2tag
-		$posts_query = "SELECT tag_id, post_id FROM " . $wpdb->prefix . "post2tag";
-		
-		$posts = $wpdb->get_results($posts_query);
-		
-		return $posts;
-		
-	}
-	
-	
-	function tag2post ( ) {
-		
-		// get the tags and posts we imported in the last 2 steps
-		$tags = get_option('utwimp_tags');
-		$posts = get_option('utwimp_posts');
-		
-		// null out our results
-		$tags_added = 0;
-		
-		// loop through each post and add its tags to the db
-		foreach ( $posts as $this_post ) {
-			
-			$the_post = (int) $this_post->post_id;
-			$the_tag = (int) $this_post->tag_id;
-			
-			// what's the tag name for that id?
-			$the_tag = $tags[$the_tag];
-			
-			// screw it, just try to add the tag
-			wp_add_post_tags($the_post, $the_tag);
-
-			$tags_added++;
-			
-		}
-		
-		// that's it, all posts should be linked to their tags properly, pending any errors we just spit out!
-		return $tags_added;
-		
-		
-	}
-	
-	
-	function cleanup_import ( ) {
-		
-		delete_option('utwimp_tags');
-		delete_option('utwimp_posts');
-		
-		$this->done();
-		
-	}
-	
-	
-	function done ( ) {
-		
-		echo '<div class="narrow">';
-		echo '<p><h3>'.__('Import Complete!').'</h3></p>';
-		
-		echo '<p>' . __('OK, so we lied about this being a 5-step program! You&#8217;re done!') . '</p>';
-		
-		echo '<p>' . __('Now wasn&#8217;t that easy?') . '</p>';
-		
-		echo '</div>';
-		
-	}
-	
-
-	function UTW_Import ( ) {
-		
-		// Nothing.
-		
-	}
-	
-}
-
-
-// create the import object
-$utw_import = new UTW_Import();
-
-// add it to the import page!
-register_importer('utw', 'Ultimate Tag Warrior', __('Import Ultimate Tag Warrior tags into the new native tagging structure.'), array($utw_import, 'dispatch'));
-
-?>

wp-admin/import/wordpress.php

@@ -37,7 +37,8 @@ class WP_Import {
 	function get_tag( $string, $tag ) {
 		global $wpdb;
 		preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
-		$return = $wpdb->escape( trim( $return[1] ) );
+		$return = preg_replace('|^<!\[CDATA\[(.*)\]\]>$|s', '$1', $return[1]);
+		$return = $wpdb->escape( trim( $return ) );
 		return $return;
 	}
 
@@ -65,7 +66,7 @@ class WP_Import {
 			$this->mtnames[$this->j] = $author; //add that new mt author name to an array
 			$user_id = username_exists($this->newauthornames[$this->j]); //check if the new author name defined by the user is a pre-existing wp user
 			if (!$user_id) { //banging my head against the desk now.
-				if ($newauthornames[$this->j] == 'left_blank') { //check if the user does not want to change the authorname
+				if ($this->newauthornames[$this->j] == 'left_blank') { //check if the user does not want to change the authorname
 					$user_id = wp_create_user($author, $pass);
 					$this->newauthornames[$this->j] = $author; //now we have a name, in the place of left_blank.
 				} else {
@@ -84,19 +85,40 @@ class WP_Import {
 
 	function get_entries() {
 		set_magic_quotes_runtime(0);
-		$importdata = file($this->file); // Read the file into an array
-		$importdata = implode('', $importdata); // squish it
-		$importdata = preg_replace("/(\r\n|\n|\r)/", "\n", $importdata);
-		preg_match_all('|<item>(.*?)</item>|is', $importdata, $this->posts);
-		$this->posts = $this->posts[1];
+		$importdata = array_map('rtrim', file($this->file)); // Read the file into an array
+
+		$this->posts = array();
+		$this->categories = array();
+		$num = 0;
+		$doing_entry = false;
+		foreach ($importdata as $importline) {
+			if ( false !== strpos($importline, '<wp:category>') ) {
+				preg_match('|<wp:category>(.*?)</wp:category>|is', $importline, $category);
+				$this->categories[] = $category[1];
+				continue;
+			}
+			if ( false !== strpos($importline, '<item>') ) {
+				$this->posts[$num] = '';
+				$doing_entry = true;
+				continue;	
+			}
+			if ( false !== strpos($importline, '</item>') ) {
+				$num++;
+				$doing_entry = false;
+				continue;	
+			}
+			if ( $doing_entry ) {
+				$this->posts[$num] .= $importline . "\n";
+			}
+		}
+
 		foreach ($this->posts as $post) {
 			$post_ID = (int) $this->get_tag( $post, 'wp:post_id' );
-			if ($post_ID)
+			if ($post_ID) {
 				$this->posts_processed[$post_ID][0] = &$post;
 				$this->posts_processed[$post_ID][1] = 0;
+			}
 		}
-		preg_match_all('|<wp:category>(.*?)</wp:category>|is', $importdata, $this->categories);
-		$this->categories = $this->categories[1];
 	}
 
 	function get_wp_authors() {
@@ -159,6 +181,7 @@ class WP_Import {
 		$authors = $this->get_wp_authors();
 		echo '<ol id="authors">';
 		echo '<form action="?import=wordpress&amp;step=2&amp;id=' . $this->id . '" method="post">';
+		wp_nonce_field('import-wordpress');
 		$j = -1;
 		foreach ($authors as $author) {
 			++ $j;
@@ -193,7 +216,7 @@ class WP_Import {
 		$cat_names = (array) $wpdb->get_col("SELECT cat_name FROM $wpdb->categories");
 
 		while ( $c = array_shift($this->categories) ) {
-			$cat_name = trim(str_replace(array ('<![CDATA[', ']]>'), '', $this->get_tag( $c, 'wp:cat_name' )));
+			$cat_name = trim($this->get_tag( $c, 'wp:cat_name' ));
 
 			// If the category exists we leave it alone
 			if ( in_array($cat_name, $cat_names) )
@@ -252,7 +275,6 @@ class WP_Import {
 		$post_author    = $this->get_tag( $post, 'dc:creator' );
 
 		$post_content = $this->get_tag( $post, 'content:encoded' );
-		$post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content);
 		$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
 		$post_content = str_replace('<br>', '<br />', $post_content);
 		$post_content = str_replace('<hr>', '<hr />', $post_content);
@@ -363,9 +385,11 @@ class WP_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->select_authors();
 				break;
 			case 2:
+				check_admin_referer('import-wordpress');
 				$this->import();
 				break;
 		}

wp-admin/import/wp-cat2tag.php

@@ -1,226 +0,0 @@
-<?php
-
-class WP_Categories_to_Tags {
-	var $categories_to_convert = array();
-	var $all_categories = array();
-	
-	function header() {
-		print '<div class="wrap">';
-		print '<h2>' . __('Convert Categories to Tags') . '</h2>';
-	}
-	
-	function footer() {
-		print '</div>';
-	}
-	
-	function populate_all_categories() {
-		global $wpdb;
-		
-		$this->all_categories = $wpdb->get_results("SELECT * FROM $wpdb->categories WHERE (type & ~ " . TAXONOMY_TAG . ") != 0 AND category_count > 0 ORDER BY cat_name ASC");
-	}
-	
-	function welcome() {
-		$this->populate_all_categories();
-		
-		print '<div class="narrow">';
-		
-		if (count($this->all_categories) > 0) {
-			print '<p>' . __('Howdy! This converter allows you to selectively convert existing categories to tags. To get started, check the checkboxes of the categories you wish to be converted, then click the Convert button.') . '</p>';
-			print '<p>' . __('Keep in mind that if you convert a category with child categories, those child categories get their parent setting removed, so they\'re in the root.') . '</p>';
-		
-			$this->categories_form();
-		} else {
-			print '<p>'.__('You have no categories to convert!').'</p>';
-		}
-		
-		print '</div>';
-	}
-	
-	function categories_form() {
-		print '<form action="admin.php?import=wp-cat2tag&amp;step=2" method="post">';
-		print '<ul style="list-style:none">';
-		
-		$hier = _get_category_hierarchy();
-		
-		foreach ($this->all_categories as $category) {
-			if ((int) $category->category_parent == 0) {
-				print '<li><label><input type="checkbox" name="cats_to_convert[]" value="' . intval($category->cat_ID) . '" /> ' . $category->cat_name . ' (' . $category->category_count . ')</label>';
-				
-				if (isset($hier[$category->cat_ID])) {
-					$this->_category_children($category, $hier);
-				}
-				
-				print '</li>';
-			}
-		}
-		
-		print '</ul>';
-		
-		print '<p class="submit"><input type="submit" name="maybe_convert_all_cats" value="' . __('Convert All Categories') . '" /> <input type="submit" name="submit" value="' . __('Convert &raquo;') . '" /></p>';
-		print '</form>';
-	}
-	
-	function _category_children($parent, $hier) {
-		print '<ul style="list-style:none">';
-		
-		foreach ($hier[$parent->cat_ID] as $child_id) {
-			$child =& get_category($child_id);
-			
-			print '<li><label><input type="checkbox" name="cats_to_convert[]" value="' . intval($child->cat_ID) . '" /> ' . $child->cat_name . ' (' . $child->category_count . ')</label>';
-			
-			if (isset($hier[$child->cat_ID])) {
-				$this->_category_children($child, $hier);
-			}
-			
-			print '</li>';
-		}
-		
-		print '</ul>';
-	}
-	
-	function _category_exists($cat_id) {
-		global $wpdb;
-		
-		$cat_id = (int) $cat_id;
-		
-		$maybe_exists = $wpdb->get_results("SELECT cat_ID from $wpdb->categories WHERE cat_ID = '$cat_id'");
-		
-		if (count($maybe_exists) > 0) {
-			return true;
-		} else {
-			return false;
-		}
-	}
-	
-	function convert_them() {
-		global $wpdb;
-		
-		if (!isset($_POST['cats_to_convert']) || !is_array($_POST['cats_to_convert'])) {
-			print '<div class="narrow">';
-			print '<p>' . sprintf(__('Uh, oh. Something didn\'t work. Please <a href="%s">try again</a>.'), 'admin.php?import=wp-cat2tag') . '</p>';
-			print '</div>';
-		}
-		
-		$this->categories_to_convert = $_POST['cats_to_convert'];
-		$hier = _get_category_hierarchy();
-		
-		print '<ul>';
-		
-		foreach ($this->categories_to_convert as $cat_id) {
-			$cat_id = (int) $cat_id;
-			
-			print '<li>' . __('Converting category') . ' #' . $cat_id . '... ';
-			
-			if (!$this->_category_exists($cat_id)) {
-				_e('Category doesn\'t exist!');
-			} else {
-				$category =& get_category($cat_id);
-				
-				if ($category->link_count > 0) {
-					$type = $category->type | TAXONOMY_TAG;
-				} else {
-					$type = TAXONOMY_TAG;
-				}
-				
-				// Set the category itself to $type from above
-				$wpdb->query("UPDATE $wpdb->categories SET type = '$type' WHERE cat_ID = '{$category->cat_ID}'");
-				
-				// Set relationships in post2cat to 'tag', category_count becomes tag_count
-				$wpdb->query("UPDATE $wpdb->post2cat SET rel_type = 'tag' WHERE category_ID = '{$category->cat_ID}'");
-				$wpdb->query("UPDATE $wpdb->categories SET tag_count = '{$category->category_count}', category_count = '0' WHERE cat_ID = '{$category->cat_ID}'");
-				
-				// Set all parents to 0 (root-level) if their parent was the converted tag
-				$wpdb->query("UPDATE $wpdb->categories SET category_parent = 0 WHERE category_parent = '{$category->cat_ID}'");
-				
-				// Clean the cache
-				clean_category_cache($category->cat_ID);
-				
-				_e('Converted successfully.');
-			}
-			
-			print '</li>';
-		}
-		
-		print '</ul>';
-	}
-	
-	function convert_all_confirm() {
-		print '<div class="narrow">';
-		
-		print '<h3>' . __('Confirm') . '</h3>';
-		
-		print '<p>' . __('You are about to convert all categories to tags. Are you sure you want to continue?') . '</p>';
-		
-		print '<form action="admin.php?import=wp-cat2tag" method="post">';
-		print '<p style="text-align:center" class="submit"><input type="submit" value="' . __('Yes') . '" name="yes_convert_all_cats" />&nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="' . __('No') . '" name="no_dont_do_it" /></p>';
-		print '</form>';
-		
-		print '</div>';
-	}
-	
-	function convert_all() {
-		global $wpdb;
-		
-		$cats = $wpdb->get_results("SELECT * FROM $wpdb->categories WHERE (type & ~ " . TAXONOMY_TAG . ") != 0 AND category_count > 0");
-		
-		$_POST['cats_to_convert'] = array();
-		
-		foreach ($cats as $cat) {
-			$_POST['cats_to_convert'][] = $cat->cat_ID;
-		}
-		
-		$this->convert_them();
-	}
-	
-	function init() {
-		echo '<!--'; print_r($_POST); print_r($_GET); echo '-->';
-		
-		if (isset($_POST['maybe_convert_all_cats'])) {
-			$step = 3;
-		} elseif (isset($_POST['yes_convert_all_cats'])) {
-			$step = 4;
-		} elseif (isset($_POST['no_dont_do_it'])) {
-			die('no_dont_do_it');
-		} else {
-			$step = (isset($_GET['step'])) ? (int) $_GET['step'] : 1;
-		}
-		
-		$this->header();
-		
-		if (!current_user_can('manage_categories')) {
-			print '<div class="narrow">';
-			print '<p>' . __('Cheatin&#8217; uh?') . '</p>';
-			print '</div>';
-		} else {
-			switch ($step) {
-				case 1 :
-					$this->welcome();
-				break;
-				
-				case 2 :
-					$this->convert_them();
-				break;
-				
-				case 3 :
-					$this->convert_all_confirm();
-				break;
-				
-				case 4 :
-					$this->convert_all();
-				break;
-			}
-		}
-		
-		$this->footer();
-	}
-	
-	function WP_Categories_to_Tags() {
-		// Do nothing.
-	}
-}
-
-$wp_cat2tag_importer = new WP_Categories_to_Tags();
-
-register_importer('wp-cat2tag', __('Categories to Tags Converter'), __('Convert existing categories to tags, selectively.'), array(&$wp_cat2tag_importer, 'init'));
-
-?>

wp-admin/install.php

@@ -82,7 +82,7 @@ switch($step) {
 
 <?php
 	$result = wp_install($weblog_title, 'admin', $admin_email, $public);
-	extract($result);
+	extract($result, EXTR_SKIP);
 ?>
 
 <p><em><?php _e('Finished!'); ?></em></p>

wp-admin/link-import.php

@@ -73,8 +73,8 @@ foreach ($categories as $category) {
 
 <h2><?php _e('Importing...') ?></h2>
 <?php
-		$cat_id = $_POST['cat_id'];
-		if ( $cat_id == '' || $cat_id == 0 )
+		$cat_id = abs( (int) $_POST['cat_id'] );
+		if ( $cat_id < 1 )
 			$cat_id  = 1;
 
 		$opml_url = $_POST['opml_url'];
@@ -93,7 +93,12 @@ foreach ($categories as $category) {
 		}
 
 		if ( isset($opml_url) && $opml_url != '' ) {
-			$opml = wp_remote_fopen($opml_url);
+			if ( $blogrolling === true ) {
+				$opml = wp_remote_fopen($opml_url);
+			} else {
+				$opml = file_get_contents($opml_url);
+			}
+			
 			include_once('link-parse-opml.php');
 
 			$link_count = count($names);
@@ -118,6 +123,7 @@ else
 } // end else
 
 if ( ! $blogrolling )
+	apply_filters( 'wp_delete_file', $opml_url); 
 	@unlink($opml_url);
 ?>
 </div>

wp-admin/link-manager.php

@@ -180,7 +180,7 @@ if ( $links ) {
 					break;
 				default:
 					?>
-					<td><?php do_action('manage_link_custom_column', $column_name, $id); ?></td>
+					<td><?php do_action('manage_link_custom_column', $column_name, $link->link_id); ?></td>
 					<?php
 					break;
 

wp-admin/menu.php

@@ -69,6 +69,8 @@ $submenu['plugins.php'][10] = array(__('Plugin Editor'), 'edit_plugins', 'plugin
 $submenu['themes.php'][5] = array(__('Themes'), 'switch_themes', 'themes.php');
 $submenu['themes.php'][10] = array(__('Theme Editor'), 'edit_themes', 'theme-editor.php');
 
+do_action('_admin_menu');
+
 // Create list of page plugin hook names.
 foreach ($menu as $menu_page) {
 	$admin_page_hooks[$menu_page[2]] = sanitize_title($menu_page[0]);

wp-admin/options-general.php

@@ -97,7 +97,7 @@ endfor;
 
 <p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" />
 <input type="hidden" name="action" value="update" /> 
-<input type="hidden" name="page_options" value="blogname,blogdescription,siteurl,admin_email,users_can_register,gmt_offset,date_format,time_format,home,start_of_week,comment_registration,default_role" /> 
+<input type="hidden" name="page_options" value="<?php if ( ! defined( 'WP_SITEURL' ) ) echo 'siteurl,'; if ( ! defined( 'WP_HOME' ) ) echo 'home,'; ?>blogname,blogdescription,admin_email,users_can_register,gmt_offset,date_format,time_format,start_of_week,comment_registration,default_role" /> 
 </p>
 </form>
 

wp-admin/options-permalink.php

@@ -73,18 +73,10 @@ if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) {
 			$category_base = preg_replace('#/+#', '/', '/' . $_POST['category_base']);
 		$wp_rewrite->set_category_base($category_base);
 	}
-
-	if ( isset($_POST['tag_base']) ) {
-		$tag_base = $_POST['tag_base'];
-		if (! empty($tag_base) )
-			$tag_base = preg_replace('#/+#', '/', '/' . $_POST['tag_base']);
-		$wp_rewrite->set_tag_base($tag_base);
-	}
 }
 
 $permalink_structure = get_option('permalink_structure');
 $category_base = get_option('category_base');
-$tag_base = get_option( 'tag_base' );
 
 if ( (!file_exists($home_path.'.htaccess') && is_writable($home_path)) || is_writable($home_path.'.htaccess') )
 	$writable = true;
@@ -167,9 +159,6 @@ checked="checked"
 <?php endif; ?>
 	<p> 
   <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo attribute_escape($category_base); ?>" size="30" /> 
-     </p>
-	  <p>
-	  <?php _e('Tag base'); ?>: <input name="tag_base" type="text" class="code"  value="<?php echo attribute_escape($tag_base); ?>" size="30" /> 
      </p> 
     <p class="submit"> 
       <input type="submit" name="submit" value="<?php _e('Update Permalink Structure &raquo;') ?>" /> 

wp-admin/options.php

@@ -127,10 +127,11 @@ $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name
 
 foreach ( (array) $options as $option) :
 	$disabled = '';
+	$option->option_name = attribute_escape($option->option_name);
 	if ( is_serialized($option->option_value) ) {
 		if ( is_serialized_string($option->option_value) ) {
 			// this is a serialized string, so we should display it
-			$value = wp_specialchars(maybe_unserialize($option->option_value), 'single');
+			$value = maybe_unserialize($option->option_value);
 			$options_to_update[] = $option->option_name;
 			$class = 'all-options';
 		} else {
@@ -139,7 +140,7 @@ foreach ( (array) $options as $option) :
 			$class = 'all-options disabled';
 		}
 	} else {
-		$value = wp_specialchars($option->option_value, 'single');
+		$value = $option->option_value;
 		$options_to_update[] = $option->option_name;
 		$class = 'all-options';
 	}
@@ -148,8 +149,8 @@ foreach ( (array) $options as $option) :
 	<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
 <td>";
 
-	if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
-	else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />";
+	if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
+	else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />";
 
 	echo "</td>
 	<td>$option->option_description</td>
@@ -158,7 +159,7 @@ endforeach;
 ?>
   </table>
 <?php $options_to_update = implode(',', $options_to_update); ?>
-<p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
   </form>
 </div>
 

wp-admin/upgrade-functions.php

@@ -175,6 +175,8 @@ function upgrade_all() {
 		upgrade_110();
 		upgrade_130();
 	}
+	
+	maybe_disable_automattic_widgets();
 
 	if ( $wp_current_db_version < 3308 )
 		upgrade_160();
@@ -657,7 +659,15 @@ function get_alloptions_110() {
 // Version of get_option that is private to install/upgrade.
 function __get_option($setting) {
 	global $wpdb;
-
+	
+	if ( $setting == 'home' && defined( 'WP_HOME' ) ) {
+		return preg_replace( '|/+$|', '', constant( 'WP_HOME' ) );
+	}
+	
+	if ( $setting == 'siteurl' && defined( 'WP_SITEURL' ) ) {
+		return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) );
+	}
+	
 	$option = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting'");
 
 	if ( 'home' == $setting && '' == $option )
@@ -1099,4 +1109,16 @@ function wp_check_mysql_version() {
 		die(sprintf(__('<strong>ERROR</strong>: WordPress %s requires MySQL 4.0.0 or higher'), $wp_version));
 }
 
-?>
+function maybe_disable_automattic_widgets() {
+	$plugins = __get_option( 'active_plugins' );
+	
+	foreach ( (array) $plugins as $plugin ) {
+		if ( basename( $plugin ) == 'widgets.php' ) {
+			array_splice( $plugins, array_search( $plugin, $plugins ), 1 );
+			update_option( 'active_plugins', $plugins );
+			break;
+		}
+	}
+}
+
+?>

wp-admin/upgrade-schema.php

@@ -18,10 +18,8 @@ $wp_queries="CREATE TABLE $wpdb->categories (
   category_parent bigint(20) NOT NULL default '0',
   category_count bigint(20) NOT NULL default '0',
   link_count bigint(20) NOT NULL default '0',
-  tag_count bigint(20) NOT NULL default '0',
   posts_private tinyint(1) NOT NULL default '0',
   links_private tinyint(1) NOT NULL default '0',
-  type tinyint NOT NULL default '1',
   PRIMARY KEY  (cat_ID),
   KEY category_nicename (category_nicename)
 ) $charset_collate;
@@ -90,7 +88,6 @@ CREATE TABLE $wpdb->post2cat (
   rel_id bigint(20) NOT NULL auto_increment,
   post_id bigint(20) NOT NULL default '0',
   category_id bigint(20) NOT NULL default '0',
-  rel_type varchar(64) NOT NULL default 'category',
   PRIMARY KEY  (rel_id),
   KEY post_id (post_id,category_id)
 ) $charset_collate;
@@ -243,9 +240,6 @@ function populate_options() {
 	add_option('default_link_category', 2);
 	add_option('show_on_front', 'posts');
 
-	// 2.2
-	add_option('tag_base');
-
 	// Delete unused options
 	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update', 'action', 'rich_editing');
 	foreach ($unusedoptions as $option) :

wp-admin/upload-functions.php

@@ -105,8 +105,9 @@ function wp_upload_form() {
 	$id = get_the_ID();
 	global $post_id, $tab, $style;
 	$enctype = $id ? '' : ' enctype="multipart/form-data"';
+	$post_id = (int) $post_id;
 ?>
-	<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>">
+	<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style . '&amp;tab=upload&amp;post_id=' . $post_id); ?>">
 <?php
 	if ( $id ) :
 		$attachment = get_post_to_edit( $id );
@@ -201,7 +202,7 @@ function wp_upload_tab_upload_action() {
 
 		if ( !current_user_can( 'upload_files' ) )
 			wp_die( __('You are not allowed to upload files.')
-				. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=browse-all&amp;post_id=$post_id'>"
+				. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=browse-all&amp;post_id=$post_id") . "'>"
 				. __('Browse Files') . '</a>'
 			);
 
@@ -211,7 +212,7 @@ function wp_upload_tab_upload_action() {
 
 		if ( isset($file['error']) )
 			wp_die($file['error'] . "<br /><a href='" . get_option('siteurl')
-			. "/wp-admin/upload.php?style=$style&amp;tab=$from_tab&amp;post_id=$post_id'>" . __('Back to Image Uploading') . '</a>'
+			. "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>" . __('Back to Image Uploading') . '</a>'
 		);
 
 		$url = $file['url'];
@@ -258,7 +259,7 @@ function wp_upload_tab_upload_action() {
 
 		if ( !current_user_can('edit_post', (int) $ID) )
 			wp_die( __('You are not allowed to delete this attachment.')
-				. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=$from_tab&amp;post_id=$post_id'>"
+				. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>"
 				. __('Go back') . '</a>'
 			);
 

wp-admin/upload.css

@@ -44,6 +44,7 @@ body > #upload-menu { border-bottom: 7px solid #fff; }
 }
 
 #upload-menu li #current-tab-nav {
+	background: #f9fcfe;
 	float: left;
 	padding: 5px 5px 0 0;
 	margin-left: -5px;

wp-admin/upload.php

@@ -104,8 +104,8 @@ foreach ( $wp_upload_tabs as $t => $tab_array ) { // We've already done the curr
 				$per = 10;
 			}
 			$page_links = paginate_links( array(
-				'base' => 'users.php?%_%',
-				'format' => 'paged=%#%',
+				'base' => add_query_arg( 'paged', '%#%' ),
+				'format' => '',
 				'total' => ceil($total / $per),
 				'current' => $paged ? $paged : 1,
 				'prev_text' => '«',

wp-admin/user-edit.php

@@ -76,7 +76,7 @@ include ('admin-header.php');
 <form name="profile" id="your-profile" action="user-edit.php" method="post">
 <?php wp_nonce_field('update-user_' . $user_id) ?>
 <?php if ( $wp_http_referer ) : ?>
-	<input type="hidden" name="wp_http_referer" value="<?php echo wp_specialchars($wp_http_referer); ?>" />
+	<input type="hidden" name="wp_http_referer" value="<?php echo clean_url($wp_http_referer); ?>" />
 <?php endif; ?>
 <p>
 <input type="hidden" name="from" value="profile" />

wp-admin/users.php

@@ -381,7 +381,7 @@ foreach($roleclasses as $role => $roleclass) {
 <?php if ( !empty($role) ) : ?>
 	<th colspan="7"><h3><?php echo $wp_roles->role_names[$role]; ?></h3></th>
 <?php else : ?>
-	<th colspan="7"><h3><em><?php _e('No role for this blog'); ?></h3></th>
+	<th colspan="7"><h3><em><?php _e('No role for this blog'); ?></em></h3></th>
 <?php endif; ?>
 </tr>
 <tr class="thead">

wp-admin/widgets-rtl.css

@@ -0,0 +1,39 @@
+#sbreset, #lastmodule, #palettediv .module, .dropzone, .dropzone ul { float: right; }
+
+* .module, #lastmodule { text-align: right; }
+
+* html #palettediv ul { padding: 0 10px 0 0; }
+
+#palettediv ul { padding: 0 10px 0 0; }
+
+* .handle, #lastmodule span {
+	border-right: 1px solid #f2f2f2;
+	border-left: 1px solid #e8e8e8;
+}
+
+#sbadmin p.submit {
+	padding-right: 0;
+	padding-left: 10px;
+	clear: right;
+}
+
+#palettediv .module, #lastmodule, .dropzone {
+	margin-right: auto;
+	margin-left: 10px;
+}
+
+* .popper {
+	right: auto;
+	left: 3px;
+	background-position: 5px 0;
+}
+
+.controlcloser {
+	right: auto;
+	left: 8px;
+}
+
+#shadow {
+	left: auto;
+	right: 0px;
+}

wp-admin/widgets.css

@@ -0,0 +1,214 @@
+body {
+	height: 100%;
+}
+
+#sbadmin #zones {
+	-moz-user-select: none;
+	-khtml-user-select: none;
+	user-select: none;
+}
+
+#sbreset {
+	float: left;
+	margin: 1px 0;
+}
+
+.dropzone {
+	float: left;
+	margin-right: 10px;
+	padding: 5px;
+	border: 1px solid #bbb;
+	background-color: #f0f8ff;
+}
+
+.dropzone h3 {
+	text-align: center;
+	color: #333;
+}
+
+.dropzone ul {
+	list-style-type: none;
+	width: 240px;
+	float: left;
+	margin: 0;
+	padding: 0;
+}
+
+* .module, #lastmodule {
+	width: 238px;
+	padding: 0;
+	margin: 5px 0;
+	cursor: move;
+	display: block;
+	border: 1px solid #ccc;
+	background-color: #fbfbfb;
+	text-align: left;
+	line-height: 25px;
+}
+
+* .handle, #lastmodule span {
+	display: block;
+	width: 216px;
+	padding: 0 10px;
+	border-top: 1px solid #f2f2f2;
+	border-right: 1px solid #e8e8e8;
+	border-bottom: 1px solid #e8e8e8;
+	border-left: 1px solid #f2f2f2;
+}
+
+* .popper {
+	margin: 0;
+	display: inline;
+	position: absolute;
+	top: 3px;
+	right: 3px;
+	overflow: hidden;
+	text-align: center;
+	height: 16px;
+	font-size: 18px;
+	line-height: 14px;
+	cursor: pointer;
+	padding: 0 3px 1px;
+	border-top: 4px solid #6da6d1;
+	background: url( images/fade-butt.png ) -5px 0px;
+}
+
+* html .popper {
+	padding: 1px 6px 0;
+	font-size: 16px;
+}
+
+#sbadmin p.submit {
+	padding-right: 10px;
+	clear: left;
+}
+
+.placematt {
+	cursor: default;
+	margin: 10px 0 0;
+	padding: 0;
+	width: 238px;
+	float:left;
+	background-color: #ffe;
+}
+
+* html .placematt {
+	margin-top: 5px;
+}
+
+.placematt h4 {
+	text-align: center;
+	margin-bottom: 5px;
+}
+
+.placematt span {
+	padding: 0 10px 10px;
+	text-align: justify;
+}
+
+
+#palettediv {
+	border: 1px solid #bbb;
+	background-color: #f0f8ff;
+	height:auto;
+	margin-top: 10px;
+}
+
+#palettediv h3 {
+	text-align: center;
+	color: #333;
+}
+
+#palettediv ul {
+	padding: 0 0 0 10px;
+}
+
+#palettediv .module, #lastmodule {
+	margin-right: 10px;
+	float: left;
+	width: 120px;
+}
+
+#palettediv .handle, #lastmodule span {
+	height: 40px;
+	font-size: 90%;
+	width: 110px;
+	padding: 0 5px;
+}
+
+#palettediv .popper {
+	visibility: hidden;
+}
+
+#lastmodule {
+	visibility: hidden;
+}
+
+* html #palettediv ul {
+	margin: 0;
+	padding: 0 0 0 10px;
+}
+
+* html #palettediv .module {
+	float: none;
+	display: inline;
+}
+
+#controls {
+	height: 0px;
+}
+
+.control {
+	position: absolute;
+	display: block;
+	background: #f9fcfe;
+	padding: 0;
+}
+
+.controlhandle {
+	cursor: move;
+	background-color: #6da6d1;
+	border-bottom: 2px solid #448abd;
+	color: #333;
+	display: block;
+	margin: 0 0 5px;
+	padding: 4px;
+	font-size: 120%;
+}
+
+.controlcloser {
+	cursor: pointer;
+	font-size: 120%;
+	display: block;
+	position: absolute;
+	top: 2px;
+	right: 8px;
+	padding: 0 3px;
+	font-weight: bold;
+}
+
+.controlform {
+	margin: 20px 30px;
+}
+
+.controlform p {
+	text-align: center;
+}
+
+.control .checkbox {
+	border: none;
+	background: transparent;
+}
+
+.hidden {
+	display: none;
+}
+
+#shadow {
+	background: black;
+	display: none;
+	position: absolute;
+	top: 0px;
+	left: 0px;
+	width: 100%;
+}

wp-admin/widgets.php

@@ -0,0 +1,392 @@
+<?php
+
+require_once 'admin.php';
+
+if ( ! current_user_can('switch_themes') )
+	wp_die( __( 'Cheatin&#8217; uh?' ));
+
+wp_enqueue_script( 'scriptaculous-effects' );
+wp_enqueue_script( 'scriptaculous-dragdrop' );
+
+function wp_widgets_admin_head() {
+	global $wp_registered_sidebars, $wp_registered_widgets, $wp_registered_widget_controls;
+	
+	define( 'WP_WIDGETS_WIDTH', 1 + 262 * ( count( $wp_registered_sidebars ) ) );
+	define( 'WP_WIDGETS_HEIGHT', 35 * ( count( $wp_registered_widgets ) ) );
+?>
+	<link rel="stylesheet" href="widgets.css?version=<?php bloginfo('version'); ?>" type="text/css" />
+	<!--[if IE 7]>
+	<style type="text/css">
+	#palette {float:left;}
+	</style>
+	<![endif]-->
+	<style type="text/css">
+		.dropzone ul { height: <?php echo constant( 'WP_WIDGETS_HEIGHT' ); ?>px; }
+		#sbadmin #zones { width: <?php echo constant( 'WP_WIDGETS_WIDTH' ); ?>px; }
+	</style>
+<?php
+	if ( get_bloginfo( 'text_direction' ) == 'rtl' ) { 
+?>
+	<link rel="stylesheet" href="widgets-rtl.css?version=<?php bloginfo('version'); ?>" type="text/css" />
+<?php
+	}
+	
+	$cols = array();
+	foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+		$cols[] = '\'' . $index . '\'';
+	}
+	$cols = implode( ', ', $cols );
+	
+	$widgets = array();
+	foreach ( $wp_registered_widgets as $name => $widget ) {
+		$widgets[] = '\'' . $widget['id'] . '\'';
+	}
+	$widgets = implode( ', ', $widgets );
+?>
+<script type="text/javascript">
+// <![CDATA[
+	var cols = [<?php echo $cols; ?>];
+	var widgets = [<?php echo $widgets; ?>];
+	var controldims = new Array;
+	<?php foreach ( $wp_registered_widget_controls as $name => $widget ) : ?>
+		controldims['<?php echo $widget['id']; ?>control'] = new Array;
+		controldims['<?php echo $widget['id']; ?>control']['width'] = <?php echo (int) $widget['width']; ?>;
+		controldims['<?php echo $widget['id']; ?>control']['height'] = <?php echo (int) $widget['height']; ?>;
+	<?php endforeach; ?>
+	function initWidgets() {
+	<?php foreach ( $wp_registered_widget_controls as $name => $widget ) : ?>
+		$('<?php echo $widget['id']; ?>popper').onclick = function() {popControl('<?php echo $widget['id']; ?>control');};
+		$('<?php echo $widget['id']; ?>closer').onclick = function() {unpopControl('<?php echo $widget['id']; ?>control');};
+		new Draggable('<?php echo $widget['id']; ?>control', {revert:false,handle:'controlhandle',starteffect:function(){},endeffect:function(){},change:function(o){dragChange(o);}});
+		if ( true && window.opera )
+			$('<?php echo $widget['id']; ?>control').style.border = '1px solid #bbb';
+	<?php endforeach; ?>
+		if ( true && window.opera )
+			$('shadow').style.background = 'transparent';
+		new Effect.Opacity('shadow', {to:0.0});
+		widgets.map(function(o) {o='widgetprefix-'+o; Position.absolutize(o); Position.relativize(o);} );
+		$A(Draggables.drags).map(function(o) {o.startDrag(null); o.finishDrag(null);});
+		//for ( var n in Draggables.drags ) {
+		for ( n=0; n<=Draggables.drags.length; n++ ) {
+			if ( parseInt( n ) ) {
+				if ( Draggables.drags[n].element.id == 'lastmodule' ) {
+					Draggables.drags[n].destroy();
+					break;
+				}
+			}
+		}
+		resetPaletteHeight();
+	}
+	function resetDroppableHeights() {
+		var max = 6;
+		cols.map(function(o) {var c = $(o).childNodes.length; if ( c > max ) max = c;} );
+		var height = 35 * ( max + 1);
+		cols.map(function(o) {h = (($(o).childNodes.length + 1) * 35); $(o).style.height = (h > 280 ? h : 280) + 'px';} );
+	}
+	function resetPaletteHeight() {
+		var p = $('palette'), pd = $('palettediv'), last = $('lastmodule');
+		p.appendChild(last);
+		if ( Draggables.activeDraggable && last.id == Draggables.activeDraggable.element.id )
+			last = last.previousSibling;
+		var y1 = Position.cumulativeOffset(last)[1] + last.offsetHeight;
+		var y2 = Position.cumulativeOffset(pd)[1] + pd.offsetHeight;
+		var dy = y1 - y2;
+		pd.style.height = (pd.offsetHeight + dy + 9) + "px";
+	}
+	function maxHeight(elm) {
+		htmlheight = document.body.parentNode.clientHeight;
+		bodyheight = document.body.clientHeight;
+		var height = htmlheight > bodyheight ? htmlheight : bodyheight;
+		$(elm).style.height = height + 'px';
+	}
+	function dragChange(o) {
+		el = o.element ? o.element : $(o);
+		var p = Position.page(el);
+		var right = p[0];
+		var top = p[1];
+		var left = $('shadow').offsetWidth - (el.offsetWidth + right);
+		var bottom = $('shadow').offsetHeight - (el.offsetHeight + top);
+		if ( right < 1 ) el.style.left = 0;
+		if ( top < 1 ) el.style.top = 0;
+		if ( left < 1 ) el.style.left = (left + right) + 'px';
+		if ( bottom < 1 ) el.style.top = (top + bottom) + 'px';
+	}
+	function popControl(elm) {
+		el = $(elm);
+		el.style.width = controldims[elm]['width'] + 'px';
+		el.style.height = controldims[elm]['height'] + 'px';
+		var x = ( document.body.clientWidth - controldims[elm]['width'] ) / 2;
+		var y = ( document.body.parentNode.clientHeight - controldims[elm]['height'] ) / 2;
+		el.style.position = 'absolute';
+		el.style.right = '' + x + 'px';
+		el.style.top = '' + y + 'px';
+		el.style.zIndex = 1000;
+		el.className='control';
+		$('shadow').onclick = function() {unpopControl(elm);};
+	    window.onresize = function(){maxHeight('shadow');dragChange(elm);};
+		popShadow();
+	}
+	function popShadow() {
+		maxHeight('shadow');
+		var shadow = $('shadow');
+		shadow.style.zIndex = 999;
+		shadow.style.display = 'block';
+	    new Effect.Opacity('shadow', {duration:0.5, from:0.0, to:0.2});
+	}
+	function unpopShadow() {
+	    new Effect.Opacity('shadow', {to:0.0});
+		$('shadow').style.display = 'none';
+	}
+	function unpopControl(el) {
+		$(el).className='hidden';
+		unpopShadow();
+	}
+	function serializeAll() {
+	<?php foreach ( $wp_registered_sidebars as $index => $sidebar ) : ?>
+		$('<?php echo $index; ?>order').value = Sortable.serialize('<?php echo $index; ?>');
+	<?php endforeach; ?>
+	}
+	function updateAll() {
+		resetDroppableHeights();
+		resetPaletteHeight();
+		cols.map(function(o){
+			var pm = $(o+'placematt');
+			if ( $(o).childNodes.length == 0 ) {
+				pm.style.display = 'block';
+				//Position.absolutize(o+'placematt');
+			} else {
+				pm.style.display = 'none';
+			}
+		});
+	}
+	function noSelection(event) {
+		if ( document.selection ) {
+			var range = document.selection.createRange();
+			range.collapse(false);
+			range.select();
+			return false;
+		}
+	}
+	addLoadEvent(updateAll);
+	addLoadEvent(initWidgets);
+	Event.observe(window, 'resize', resetPaletteHeight);
+// ]]>
+</script>
+<?php
+}
+add_action( 'admin_head', 'wp_widgets_admin_head' );
+do_action( 'sidebar_admin_setup' );
+
+function wp_widget_draggable( $name ) {
+	global $wp_registered_widgets, $wp_registered_widget_controls;
+	
+	if ( !isset( $wp_registered_widgets[$name] ) ) {
+		return;
+	}
+	
+	$sanitized_name = sanitize_title( $wp_registered_widgets[$name]['id'] );
+	$link_title = __( 'Configure' );
+	$popper = ( isset( $wp_registered_widget_controls[$name] ) ) 
+		? ' <div class="popper" id="' . $sanitized_name . 'popper" title="' . $link_title . '">&#8801;</div>'
+		: '';
+	
+	$output = '<li class="module" id="widgetprefix-%1$s"><span class="handle">%2$s</span></li>';
+	
+	printf( $output, $sanitized_name, $wp_registered_widgets[$name]['name'] . $popper );
+}
+
+$title = __( 'Widgets' );
+$parent_file = 'themes.php';
+
+require_once 'admin-header.php';
+
+if ( count( $wp_registered_sidebars ) < 1 ) {
+?>
+	<div class="wrap">
+		<h2><?php _e( 'No Sidebars Defined' ); ?></h2>
+		
+		<p><?php _e( 'You are seeing this message because the theme you are currently using isn&#8217;t widget-aware, meaning that it has no sidebars that you are able to change. For information on making your theme widget-aware, please <a href="http://automattic.com/code/widgets/themes/">follow these instructions</a>.' ); /* TODO: article on codex */; ?></p>
+	</div>
+<?php
+	
+	require_once 'admin-footer.php';
+	exit;
+}
+
+$sidebars_widgets = wp_get_sidebars_widgets();
+
+if ( empty( $sidebars_widgets ) ) {
+	$sidebars_widgets = wp_get_widget_defaults();
+}
+
+if ( isset( $_POST['action'] ) ) {
+	check_admin_referer( 'widgets-save-widget-order' );
+	
+	switch ( $_POST['action'] ) {
+		case 'default' :
+			$sidebars_widgets = wp_get_widget_defaults();
+			wp_set_sidebars_widgets( $sidebars_widgets );
+		break;
+		
+		case 'save_widget_order' :
+			$sidebars_widgets = array();
+			
+			foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+				$postindex = $index . 'order';
+				
+				parse_str( $_POST[$postindex], $order );
+				
+				$new_order = $order[$index];
+				
+				if ( is_array( $new_order ) ) {
+					foreach ( $new_order as $sanitized_name ) {
+						foreach ( $wp_registered_widgets as $name => $widget ) {
+							if ( $sanitized_name == $widget['id'] ) {
+								$sidebars_widgets[$index][] = $name;
+							}
+						}
+					}
+				}
+			}
+			
+			wp_set_sidebars_widgets( $sidebars_widgets );
+		break;
+	}
+}
+
+ksort( $wp_registered_widgets );
+
+$inactive_widgets = array();
+
+foreach ( $wp_registered_widgets as $name => $widget ) {
+	$is_active = false;
+	
+	foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+		if ( is_array( $sidebars_widgets[$index] ) && in_array( $name, $sidebars_widgets[$index] ) ) {
+			$is_active = true;
+			break;
+		}
+	}
+	
+	if ( !$is_active ) {
+		$inactive_widgets[] = $name;
+	}
+}
+
+$containers = array( 'palette' );
+
+foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+	$containers[] = $index;
+}
+
+$c_string = '';
+
+foreach ( $containers as $container ) {
+	$c_string .= '"' . $container . '",';
+}
+
+$c_string = substr( $c_string, 0, -1 );
+
+if ( isset( $_POST['action'] ) ) {
+?>
+	<div class="fade updated" id="message">
+		<p><?php printf( __( 'Sidebar updated. <a href="%s">View site &raquo;</a>' ), get_bloginfo( 'url' ) . '/' ); ?></p>
+	</div>
+<?php
+}
+?>
+	<div class="wrap">
+		<h2><?php _e( 'Sidebar Arrangement' ); ?></h2>
+		
+		<p><?php _e( 'You can drag and drop widgets onto your sidebar below.' ); ?></p>
+		
+		<form id="sbadmin" method="post" onsubmit="serializeAll();">
+			<p class="submit">
+				<input type="submit" value="<?php _e( 'Save Changes &raquo;' ); ?>" />
+			</p>
+			<div id="zones">
+			<?php
+				foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+			?>
+				<input type="hidden" id="<?php echo $index; ?>order" name="<?php echo $index; ?>order" value="" />
+				
+				<div class="dropzone">
+					<h3><?php echo $sidebar['name']; ?></h3>
+					
+					<div id="<?php echo $index; ?>placematt" class="module placemat">
+						<span class="handle">
+							<h4><?php _e( 'Default Sidebar' ); ?></h4>
+							<?php _e( 'Your theme will display its usual sidebar when this box is empty. Dragging widgets into this box will replace the usual sidebar with your customized sidebar.' ); ?>
+						</span>
+					</div>
+					
+					<ul id="<?php echo $index; ?>">
+					<?php
+						if ( is_array( $sidebars_widgets[$index] ) ) {
+							foreach ( $sidebars_widgets[$index] as $name ) {
+								wp_widget_draggable( $name );
+							}
+						}
+					?>
+					</ul>
+				</div>
+			<?php
+				}
+			?>
+			
+			<br class="clear" />
+			
+			</div>
+		
+			<div id="palettediv">
+				<h3><?php _e( 'Available Widgets' ); ?></h3>
+			
+				<ul id="palette">
+				<?php
+					foreach ( $inactive_widgets as $name ) {
+						wp_widget_draggable( $name );
+					}
+				?>
+					<li id="lastmodule"><span></span></li>
+				</ul>
+			</div>
+		
+			<script type="text/javascript">
+			// <![CDATA[
+			<?php foreach ( $containers as $container ) { ?>
+				Sortable.create("<?php echo $container; ?>", {
+					dropOnEmpty: true, containment: [<?php echo $c_string; ?>], 
+					handle: 'handle', constraint: false, onUpdate: updateAll, 
+					format: /^widgetprefix-(.*)$/
+				});
+			<?php } ?>
+			// ]]>
+			</script>
+		
+			<p class="submit">
+			<?php wp_nonce_field( 'widgets-save-widget-order' ); ?>
+				<input type="hidden" name="action" id="action" value="save_widget_order" />
+				<input type="submit" value="<?php _e( 'Save Changes &raquo;' ); ?>" />
+			</p>
+		
+			<div id="controls">
+			<?php foreach ( $wp_registered_widget_controls as $name => $widget ) { ?>
+				<div class="hidden" id="<?php echo $widget['id']; ?>control">
+					<span class="controlhandle"><?php echo $widget['name']; ?></span>
+					<span id="<?php echo $widget['id']; ?>closer" class="controlcloser">&#215;</span>
+					<div class="controlform">
+					<?php call_user_func_array( $widget['callback'], $widget['params'] ); ?>
+					</div>
+				</div>
+			<?php } ?>
+			</div>
+		</form>
+		
+		<br class="clear" />
+	</div>
+	
+	<div id="shadow"> </div>
+	
+	<?php do_action( 'sidebar_admin_page' ); ?>
+
+<?php require_once 'admin-footer.php'; ?>

wp-admin/wp-admin.css

@@ -538,7 +538,7 @@ input.disabled, textarea.disabled {
 	border: none;
 }
 
-#postdiv, #titlediv, #guiddiv, #tagdiv {
+#postdiv, #titlediv, #guiddiv {
 	margin: 0 8px 0 0;
 	padding: 0;
 }
@@ -558,7 +558,7 @@ input.disabled, textarea.disabled {
 	line-height: 140%;
 }
 
-#titlediv input, #guiddiv input, #tagdiv input {
+#titlediv input, #guiddiv input {
 	margin: 0;
 	width: 100%;
 }

wp-app.php

@@ -673,8 +673,9 @@ EOD;
 		}
 
 		$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+		$filetype = wp_check_filetype($location);
 
-		if(!isset($location))
+		if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
 			$this->internal_error(__('Error ocurred while accessing post metadata for file location.'));
 
 		header('Content-Type: ' . $entry['post_mime_type']);
@@ -707,8 +708,9 @@ EOD;
 		}
 
 		$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+		$filetype = wp_check_filetype($location);
 
-		if(!isset($location))
+		if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
 			$this->internal_error(__('Error ocurred while accessing post metadata for file location.'));
 
 		$fp = fopen("php://input", "rb");

wp-blog-header.php

@@ -7,6 +7,7 @@ if ( !file_exists( dirname(__FILE__) . '/wp-config.php') ) {
 
 	require_once( dirname(__FILE__) . '/wp-includes/classes.php');
 	require_once( dirname(__FILE__) . '/wp-includes/functions.php');
+	require_once( dirname(__FILE__) . '/wp-includes/plugin.php');
 	wp_die("There doesn't seem to be a <code>wp-config.php</code> file. I need this before we can get started. Need more help? <a href='http://codex.wordpress.org/Editing_wp-config.php'>We got it</a>. You can <a href='{$path}setup-config.php'>create a <code>wp-config.php</code> file through a web interface</a>, but this doesn't work for all server setups. The safest way is to manually create the file.", "WordPress &rsaquo; Error");
 }
 

wp-config-sample.php

@@ -1,23 +1,23 @@
-<?php
-// ** MySQL settings ** //
-define('DB_NAME', 'putyourdbnamehere');    // The name of the database
-define('DB_USER', 'usernamehere');     // Your MySQL username
-define('DB_PASSWORD', 'yourpasswordhere'); // ...and password
-define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value
-define('DB_CHARSET', 'utf8');
-define('DB_COLLATE', '');
-
-// You can have multiple installations in one database if you give each a unique prefix
-$table_prefix  = 'wp_';   // Only numbers, letters, and underscores please!
-
-// Change this to localize WordPress.  A corresponding MO file for the
-// chosen language must be installed to wp-content/languages.
-// For example, install de.mo to wp-content/languages and set WPLANG to 'de'
-// to enable German language support.
-define ('WPLANG', '');
-
-/* That's all, stop editing! Happy blogging. */
-
-define('ABSPATH', dirname(__FILE__).'/');
-require_once(ABSPATH.'wp-settings.php');
-?>
+<?php
+// ** MySQL settings ** //
+define('DB_NAME', 'putyourdbnamehere');    // The name of the database
+define('DB_USER', 'usernamehere');     // Your MySQL username
+define('DB_PASSWORD', 'yourpasswordhere'); // ...and password
+define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value
+define('DB_CHARSET', 'utf8');
+define('DB_COLLATE', '');
+
+// You can have multiple installations in one database if you give each a unique prefix
+$table_prefix  = 'wp_';   // Only numbers, letters, and underscores please!
+
+// Change this to localize WordPress.  A corresponding MO file for the
+// chosen language must be installed to wp-content/languages.
+// For example, install de.mo to wp-content/languages and set WPLANG to 'de'
+// to enable German language support.
+define ('WPLANG', '');
+
+/* That's all, stop editing! Happy blogging. */
+
+define('ABSPATH', dirname(__FILE__).'/');
+require_once(ABSPATH.'wp-settings.php');
+?>

wp-content/index.php

@@ -1,3 +1,3 @@
-<?php
-// Silence is golden.
+<?php
+// Silence is golden.
 ?>

wp-content/themes/classic/index.php

@@ -8,7 +8,7 @@ get_header();
 
 <div class="post" id="post-<?php the_ID(); ?>">
 	 <h3 class="storytitle"><a href="<?php the_permalink() ?>" rel="bookmark"><?php the_title(); ?></a></h3>
-	<div class="meta"><?php _e("Filed under:"); ?> <?php the_category(',') ?> &#8212; <?php the_tags(__('Tags: '), ', ', ' &#8212; '); ?> <?php the_author() ?> @ <?php the_time() ?> <?php edit_post_link(__('Edit This')); ?></div>
+	<div class="meta"><?php _e("Filed under:"); ?> <?php the_category(',') ?> &#8212; <?php the_author() ?> @ <?php the_time() ?> <?php edit_post_link(__('Edit This')); ?></div>
 
 	<div class="storycontent">
 		<?php the_content(__('(more...)')); ?>

wp-content/themes/default/archive.php

@@ -1,25 +1,29 @@
 <?php get_header(); ?>
 
 	<div id="content" class="narrowcolumn">
-<?php is_tag(); ?>
+
 		<?php if (have_posts()) : ?>
 
- 	  <?php $post = $posts[0]; // Hack. Set $post so that the_date() works. ?>
- 	  <?php /* If this is a category archive */ if (is_category()) { ?>
+		 <?php $post = $posts[0]; // Hack. Set $post so that the_date() works. ?>
+<?php /* If this is a category archive */ if (is_category()) { ?>
 		<h2 class="pagetitle">Archive for the &#8216;<?php single_cat_title(); ?>&#8217; Category</h2>
- 	  <?php /* If this is a tag archive */ } elseif( is_tag() ) { ?>
-		<h2 class="pagetitle">Posts Tagged &#8216;<?php single_cat_title(); ?>&#8217;</h2>
+
  	  <?php /* If this is a daily archive */ } elseif (is_day()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('F jS, Y'); ?></h2>
- 	  <?php /* If this is a monthly archive */ } elseif (is_month()) { ?>
+
+	 <?php /* If this is a monthly archive */ } elseif (is_month()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('F, Y'); ?></h2>
- 	  <?php /* If this is a yearly archive */ } elseif (is_year()) { ?>
+
+		<?php /* If this is a yearly archive */ } elseif (is_year()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('Y'); ?></h2>
+
 	  <?php /* If this is an author archive */ } elseif (is_author()) { ?>
 		<h2 class="pagetitle">Author Archive</h2>
- 	  <?php /* If this is a paged archive */ } elseif (isset($_GET['paged']) && !empty($_GET['paged'])) { ?>
+
+		<?php /* If this is a paged archive */ } elseif (isset($_GET['paged']) && !empty($_GET['paged'])) { ?>
 		<h2 class="pagetitle">Blog Archives</h2>
- 	  <?php } ?>
+
+		<?php } ?>
 
 
 		<div class="navigation">
@@ -36,7 +40,7 @@
 					<?php the_content() ?>
 				</div>
 
-				<p class="postmetadata"><?php the_tags('Tags: ', ', ', '<br />'); ?> Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
+				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
 
 			</div>
 

wp-content/themes/default/comments.php

@@ -6,7 +6,7 @@
 		if ($_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) {  // and it doesn't match the cookie
 			?>
 
-			<p class="nocomments">This post is password protected. Enter the password to view comments.<p>
+			<p class="nocomments">This post is password protected. Enter the password to view comments.</p>
 
 			<?php
 			return;

wp-content/themes/default/functions.php

@@ -82,6 +82,7 @@ add_action('admin_menu', 'kubrick_add_theme_page');
 function kubrick_add_theme_page() {
 	if ( $_GET['page'] == basename(__FILE__) ) {
 		if ( 'save' == $_REQUEST['action'] ) {
+			check_admin_referer('kubrick-header');
 			if ( isset($_REQUEST['njform']) ) {
 				if ( isset($_REQUEST['defaults']) ) {
 					delete_option('kubrick_header_image');
@@ -90,13 +91,14 @@ function kubrick_add_theme_page() {
 				} else {
 					if ( '' == $_REQUEST['njfontcolor'] )
 						delete_option('kubrick_header_color');
-					else
-						update_option('kubrick_header_color', $_REQUEST['njfontcolor']);
-
+					else {
+						$fontcolor = preg_replace('/^.*(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['njfontcolor']);
+						update_option('kubrick_header_color', $fontcolor);
+					}
 					if ( preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njuppercolor'], $uc) && preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njlowercolor'], $lc) ) {
 						$uc = ( strlen($uc[0]) == 3 ) ? $uc[0]{0}.$uc[0]{0}.$uc[0]{1}.$uc[0]{1}.$uc[0]{2}.$uc[0]{2} : $uc[0];
 						$lc = ( strlen($lc[0]) == 3 ) ? $lc[0]{0}.$lc[0]{0}.$lc[0]{1}.$lc[0]{1}.$lc[0]{2}.$lc[0]{2} : $lc[0];
-						update_option('kubrick_header_image', "header-img.php?upper=$uc&lower=$lc");
+						update_option('kubrick_header_image', "header-img.php?upper=$uc&lower=$lc");
 					}
 
 					if ( isset($_REQUEST['toggledisplay']) ) {
@@ -109,20 +111,27 @@ function kubrick_add_theme_page() {
 			} else {
 
 				if ( isset($_REQUEST['headerimage']) ) {
+					check_admin_referer('kubrick-header');
 					if ( '' == $_REQUEST['headerimage'] )
 						delete_option('kubrick_header_image');
-					else
-						update_option('kubrick_header_image', $_REQUEST['headerimage']);
+					else {
+						$headerimage = preg_replace('/^.*?(header-img.php\?upper=[0-9a-fA-F]{6}&lower=[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['headerimage']);
+						update_option('kubrick_header_image', $headerimage);
+					}
 				}
 
 				if ( isset($_REQUEST['fontcolor']) ) {
+					check_admin_referer('kubrick-header');
 					if ( '' == $_REQUEST['fontcolor'] )
 						delete_option('kubrick_header_color');
-					else
-						update_option('kubrick_header_color', $_REQUEST['fontcolor']);
+					else {
+						$fontcolor = preg_replace('/^.*?(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['fontcolor']);
+						update_option('kubrick_header_color', $fontcolor);
+					}
 				}
 
 				if ( isset($_REQUEST['fontdisplay']) ) {
+					check_admin_referer('kubrick-header');
 					if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] )
 						delete_option('kubrick_header_display');
 					else
@@ -135,7 +144,7 @@ function kubrick_add_theme_page() {
 		}
 		add_action('admin_head', 'kubrick_theme_page_head');
 	}
-	add_theme_page('Customize Header', 'Header Image and Color', 'edit_themes', basename(__FILE__), 'kubrick_theme_page');
+	add_theme_page(__('Customize Header'), __('Header Image and Color'), 'edit_themes', basename(__FILE__), 'kubrick_theme_page');
 }
 
 function kubrick_theme_page_head() {
@@ -148,7 +157,7 @@ function kubrick_theme_page_head() {
 		kUpdate(ColorPicker_targetInput.id);
 	}
 	function PopupWindow_populate(contents) {
-		contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" value="Close Color Picker" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';
+		contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" value="<?php echo attribute_escape(__('Close Color Picker')); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';
 		this.contents = contents;
 		this.populated = false;
 	}
@@ -233,13 +242,13 @@ function kubrick_theme_page_head() {
 		document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
 	}
 	function kRevert() {
-		document.getElementById('headerimage').value = '<?php echo kubrick_header_image(); ?>';
-		document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo kubrick_upper_color(); ?>';
-		document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo kubrick_lower_color(); ?>';
-		document.getElementById('header').style.background = 'url("<?php echo kubrick_header_image_url(); ?>") center no-repeat';
+		document.getElementById('headerimage').value = '<?php echo js_escape(kubrick_header_image()); ?>';
+		document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo js_escape(kubrick_upper_color()); ?>';
+		document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo js_escape(kubrick_lower_color()); ?>';
+		document.getElementById('header').style.background = 'url("<?php echo js_escape(kubrick_header_image_url()); ?>") center no-repeat';
 		document.getElementById('header').style.color = '';
-		document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo kubrick_header_color_string(); ?>';
-		document.getElementById('fontdisplay').value = '<?php echo kubrick_header_display_string(); ?>';
+		document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo js_escape(kubrick_header_color_string()); ?>';
+		document.getElementById('fontdisplay').value = '<?php echo js_escape(kubrick_header_display_string()); ?>';
 		document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
 	}
 	function kInit() {
@@ -345,11 +354,11 @@ function kubrick_theme_page_head() {
 }
 
 function kubrick_theme_page() {
-	if ( $_REQUEST['saved'] ) echo '<div id="message" class="updated fade"><p><strong>Options saved.</strong></p></div>';
+	if ( $_REQUEST['saved'] ) echo '<div id="message" class="updated fade"><p><strong>'.__('Options saved.').'</strong></p></div>';
 ?>
 <div class='wrap'>
 	<div id="kubrick-header">
-		<h2>Header Image and Color</h2>
+	<h2><?php _e('Header Image and Color'); ?></h2>
 		<div id="headwrap">
 			<div id="header">
 				<div id="headerimg">
@@ -361,41 +370,44 @@ function kubrick_theme_page() {
 		<br />
 		<div id="nonJsForm">
 			<form method="post" action="">
-				<div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div>
-				<label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo kubrick_header_color(); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />
-				<label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo kubrick_upper_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
-				<label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo kubrick_lower_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
-				<input type="hidden" name="hi" id="hi" value="<?php echo kubrick_header_image(); ?>" />
-				<input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />
-				<input type="submit" name="defaults" value="Use Defaults" />
-				<input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;Save&nbsp;&nbsp;" />
+				<?php wp_nonce_field('kubrick-header'); ?>
+				<div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php echo attribute_escape(__('Save')); ?>" /></div>
+					<label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br />
+					<label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
+				<label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
+				<input type="hidden" name="hi" id="hi" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
+				<input type="submit" name="toggledisplay" id="toggledisplay" value="<?php echo attribute_escape(__('Toggle Text')); ?>" />
+				<input type="submit" name="defaults" value="<?php echo attribute_escape(__('Use Defaults')); ?>" />
+				<input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;<?php _e('Save'); ?>&nbsp;&nbsp;" />
 				<input type="hidden" name="action" value="save" />
 				<input type="hidden" name="njform" value="true" />
 			</form>
 		</div>
 		<div id="jsForm">
-			<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
-				<input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="Font Color"></input>
-				<input type="button" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="Upper Color"></input>
-				<input type="button" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="Lower Color"></input>
-				<input type="button" name="revert" value="Revert" onclick="kRevert()" />
-				<input type="button" value="Advanced" onclick="toggleAdvanced()" />
+			<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attribute_escape($_SERVER['REQUEST_URI']); ?>">
+				<?php wp_nonce_field('kubrick-header'); ?>
+	<input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php echo attribute_escape(__('Font Color')); ?>"></input>
+		<input type="button" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php echo attribute_escape(__('Upper Color')); ?>"></input>
+		<input type="button" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php echo attribute_escape(__('Lower Color')); ?>"></input>
+				<input type="button" name="revert" value="<?php echo attribute_escape(__('Revert')); ?>" onclick="kRevert()" />
+				<input type="button" value="<?php echo attribute_escape(__('Advanced')); ?>" onclick="toggleAdvanced()" />
 				<input type="hidden" name="action" value="save" />
-				<input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo kubrick_header_display(); ?>" />
-				<input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo kubrick_header_color(); ?>" />
-				<input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo kubrick_upper_color(); ?>" />
-				<input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo kubrick_lower_color(); ?>" />
-				<input type="hidden" name="headerimage" id="headerimage" value="<?php echo kubrick_header_image(); ?>" />
-				<p class="submit"><input type="submit" name="submitform" class="defbutton" value="<?php _e('Update Header &raquo;'); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
+				<input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attribute_escape(kubrick_header_display()); ?>" />
+				<input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" />
+				<input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attribute_escape(kubrick_upper_color()); ?>" />
+				<input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attribute_escape(kubrick_lower_color()); ?>" />
+				<input type="hidden" name="headerimage" id="headerimage" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
+				<p class="submit"><input type="submit" name="submitform" class="defbutton" value="<?php echo attribute_escape(__('Update Header &raquo;')); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
 			</form>
 			<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
 			<div id="advanced">
 				<form id="jsAdvanced" style="display:none;" action="">
-					<label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo kubrick_header_color(); ?>" /><br />
-					<label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo kubrick_upper_color(); ?>" /><br />
-					<label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo kubrick_lower_color(); ?>" /><br />
-					<input type="button" name="default" value="Select Default Colors" onclick="kDefaults()" /><br />
-					<input type="button" onclick="toggleDisplay();return false;" name="pick" id="pick" value="Toggle Text Display"></input><br />
+					<?php wp_nonce_field('kubrick-header'); ?>
+					<label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /><br />
+					<label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /><br />
+					<label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /><br />
+					<input type="button" name="default" value="<?php echo attribute_escape(__('Select Default Colors')); ?>" onclick="kDefaults()" /><br />
+					<input type="button" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php echo attribute_escape(__('Toggle Text Display')); ?>"></input><br />
 				</form>
 			</div>
 		</div>

wp-content/themes/default/index.php

@@ -14,7 +14,7 @@
 					<?php the_content('Read the rest of this entry &raquo;'); ?>
 				</div>
 
-				<p class="postmetadata"><?php the_tags('Tags: ', ', ', '<br />'); ?> Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
+				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
 			</div>
 
 		<?php endwhile; ?>

wp-content/themes/default/search.php

@@ -18,7 +18,7 @@
 				<h3 id="post-<?php the_ID(); ?>"><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h3>
 				<small><?php the_time('l, F jS, Y') ?></small>
 
-				<p class="postmetadata"><?php the_tags('Tags: ', ', ', '<br />'); ?> Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
+				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
 			</div>
 
 		<?php endwhile; ?>

wp-content/themes/default/single.php

@@ -16,7 +16,6 @@
 				<?php the_content('<p class="serif">Read the rest of this entry &raquo;</p>'); ?>
 
 				<?php wp_link_pages(array('before' => '<p><strong>Pages:</strong> ', 'after' => '</p>', 'next_or_number' => 'number')); ?>
-				<?php the_tags( '<p>Tags: ', ', ', '</p>'); ?>
 
 				<p class="postmetadata alt">
 					<small>

wp-includes/author-template.php

@@ -183,7 +183,7 @@ function wp_list_authors($args = '') {
 	$defaults = array('optioncount' => false, 'exclude_admin' => true, 'show_fullname' => false, 'hide_empty' => true,
 		'feed' => '', 'feed_image' => '');
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 	
 	// TODO:  Move select to get_authors().
 	$authors = $wpdb->get_results("SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name");

wp-includes/bookmark-template.php

@@ -253,7 +253,7 @@ function _walk_bookmarks($bookmarks, $args = '' ) {
 	$defaults = array('show_updated' => 0, 'show_description' => 0, 'show_images' => 1, 'before' => '<li>',
 		'after' => '</li>', 'between' => "\n");
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	foreach ( (array) $bookmarks as $bookmark ) {
 		if ( !isset($bookmark->recently_updated) )
@@ -331,7 +331,7 @@ function wp_list_bookmarks($args = '') {
 		'category_orderby' => 'name', 'category_order' => 'ASC', 'class' => 'linkcat',
 		'category_before' => '<li id="%id" class="%class">', 'category_after' => '</li>');
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$output = '';
 

wp-includes/bookmark.php

@@ -34,7 +34,7 @@ function get_bookmarks($args = '') {
 	$defaults = array('orderby' => 'name', 'order' => 'ASC', 'limit' => -1, 'category' => '',
 		'category_name' => '', 'hide_invisible' => 1, 'show_updated' => 0, 'include' => '', 'exclude' => '');
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$key = md5( serialize( $r ) );
 	if ( $cache = wp_cache_get( 'get_bookmarks', 'bookmark' ) )

wp-includes/category-template.php

@@ -83,6 +83,15 @@ function _get_the_category_usort($a, $b) {
 	return strcmp($a->category_name, $b->category_name);
 }
 
+function _get_the_category_usort_by_ID($a, $b) {
+	if ( $a->cat_ID > $b->cat_ID )
+		return 1;
+	elseif ( $a->cat_ID < $b->cat_ID )
+		return -1;
+	else
+		return 0;
+}
+
 function get_the_category_by_ID($cat_ID) {
 	$cat_ID = (int) $cat_ID;
 	$category = &get_category($cat_ID);
@@ -182,7 +191,7 @@ function wp_dropdown_categories($args = '') {
 	$defaults['selected'] = ( is_category() ) ? get_query_var('cat') : 0;
 	$r = array_merge($defaults, $r);
 	$r['include_last_update_time'] = $r['show_last_update'];
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$categories = get_categories($r);
 
@@ -233,7 +242,7 @@ function wp_list_categories($args = '') {
 		$r['pad_counts'] = true;
 	if ( isset($r['show_date']) )
 		$r['include_last_update_time'] = $r['show_date'];
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$categories = get_categories($r);
 
@@ -272,90 +281,6 @@ function wp_list_categories($args = '') {
 	echo apply_filters('wp_list_categories', $output);
 }
 
-function wp_tag_cloud( $args = '' ) {
-	$defaults = array(
-		'smallest' => 8, 'largest' => 22, 'unit' => 'pt', 'number' => 45, 
-		'format' => 'flat', 'orderby' => 'name', 'order' => 'ASC',
-		'exclude' => '', 'include' => ''
-	);
-	$args = wp_parse_args( $args, $defaults );
-
-	$tags = get_tags( array_merge($args, array('orderby' => 'count', 'order' => 'DESC')) ); // Always query top tags
-
-	if ( empty($tags) )
-		return;
-
-	$return = wp_generate_tag_cloud( $tags, $args ); // Here's where those top tags get sorted according to $args
-	echo apply_filters( 'wp_tag_cloud', $return, $args );
-}
-
-// $tags = prefetched tag array ( get_tags() )
-// $args['format'] = 'flat' => whitespace separated, 'list' => UL, 'array' => array()
-// $args['orderby'] = 'name', 'count'
-function wp_generate_tag_cloud( $tags, $args = '' ) {
-	global $wp_rewrite;
-	$defaults = array(
-		'smallest' => 8, 'largest' => 22, 'unit' => 'pt', 'number' => 45,
-		'format' => 'flat', 'orderby' => 'name', 'order' => 'ASC'
-	);
-	$args = wp_parse_args( $args, $defaults );
-	extract($args);
-
-	if ( !$tags )
-		return;
-	$counts = $tag_links = array();
-	foreach ( (array) $tags as $tag ) {
-		$counts[$tag->cat_name] = $tag->tag_count;
-		$tag_links[$tag->cat_name] = get_tag_link( $tag->cat_ID );
-	}
-
-	$min_count = min($counts);
-	$spread = max($counts) - $min_count;
-	if ( $spread <= 0 )
-		$spread = 1;
-	$font_spread = $largest - $smallest;
-	if ( $font_spread <= 0 )
-		$font_spread = 1;
-	$font_step = $font_spread / $spread;
-
-	// SQL cannot save you; this is a second (potentially different) sort on a subset of data.
-	if ( 'name' == $orderby )
-		uksort($counts, 'strnatcasecmp');
-	else
-		asort($counts);
-
-	if ( 'DESC' == $order )
-		$counts = array_reverse( $tag_counts, true );
-
-	$a = array();
-
-	$rel = ( is_object($wp_rewrite) && $wp_rewrite->using_permalinks() ) ? ' rel="tag"' : '';
-
-	foreach ( $counts as $tag => $count ) {
-		$tag_link = clean_url($tag_links[$tag]);
-		$tag = str_replace(' ', '&nbsp;', wp_specialchars( $tag ));
-		$a[] = "<a href='$tag_link' title='" . attribute_escape( sprintf( __('%d topics'), $count ) ) . "'$rel style='font-size: " .
-			( $smallest + ( ( $count - $min_count ) * $font_step ) )
-			. "$unit;'>$tag</a>";
-	}
-
-	switch ( $format ) :
-	case 'array' :
-		$return =& $a;
-		break;
-	case 'list' :
-		$return = "<ul class='wp-tag-cloud'>\n\t<li>";
-		$return .= join("</li>\n\t<li>", $a);
-		$return .= "</li>\n</ul>\n";
-		break;
-	default :
-		$return = join("\n", $a);
-		break;
-	endswitch;
-
-	return apply_filters( 'wp_generate_tag_cloud', $return, $tags, $args );
-}
-
 //
 // Helper functions
 //
@@ -372,63 +297,4 @@ function walk_category_dropdown_tree() {
 	return call_user_func_array(array(&$walker, 'walk'), $args);
 }
 
-//
-// Tags
-//
-
-function get_tag_link( $tag_id ) {
-	global $wp_rewrite;
-	$catlink = $wp_rewrite->get_tag_permastruct();
-
-	$category = &get_category($tag_id);
-	$category_nicename = $category->category_nicename;
-
-	if ( empty($catlink) ) {
-		$file = get_option('home') . '/';
-		$catlink = $file . '?tag=' . $category_nicename;
-	} else {
-
-		$catlink = str_replace('%tag%', $category_nicename, $catlink);
-		$catlink = get_option('home') . user_trailingslashit($catlink, 'category');
-	}
-	return apply_filters('tag_link', $catlink, $tag_id);
-}
-
-function get_the_tags( $id = 0 ) {
-	global $post; 
- 
- 	$id = (int) $id;
-
-	if ( ! $id && ! in_the_loop() ) 
-		return false; // in-the-loop function 
- 
-	if ( !$id ) 
-		$id = (int) $post->ID;
-
-	$tags = wp_get_post_tags( $id );
-	$tags = apply_filters( 'get_the_tags', $tags );
-	if ( empty( $tags ) ) 
-		return false; 
-	return $tags; 
-}
-
-function the_tags( $before = 'Tags: ', $sep = ', ', $after = '' ) {
-	$tags = get_the_tags();
-
-	if ( empty( $tags ) )
-		return false;
-	
-	$tag_list = $before;
-	foreach ( $tags as $tag )
-		$tag_links[] = '<a href="' . get_tag_link($tag->cat_ID) . '">' . $tag->cat_name . '</a>';
-
-	$tag_links = join( $sep, $tag_links );
-	$tag_links = apply_filters( 'the_tags', $tag_links );
-	$tag_list .= $tag_links;
-
-	$tag_list .= $after;
-
-	echo $tag_list;
-}
-
 ?>

wp-includes/category.php

@@ -1,8 +1,5 @@
 <?php
 
-define('TAXONOMY_CATEGORY', 1);
-define('TAXONOMY_TAG', 2);
-
 function get_all_category_ids() {
 	global $wpdb;
 
@@ -31,7 +28,7 @@ function &get_categories($args = '') {
 	else
 		$r['orderby'] = "cat_" . $r['orderby'];  // restricts order by to cat_ID and cat_name fields
 	$r['number'] = (int) $r['number'];
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$key = md5( serialize( $r ) );
 	if ( $cache = wp_cache_get( 'get_categories', 'category' ) )
@@ -80,12 +77,8 @@ function &get_categories($args = '') {
 			$where .= ' AND link_count > 0';
 		else
 			$where .= ' AND category_count > 0';
-	} else {
-		$where .= ' AND ( type & ' . TAXONOMY_CATEGORY . ' != 0 ) ';
 	}
 
-	
-
 	if ( !empty($number) )
 		$number = 'LIMIT ' . $number;
 	else
@@ -213,15 +206,6 @@ function get_category_by_path($category_path, $full_match = true, $output = OBJE
 	return NULL;
 }
 
-function get_category_by_slug( $slug  ) {
-	global $wpdb;
-	$slug = sanitize_title( $slug );
-	if ( empty( $slug ) )
-		return false;
-	$category = $wpdb->get_var( "SELECT * FROM $wpdb->categories WHERE category_nicename = '$slug' " );
-	return get_category( $category );
-}
-
 // Get the ID of a category from its name
 function get_cat_ID($cat_name='General') {
 	global $wpdb;
@@ -267,9 +251,9 @@ function &_get_cat_children($category_id, $categories) {
 		return array();
 
 	$category_list = array();
-	$children = _get_category_hierarchy();
+	$has_children = _get_category_hierarchy();
 
-	if  ( ( 0 != $category_id ) && ! isset($children[$category_id]) )
+	if  ( ( 0 != $category_id ) && ! isset($has_children[$category_id]) )
 		return array();
 
 	foreach ( $categories as $category ) {
@@ -279,9 +263,9 @@ function &_get_cat_children($category_id, $categories) {
 		if ( $category->category_parent == $category_id ) {
 			$category_list[] = $category;
 
-			if ( !isset($children[$category->cat_ID]) )
+			if ( !isset($has_children[$category->cat_ID]) )
 				continue;
-			
+
 			if ( $children = _get_cat_children($category->cat_ID, $categories) )
 				$category_list = array_merge($category_list, $children);
 		}
@@ -344,86 +328,4 @@ function _get_category_hierarchy() {
 
 	return $children;
 }
-
-// Tags
-
-function &get_tags($args = '') {
-	global $wpdb, $category_links;
-
-	$defaults = array('orderby' => 'name', 'order' => 'ASC',
-		'hide_empty' => true, 'exclude' => '', 'include' => '',
-		'number' => '');
-	$args = wp_parse_args( $args, $defaults );
-	if ( 'count' == $args['orderby'] )
-		$args['orderby'] = 'tag_count';
-	else
-		$args['orderby'] = "cat_" . $args['orderby'];  // restricts order by to cat_ID and cat_name fields
-	$args['number'] = (int) $args['number'];
-	extract($args);
-
-	$key = md5( serialize( $args ) );
-	if ( $cache = wp_cache_get( 'get_tags', 'category' ) )
-		if ( isset( $cache[ $key ] ) )
-			return apply_filters('get_tags', $cache[$key], $args);
-
-	$where = 'cat_ID > 0';
-	$inclusions = '';
-	if ( !empty($include) ) {
-		$child_of = 0; //ignore child_of and exclude params if using include
-		$exclude = '';
-		$incategories = preg_split('/[\s,]+/',$include);
-		if ( count($incategories) ) {
-			foreach ( $incategories as $incat ) {
-				if (empty($inclusions))
-					$inclusions = ' AND ( cat_ID = ' . intval($incat) . ' ';
-				else
-					$inclusions .= ' OR cat_ID = ' . intval($incat) . ' ';
-			}
-		}
-	}
-
-	if (!empty($inclusions))
-		$inclusions .= ')';
-	$where .= $inclusions;
-
-	$exclusions = '';
-	if ( !empty($exclude) ) {
-		$excategories = preg_split('/[\s,]+/',$exclude);
-		if ( count($excategories) ) {
-			foreach ( $excategories as $excat ) {
-				if (empty($exclusions))
-					$exclusions = ' AND ( cat_ID <> ' . intval($excat) . ' ';
-				else
-					$exclusions .= ' AND cat_ID <> ' . intval($excat) . ' ';
-			}
-		}
-	}
-
-	if (!empty($exclusions))
-		$exclusions .= ')';
-	$exclusions = apply_filters('list_tags_exclusions', $exclusions, $args );
-	$where .= $exclusions;
-
-	if ( $hide_empty )
-		$where .= ' AND tag_count > 0';
-
-	$where .= ' AND ( type & ' . TAXONOMY_TAG . ' != 0 ) ';
-
-	if ( !empty($number) )
-		$number = 'LIMIT ' . $number;
-	else
-		$number = '';
-
-	$tags = $wpdb->get_results("SELECT * FROM $wpdb->categories WHERE $where ORDER BY $orderby $order $number");
-
-	if ( empty($tags) )
-		return array();
-
-	$cache[ $key ] = $tags;
-	wp_cache_set( 'get_tags', $cache, 'category' );
-
-	$tags = apply_filters('get_tags', $tags, $args);
-	return $tags;
-}
-
 ?>

wp-includes/classes.php

@@ -1,7 +1,7 @@
 <?php
 
 class WP {
-	var $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'debug', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots');
+	var $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'debug', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots');
 
 	var $private_query_vars = array('offset', 'posts_per_page', 'posts_per_archive_page', 'what_to_show', 'showposts', 'nopaging', 'post_type');
 	var $extra_query_vars = array();
@@ -506,7 +506,7 @@ class Walker_Page extends Walker {
 	function start_el($output, $page, $depth, $current_page, $args) {
 		if ( $depth )
 			$indent = str_repeat("\t", $depth);
-		extract($args);
+		extract($args, EXTR_SKIP);
 		$css_class = 'page_item';
 		$_current_page = get_page( $current_page );
 		if ( $page->ID == $current_page )
@@ -696,7 +696,7 @@ class WP_Ajax_Response {
 				'data' => '', 'supplemental' => array());
 
 		$r = array_merge($defaults, $r);
-		extract($r);
+		extract($r, EXTR_SKIP);
 
 		if ( is_wp_error($id) ) {
 			$data = $id;

wp-includes/comment-template.php

@@ -239,7 +239,7 @@ function trackback_url( $display = true ) {
 
 function trackback_rdf($timezone = 0) {
 	global $id;
-	if (strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) {
+	if (stripos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') === false) {
 		echo '<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
 				xmlns:dc="http://purl.org/dc/elements/1.1/"
 				xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/">
@@ -285,7 +285,7 @@ function comments_template( $file = '/comments.php' ) {
 
 	$req = get_option('require_name_email');
 	$commenter = wp_get_current_commenter();
-	extract($commenter);
+	extract($commenter, EXTR_SKIP);
 
 	// TODO: Use API instead of SELECTs.
 	if ( $user_ID) {

wp-includes/comment.php

@@ -178,7 +178,7 @@ function sanitize_comment_cookies() {
 
 function wp_allow_comment($commentdata) {
 	global $wpdb;
-	extract($commentdata);
+	extract($commentdata, EXTR_SKIP);
 
 	// Simple duplicate check
 	$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
@@ -325,7 +325,7 @@ function wp_get_current_commenter() {
 
 function wp_insert_comment($commentdata) {
 	global $wpdb;
-	extract($commentdata);
+	extract($commentdata, EXTR_SKIP);
 
 	if ( ! isset($comment_author_IP) )
 		$comment_author_IP = preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] );
@@ -457,7 +457,7 @@ function wp_update_comment($commentarr) {
 	$commentarr = wp_filter_comment( $commentarr );
 
 	// Now extract the merged array.
-	extract($commentarr);
+	extract($commentarr, EXTR_SKIP);
 
 	$comment_content = apply_filters('comment_save_pre', $comment_content);
 
@@ -517,7 +517,7 @@ function discover_pingback_server_uri($url, $timeout_bytes = 2048) {
 	$x_pingback_str = 'x-pingback: ';
 	$pingback_href_original_pos = 27;
 
-	extract(parse_url($url));
+	extract(parse_url($url), EXTR_SKIP);
 
 	if ( !isset($host) ) // Not an URL. This should never happen.
 		return false;

wp-includes/default-filters.php

@@ -173,4 +173,7 @@ add_action('sanitize_comment_cookies', 'sanitize_comment_cookies');
 add_action('admin_print_scripts', 'wp_print_scripts', 20);
 add_action('mce_options', '_mce_set_direction');
 add_action('init', 'smilies_init', 5);
-?>
+add_action( 'plugins_loaded', 'wp_maybe_load_widgets', 0 );
+add_action( 'shutdown', 'wp_ob_end_flush_all', 1);
+
+?>

wp-includes/feed-atom-comments.php

@@ -20,7 +20,7 @@ echo '<?xml version="1.0" encoding="' . get_option('blog_charset') . '" ?' . '>'
 	<updated><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_lastcommentmodified('GMT')); ?></updated>
 	<generator uri="http://wordpress.org/" version="<?php bloginfo('version'); ?>">WordPress</generator>
 
-	<link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" content="<?php bloginfo_rss('home'); ?>" />
+	<link rel="alternate" type="<?php bloginfo_rss('html_type'); ?>" href="<?php bloginfo_rss('home'); ?>" />
 	<link rel="self" type="application/atom+xml" href="<?php bloginfo_rss('comments_atom_url'); ?>" />
 	<id><?php bloginfo_rss('comments_atom_url'); ?></id>
 
@@ -40,7 +40,7 @@ if ( have_comments() ) : while ( have_comments() ) : the_comment();
 				printf(__('By: %s'), get_comment_author_rss());
 			}
 		?></title>
-		<link rel="alternate" href="<?php comment_link(); ?>" type="<?php bloginfo_rss('content_type'); ?>" />
+		<link rel="alternate" href="<?php comment_link(); ?>" type="<?php bloginfo_rss('html_type'); ?>" />
 
 		<author>
 			<name><?php comment_author_rss(); ?></name>
@@ -49,8 +49,8 @@ if ( have_comments() ) : while ( have_comments() ) : the_comment();
 		</author>
 
 		<id><?php comment_link(); ?></id>
-		<updated><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></updated>
-		<published><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></published>
+		<updated><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></updated>
+		<published><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></published>
 <?php if (!empty($comment_post->post_password) && $_COOKIE['wp-postpass'] != $comment_post->post_password) : ?>
 		<content type="html" xml:base="<?php comment_link(); ?>"><![CDATA[<?php echo get_the_password_form(); ?>]]></content>
 <?php else : // post pass ?>

wp-includes/feed.php

@@ -151,13 +151,13 @@ function get_the_category_rss($type = 'rss') {
 	$home = get_bloginfo_rss('home');
 	$the_list = '';
 	foreach ( (array) $categories as $category ) {
-		$category->cat_name = convert_chars($category->cat_name);
+		$cat_name = convert_chars($category->cat_name);
 		if ( 'rdf' == $type )
-			$the_list .= "\n\t\t<dc:subject><![CDATA[$category->cat_name]]></dc:subject>\n";
+			$the_list .= "\n\t\t<dc:subject><![CDATA[$cat_name]]></dc:subject>\n";
 		if ( 'atom' == $type )
-			$the_list .= "<category scheme='$home' term='$category->cat_name' />";
+			$the_list .= sprintf( '<category scheme="%1$s" term="%2$s" />', attribute_escape( apply_filters( 'get_bloginfo_rss', get_bloginfo( 'url' ) ) ), attribute_escape( $category->cat_name ) );
 		else
-			$the_list .= "\n\t\t<category><![CDATA[$category->cat_name]]></category>\n";
+			$the_list .= "\n\t\t<category><![CDATA[$cat_name]]></category>\n";
 	}
 	return apply_filters('the_category_rss', $the_list, $type);
 }

wp-includes/formatting.php

@@ -1103,7 +1103,7 @@ function htmlentities2($myHTML) {
 // Escape single quotes, specialchar double quotes, and fix line endings.
 function js_escape($text) {
 	$safe_text = wp_specialchars($text, 'double');
-	$safe_text = str_replace(''', "'", $safe_text);
+	$safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text));
 	$safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
 	return apply_filters('js_escape', $safe_text, $text);
 }
@@ -1118,4 +1118,11 @@ function wp_make_link_relative( $link ) {
 	return preg_replace('|https?://[^/]+(/.*)|i', '$1', $link );
 }
 
+function wp_parse_str( $string, &$array ) {
+	parse_str( $string, $array );
+	if ( get_magic_quotes_gpc() )
+		$array = stripslashes_deep( $array ); // parse_str() adds slashes if magicquotes is on.  See: http://php.net/parse_str
+	$array = apply_filters( 'wp_parse_str', $array );
+}
+
 ?>

wp-includes/functions.php

@@ -203,6 +203,7 @@ function is_serialized_string($data) {
 
 /* Options functions */
 
+// expects $setting to already be SQL-escaped
 function get_option($setting) {
 	global $wpdb;
 
@@ -302,16 +303,19 @@ function wp_load_alloptions() {
 	return $alloptions;
 }
 
+// expects $option_name to NOT be SQL-escaped
 function update_option($option_name, $newvalue) {
 	global $wpdb;
 
 	wp_protect_special_option($option_name);
 
+	$safe_option_name = $wpdb->escape($option_name);
+
 	if ( is_string($newvalue) )
 		$newvalue = trim($newvalue);
 
 	// If the new and old values are the same, no need to update.
-	$oldvalue = get_option($option_name);
+	$oldvalue = get_option($safe_option_name);
 	if ( $newvalue === $oldvalue ) {
 		return false;
 	}
@@ -322,7 +326,7 @@ function update_option($option_name, $newvalue) {
 	}
 
 	$notoptions = wp_cache_get('notoptions', 'options');
-	if ( isset($notoptions[$option_name]) ) {
+	if ( is_array($notoptions) && isset($notoptions[$option_name]) ) {
 		unset($notoptions[$option_name]);
 		wp_cache_set('notoptions', $notoptions, 'options');
 	}
@@ -349,21 +353,21 @@ function update_option($option_name, $newvalue) {
 }
 
 // thx Alex Stapleton, http://alex.vort-x.net/blog/
+// expects $name to NOT be SQL-escaped
 function add_option($name, $value = '', $description = '', $autoload = 'yes') {
 	global $wpdb;
 
 	wp_protect_special_option($name);
+	$safe_name = $wpdb->escape($name);
 
-	// Make sure the option doesn't already exist we can check the cache before we ask for a db query
+	// Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query
 	$notoptions = wp_cache_get('notoptions', 'options');
-	if ( isset($notoptions[$name]) ) {
-		unset($notoptions[$name]);
-		wp_cache_set('notoptions', $notoptions, 'options');
-	} elseif ( false !== get_option($name) ) {
+	if ( !is_array($notoptions) || !isset($notoptions[$name]) )
+		if ( false !== get_option($safe_name) )
 			return;
-	}
 
 	$value = maybe_serialize($value);
+	$autoload = ( 'no' === $autoload ) ? 'no' : 'yes';
 
 	if ( 'yes' == $autoload ) {
 		$alloptions = wp_load_alloptions();
@@ -373,6 +377,13 @@ function add_option($name, $value = '', $description = '', $autoload = 'yes') {
 		wp_cache_set($name, $value, 'options');
 	}
 
+	// This option exists now
+	$notoptions = wp_cache_get('notoptions', 'options'); // yes, again... we need it to be fresh
+	if ( is_array($notoptions) && isset($notoptions[$name]) ) {
+		unset($notoptions[$name]);
+		wp_cache_set('notoptions', $notoptions, 'options');
+	}
+
 	$name = $wpdb->escape($name);
 	$value = $wpdb->escape($value);
 	$description = $wpdb->escape($description);
@@ -602,7 +613,7 @@ function update_post_cache(&$posts) {
 }
 
 function clean_post_cache($id) {
-	global $post_cache, $post_meta_cache, $category_cache, $tag_cache, $blog_id;
+	global $post_cache, $post_meta_cache, $category_cache, $blog_id;
 
 	if ( isset( $post_cache[$blog_id][$id] ) )
 		unset( $post_cache[$blog_id][$id] );
@@ -612,9 +623,6 @@ function clean_post_cache($id) {
 
 	if ( isset( $category_cache[$blog_id][$id]) )
 		unset ( $category_cache[$blog_id][$id] );
-
-	if ( isset( $tag_cache[$blog_id][$id]) )
-		unset ( $tag_cache[$blog_id][$id] );
 }
 
 function update_page_cache(&$pages) {
@@ -641,7 +649,7 @@ function clean_page_cache($id) {
 }
 
 function update_post_category_cache($post_ids) {
-	global $wpdb, $category_cache, $tag_cache, $blog_id;
+	global $wpdb, $category_cache, $blog_id;
 
 	if ( empty($post_ids) )
 		return;
@@ -662,21 +670,17 @@ function update_post_category_cache($post_ids) {
 		return;
 	$post_id_list = join( ',', $post_id_array ); // with already cached stuff removed
 
-	$dogs = $wpdb->get_results("SELECT post_id, category_id, rel_type FROM $wpdb->post2cat WHERE post_id IN ($post_id_list)");
+	$dogs = $wpdb->get_results("SELECT post_id, category_id FROM $wpdb->post2cat WHERE post_id IN ($post_id_list)");
 
 	if ( empty($dogs) )
 		return;
 
-	foreach ($dogs as $catt) {
-		if ( 'category' == $catt->rel_type )
-			$category_cache[$blog_id][$catt->post_id][$catt->category_id] = &get_category($catt->category_id);
-		elseif ( 'tag' == $catt->rel_type )
-			$tag_cache[$blog_id][$catt->post_id][$catt->category_id] = &get_category($catt->category_id);
-	}
+	foreach ($dogs as $catt)
+		$category_cache[$blog_id][$catt->post_id][$catt->category_id] = &get_category($catt->category_id);
 }
 
 function update_post_caches(&$posts) {
-	global $post_cache, $category_cache, $post_meta_cache, $tag_cache;
+	global $post_cache, $category_cache, $post_meta_cache;
 	global $wpdb, $blog_id;
 
 	// No point in doing all this work if we didn't match any posts.
@@ -768,12 +772,12 @@ add_query_arg(associative_array, oldquery_or_uri)
 function add_query_arg() {
 	$ret = '';
 	if ( is_array(func_get_arg(0)) ) {
-		if ( @func_num_args() < 2 || '' == @func_get_arg(1) )
+		if ( @func_num_args() < 2 || false === @func_get_arg(1) )
 			$uri = $_SERVER['REQUEST_URI'];
 		else
 			$uri = @func_get_arg(1);
 	} else {
-		if ( @func_num_args() < 3 || '' == @func_get_arg(2) )
+		if ( @func_num_args() < 3 || false === @func_get_arg(2) )
 			$uri = $_SERVER['REQUEST_URI'];
 		else
 			$uri = @func_get_arg(2);
@@ -808,9 +812,7 @@ function add_query_arg() {
 		$query = $uri;
 	}
 
-	parse_str($query, $qs);
-	if ( get_magic_quotes_gpc() )
-		$qs = stripslashes_deep($qs); // parse_str() adds slashes if magicquotes is on.  See: http://php.net/parse_str
+	wp_parse_str($query, $qs);
 	$qs = urlencode_deep($qs);
 	if ( is_array(func_get_arg(0)) ) {
 		$kayvees = func_get_arg(0);
@@ -831,7 +833,7 @@ function add_query_arg() {
 	}
 	$ret = trim($ret, '?');
 	$ret = $protocol . $base . $ret . $frag;
-	$ret = trim($ret, '?');
+	$ret = rtrim($ret, '?');
 	return $ret;
 }
 
@@ -845,7 +847,7 @@ remove_query_arg(removekey, [oldquery_or_uri]) or
 remove_query_arg(removekeyarray, [oldquery_or_uri])
 */
 
-function remove_query_arg($key, $query='') {
+function remove_query_arg($key, $query=FALSE) {
 	if ( is_array($key) ) { // removing multiple keys
 		foreach ( (array) $key as $k )
 			$query = add_query_arg($k, FALSE, $query);
@@ -922,10 +924,17 @@ function status_header( $header ) {
 	elseif ( 410 == $header )
 		$text = 'Gone';
 
-	if ( version_compare(phpversion(), '4.3.0', '>=') )
-		@header("HTTP/1.1 $header $text", true, $header);
-	else
-		@header("HTTP/1.1 $header $text");
+	$protocol = $_SERVER["SERVER_PROTOCOL"];
+	if ( ('HTTP/1.1' != $protocol) && ('HTTP/1.0' != $protocol) )
+		$protocol = 'HTTP/1.0';
+	$status_header = "$protocol $header $text";
+	$status_header = apply_filters('status_header', $status_header, $header, $text, $protocol);
+
+	if ( version_compare( phpversion(), '4.3.0', '>=' ) ) {
+		return @header( $status_header, true, $header );
+	} else {
+		return @header( $status_header );
+	}
 }
 
 function nocache_headers() {
@@ -1317,7 +1326,7 @@ function wp_nonce_ays($action) {
 function wp_die( $message, $title = '' ) {
 	global $wp_locale;
 
-	if ( is_wp_error( $message ) ) {
+	if ( function_exists( 'is_wp_error' ) && is_wp_error( $message ) ) {
 		if ( empty($title) ) {
 			$error_data = $message->get_error_data();
 			if ( is_array($error_data) && isset($error_data['title']) )
@@ -1339,15 +1348,18 @@ function wp_die( $message, $title = '' ) {
 		$message = "<p>$message</p>";
 	}
 
+	if (strpos($_SERVER['PHP_SELF'], 'wp-admin') !== false)
+		$admin_dir = '';
+	else
+		$admin_dir = 'wp-admin/';
+
+	if ( !did_action('admin_head') ) :
 	header('Content-Type: text/html; charset=utf-8');
 
 	if ( empty($title) )
 		$title = __('WordPress &rsaquo; Error');
 
-	if (strpos($_SERVER['PHP_SELF'], 'wp-admin') !== false)
-		$admin_dir = '';
-	else
-		$admin_dir = 'wp-admin/';
+
 
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -1362,6 +1374,7 @@ if ( ( $wp_locale ) && ('rtl' == $wp_locale->text_direction) ) : ?>
 <?php endif; ?>
 </head>
 <body>
+<?php endif; ?>
 	<h1 id="logo"><img alt="WordPress" src="<?php echo $admin_dir; ?>images/wordpress-logo.png" /></h1>
 	<?php echo $message; ?>
 
@@ -1468,29 +1481,44 @@ function smilies_init() {
 		);
 	}
 
+	$siteurl = get_option('siteurl');
 	foreach ( (array) $wpsmiliestrans as $smiley => $img ) {
 		$wp_smiliessearch[] = '/(\s|^)'.preg_quote($smiley, '/').'(\s|$)/';
 		$smiley_masked = htmlspecialchars(trim($smiley), ENT_QUOTES);
-		$wp_smiliesreplace[] = " <img src='" . get_option('siteurl') . "/wp-includes/images/smilies/$img' alt='$smiley_masked' class='wp-smiley' /> ";
+		$wp_smiliesreplace[] = " <img src='$siteurl/wp-includes/images/smilies/$img' alt='$smiley_masked' class='wp-smiley' /> ";
 	}
 }
 
 function wp_parse_args( $args, $defaults = '' ) {
-	if ( is_array($args) ) :
+	if ( is_array( $args ) )
 		$r =& $args;
-	else :
-		parse_str( $args, $r );
-		if ( get_magic_quotes_gpc() )
-			$r = stripslashes_deep( $r );
-	endif;
+	else
+		wp_parse_str( $args, $r );
 
-	if ( is_array($defaults) ) :
-		extract($defaults);
-		extract($r);
-		return compact(array_keys($defaults)); // only those options defined in $defaults
-	else :
+	if ( is_array( $defaults ) )
+		return array_merge( $defaults, $r );
+	else
 		return $r;
-	endif;
+}
+
+function wp_maybe_load_widgets() {
+	if ( !function_exists( 'dynamic_sidebar' ) ) {
+		require_once ABSPATH . WPINC . '/widgets.php';
+		add_action( '_admin_menu', 'wp_widgets_add_menu' );
+	}
+}
+
+function wp_widgets_add_menu() {
+	global $submenu;
+	$submenu['themes.php'][7] = array( __( 'Widgets' ), 'switch_themes', 'widgets.php' );
+	ksort($submenu['themes.php'], SORT_NUMERIC);
+}
+
+// For PHP 5.2, make sure all output buffers are flushed
+// before our singletons our destroyed.
+function wp_ob_end_flush_all()
+{
+	while ( @ob_end_flush() );
 }
 
 ?>

wp-includes/general-template.php

@@ -63,8 +63,8 @@ function bloginfo($show='') {
 	$info = get_bloginfo($show);
 	
 	// Don't filter URL's.
-	if (strpos($show, 'url') === false || 
-		strpos($show, 'directory') === false || 
+	if (strpos($show, 'url') === false &&
+		strpos($show, 'directory') === false &&
 		strpos($show, 'home') === false) {
 		$info = apply_filters('bloginfo', $info, $show);
 		$info = convert_chars($info);
@@ -109,6 +109,7 @@ function get_bloginfo($show='') {
 			break;
 		case 'comments_atom_url':
 			$output = get_feed_link('comments_atom');
+			break;
 		case 'comments_rss2_url':
 			$output = get_feed_link('comments_rss2');
 			break;
@@ -217,8 +218,7 @@ function wp_title($sep = '»', $display = true) {
 	// If there is a post
 	if ( is_single() || is_page() ) {
 		$post = $wp_query->get_queried_object();
-		$title = apply_filters('single_post_title', $title);
-		$title = strip_tags($post->post_title);
+		$title = strip_tags( apply_filters( 'single_post_title', $post->post_title ) );
 	}
 
 	$prefix = '';
@@ -322,7 +322,7 @@ function wp_get_archives($args = '') {
 
 	$defaults = array('type' => 'monthly', 'limit' => '', 'format' => 'html', 'before' => '', 'after' => '', 'show_post_count' => false);
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	if ( '' == $type )
 		$type = 'monthly';
@@ -809,9 +809,17 @@ function rich_edit_exists() {
 
 function user_can_richedit() {
 	global $wp_rich_edit, $pagenow;
-
-	if ( !isset($wp_rich_edit) )
-		$wp_rich_edit = ( 'true' == get_user_option('rich_editing') && !preg_match('!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT']) && 'comment.php' != $pagenow && rich_edit_exists() ) ? true : false;
+	
+	if ( !isset( $wp_rich_edit) ) {
+		if ( get_user_option( 'rich_editing' ) == 'true' && 
+			( ( preg_match( '!AppleWebKit/(\d+)!', $_SERVER['HTTP_USER_AGENT'], $match ) && intval($match[1]) >= 420 ) || 
+				!preg_match( '!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT'] ) )
+				&& 'comment.php' != $pagenow ) {
+			$wp_rich_edit = true;
+		} else {
+			$wp_rich_edit = false;
+		}
+	}
 
 	return apply_filters('user_can_richedit', $wp_rich_edit);
 }
@@ -892,10 +900,11 @@ function the_editor($content, $id = 'content', $prev_id = 'title') {
 	//<!--
 	edCanvas = document.getElementById('<?php echo $id; ?>');
 	<?php if ( $prev_id && user_can_richedit() ) : ?>
+	// If tinyMCE is defined.
+	if ( typeof tinyMCE != 'undefined' ) {
 	// This code is meant to allow tabbing from Title to Post (TinyMCE).
-	if ( tinyMCE.isMSIE )
-		document.getElementById('<?php echo $prev_id; ?>').onkeydown = function (e)
-			{
+		if ( tinyMCE.isMSIE ) {
+			document.getElementById('<?php echo $prev_id; ?>').onkeydown = function (e) {
 				e = e ? e : window.event;
 				if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
 					var i = tinyMCE.getInstanceById('<?php echo $id; ?>');
@@ -908,9 +917,8 @@ function the_editor($content, $id = 'content', $prev_id = 'title') {
 					return false;
 				}
 			}
-	else
-		document.getElementById('<?php echo $prev_id; ?>').onkeypress = function (e)
-			{
+		} else {
+			document.getElementById('<?php echo $prev_id; ?>').onkeypress = function (e) {
 				e = e ? e : window.event;
 				if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
 					var i = tinyMCE.getInstanceById('<?php echo $id; ?>');
@@ -923,6 +931,8 @@ function the_editor($content, $id = 'content', $prev_id = 'title') {
 					return false;
 				}
 			}
+		}
+	}
 	<?php endif; ?>
 	//-->
 	</script>
@@ -948,27 +958,24 @@ function language_attributes() {
 	echo $output;
 }
 
-function paginate_links( $arg = '' ) {
-	if ( is_array($arg) )
-		$a = &$arg;
-	else
-		parse_str($arg, $a);
+function paginate_links( $args = '' ) {
+	$defaults = array( 
+		'base' => '%_%', // http://example.com/all_posts.php%_% : %_% is replaced by format (below)
+		'format' => '?page=%#%', // ?page=%#% : %#% is replaced by the page number
+		'total' => 1,
+		'current' => 0,
+		'show_all' => false,
+		'prev_next' => true,
+		'prev_text' => __('&laquo; Previous'),
+		'next_text' => __('Next &raquo;'),
+		'end_size' => 1, // How many numbers on either end including the end
+		'mid_size' => 2, // How many numbers to either side of current not including current
+		'type' => 'plain',
+		'add_args' => false // array of query args to aadd
+	);
 
-	// Defaults
-	$base = '%_%'; // http://example.com/all_posts.php%_% : %_% is replaced by format (below)
-	$format = '?page=%#%'; // ?page=%#% : %#% is replaced by the page number
-	$total = 1;
-	$current = 0;
-	$show_all = false;
-	$prev_next = true;
-	$prev_text = __('&laquo; Previous');
-	$next_text = __('Next &raquo;');
-	$end_size = 1; // How many numbers on either end including the end
-	$mid_size = 2; // How many numbers to either side of current not including current
-	$type = 'plain';
-	$add_args = false; // array of query args to aadd
-
-	extract($a);
+	$args = wp_parse_args( $args, $defaults );
+	extract($args, EXTR_SKIP);
 
 	// Who knows what else people pass in $args
 	$total    = (int) $total;

wp-includes/js/tinymce/themes/advanced/color_picker.htm

@@ -2,12 +2,73 @@
 <head>
 	<title>{$lang_theme_colorpicker_title}</title>
 	<script language="javascript" type="text/javascript" src="../../tiny_mce_popup.js"></script>
+	<script language="javascript" type="text/javascript" src="../../utils/mctabs.js"></script>
 	<script language="javascript" type="text/javascript" src="jscripts/color_picker.js"></script>
+	<link href="css/colorpicker.css" rel="stylesheet" type="text/css" />
 	<base target="_self" />
 </head>
-<body onload="tinyMCEPopup.executeOnLoad('init();');" style="margin: 3px; display: none">
-	<div align="center">
-	   <script language="javascript" type="text/javascript">renderColorMap();</script>
+<body onload="tinyMCEPopup.executeOnLoad('init();');" style="display: none">
+	<div class="tabs">
+		<ul>
+			<li id="picker_tab" class="current"><span><a href="javascript:mcTabs.displayTab('picker_tab','picker_panel');" onmousedown="return false;">{$lang_color_picker_tab}</a></span></li>
+			<li id="rgb_tab"><span><a href="#" onclick="generateWebColors();mcTabs.displayTab('rgb_tab','rgb_panel');" onmousedown="return false;">{$lang_web_colors_tab}</a></span></li>
+			<li id="named_tab"><span><a  href="#" onclick="generateNamedColors();javascript:mcTabs.displayTab('named_tab','named_panel');" onmousedown="return false;">{$lang_named_colors_tab}</a></span></li>
+		</ul>
+	</div>
+
+	<div class="panel_wrapper">
+		<div id="picker_panel" class="panel current">
+			<fieldset>
+				<legend>{$lang_color_picker}</legend>
+				<div id="picker">
+					<img id="colorpicker" src="images/colors.jpg" onclick="computeColor(event)" onmousedown="isMouseDown = true;return false;" onmouseup="isMouseDown = false;" onmousemove="if (isMouseDown && isMouseOver) computeColor(event); return false;" onmouseover="isMouseOver=true;" onmouseout="isMouseOver=false;" />
+
+					<div id="light">
+						<!-- Will be filled with divs -->
+					</div>
+
+					<br style="clear: both" />
+				</div>
+			</fieldset>
+		</div>
+
+		<div id="rgb_panel" class="panel">
+			<fieldset>
+				<legend>{$lang_web_colors}</legend>
+				<div id="webcolors">
+					<!-- Gets filled with web safe colors-->
+				</div>
+
+				<br style="clear: both" />
+			</fieldset>
+		</div>
+
+		<div id="named_panel" class="panel">
+			<fieldset>
+				<legend>{$lang_named_colors}</legend>
+				<div id="namedcolors">
+					<!-- Gets filled with named colors-->
+				</div>
+
+				<br style="clear: both" />
+
+				<div id="colornamecontainer">
+					{$lang_color_name} <span id="colorname"></span>
+				</div>
+			</fieldset>
+		</div>
+	</div>
+
+	<div class="mceActionPanel">
+		<div style="float: left">
+			<input type="button" id="insert" name="insert" value="{$lang_theme_colorpicker_apply}" onclick="insertAction();" />
+		</div>
+
+		<div id="preview"></div>
+
+		<div id="previewblock">
+			<label for="color">{$lang_color}</label> <input id="color" type="text" size="8" maxlength="8" class="text" />
+		</div>
 	</div>
 </body>
 </html>

wp-includes/js/tinymce/themes/advanced/css/colorpicker.css

@@ -0,0 +1,53 @@
+/* Colorpicker dialog specific CSS */
+
+#preview {
+	float: right;
+	width: 50px;
+	height: 14px;
+	line-height: 1px;
+	border: 1px solid black;
+	margin-left: 5px;
+}
+
+#colorpicker {
+	float: left;
+	cursor: crosshair;
+}
+
+#light {
+	border: 1px solid gray;
+	margin-left: 5px;
+	float: left;
+	width: 15px;
+	cursor: crosshair;
+}
+
+#light div {
+	overflow: hidden;
+}
+
+#previewblock {
+	float: right;
+	padding-left: 10px;
+	height: 20px;
+}
+
+.panel_wrapper div.current {
+	height: 175px;
+}
+
+#namedcolors {
+	width: 150px;
+}
+
+#namedcolors a {
+	display: block;
+	float: left;
+	width: 10px; height: 10px;
+	margin: 1px 1px 0 0;
+	overflow: hidden;
+}
+
+#colornamecontainer {
+	margin-top: 5px;
+}

wp-includes/js/tinymce/tiny_mce_gzip.php

@@ -84,7 +84,7 @@
 	if (isset($_SERVER['HTTP_ACCEPT_ENCODING']))
 		$encodings = explode(',', strtolower(preg_replace("/\s+/", "", $_SERVER['HTTP_ACCEPT_ENCODING'])));
 
-	if ((in_array('gzip', $encodings) || in_array('x-gzip', $encodings) || isset($_SERVER['---------------'])) && function_exists('ob_gzhandler') && !ini_get('zlib.output_compression')) {
+	if ((in_array('gzip', $encodings) || in_array('x-gzip', $encodings) || isset($_SERVER['---------------'])) && function_exists('ob_gzhandler') && !ini_get('zlib.output_compression') && ini_get('output_handler') != 'ob_gzhandler') {
 		$enc = in_array('x-gzip', $encodings) ? "x-gzip" : "gzip";
 		$supportsGzip = true;
 	}

wp-includes/js/wp-ajax.js

@@ -27,9 +27,9 @@ Object.extend(WPAjax.prototype, {
 		this.getResponseElement(responseEl);
 	},
 	addArg: function(key, value) {
-		var a = [];
+		var a = $H();
 		a[encodeURIComponent(key)] = encodeURIComponent(value);
-		this.options.parameters = $H(this.options.parameters).merge($H(a));
+		this.options.parameters = $H(this.options.parameters).merge(a);
 	},
 	getResponseElement: function(r) {
 		var p = $(r + '-p');

wp-includes/link-template.php

@@ -59,7 +59,6 @@ function get_permalink($id = 0) {
 		'%postname%',
 		'%post_id%',
 		'%category%',
-		'%tag%',
 		'%author%',
 		'%pagename%'
 	);
@@ -78,6 +77,8 @@ function get_permalink($id = 0) {
 		$category = '';
 		if (strpos($permalink, '%category%') !== false) {
 			$cats = get_the_category($post->ID);
+			if ( $cats )
+				usort($cats, '_get_the_category_usort_by_ID'); // order by ID
 			$category = $cats[0]->category_nicename;
 			if ( $parent=$cats[0]->category_parent )
 				$category = get_category_parents($parent, FALSE, '/', TRUE) . $category;
@@ -481,7 +482,6 @@ function get_pagenum_link($pagenum = 1) {
 	$qstr = preg_replace('|^/+|', '', $qstr);
 	if ( $permalink )
 		$qstr = user_trailingslashit($qstr, 'paged');
-	$qstr = preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', trailingslashit( get_option('home') ) . $qstr );
 
 	// showing /page/1/ or ?paged=1 is redundant
 	if ( 1 === $pagenum ) {
@@ -489,6 +489,9 @@ function get_pagenum_link($pagenum = 1) {
 		$qstr = str_replace(user_trailingslashit('page/1', 'paged'), '', $qstr); // for mod_rewrite style
 		$qstr = remove_query_arg('paged', $qstr); // for query style
 	}
+
+	$qstr = preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', trailingslashit( get_option('home') ) . $qstr );
+
 	return $qstr;
 }
 

wp-includes/pluggable.php

@@ -121,6 +121,8 @@ function get_userdatabylogin($user_login) {
 	if ( $userdata )
 		return $userdata;
 
+	$user_login = $wpdb->escape($user_login);
+
 	if ( !$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'") )
 		return false;
 
@@ -154,7 +156,7 @@ function get_userdatabylogin($user_login) {
 }
 endif;
 
-if ( !function_exists('wp_mail') ) :
+if ( !function_exists( 'wp_mail' ) ) :
 function wp_mail($to, $subject, $message, $headers = '') {
 	global $phpmailer;
 
@@ -166,7 +168,7 @@ function wp_mail($to, $subject, $message, $headers = '') {
 
 	$mail = compact('to', 'subject', 'message', 'headers');
 	$mail = apply_filters('wp_mail', $mail);
-	extract($mail);
+	extract($mail, EXTR_SKIP);
 
 	if ( $headers == '' ) {
 		$headers = "MIME-Version: 1.0\n" .
@@ -222,6 +224,8 @@ if ( !function_exists('wp_login') ) :
 function wp_login($username, $password, $already_md5 = false) {
 	global $wpdb, $error;
 
+	$username = sanitize_user($username);
+
 	if ( '' == $username )
 		return false;
 

wp-includes/plugin.php

@@ -136,6 +136,11 @@ function add_action($tag, $function_to_add, $priority = 10, $accepted_args = 1)
 function do_action($tag, $arg = '') {
 	global $wp_filter, $wp_actions;
 
+	if ( is_array($wp_actions) )
+		$wp_actions[] = $tag;
+	else
+		$wp_actions = array($tag);
+
 	$args = array();
 	if ( is_array($arg) && 1 == count($arg) && is_object($arg[0]) ) // array(&$this)
 		$args[] =& $arg[0];
@@ -156,20 +161,19 @@ function do_action($tag, $arg = '') {
 
 	} while ( next($wp_filter[$tag]) );
 
-	if ( is_array($wp_actions) )
-		$wp_actions[] = $tag;
-	else
-		$wp_actions = array($tag);
 }
 
 /**
- * Return the number of functions hooked to a specific action hook.
+ * Return the number times an action is fired.
  * @param string $tag The name of the action hook.
- * @return int The number of functions hooked to action hook <tt>$tag</tt>
+ * @return int The number of times action hook <tt>$tag</tt> is fired
  */
 function did_action($tag) {
 	global $wp_actions;
 
+	if ( empty($wp_actions) )
+		return 0;
+
 	return count(array_keys($wp_actions, $tag));
 }
 

wp-includes/post-template.php

@@ -141,7 +141,7 @@ function wp_link_pages($args = '') {
 	$defaults = array('before' => '<p>' . __('Pages:'), 'after' => '</p>', 'next_or_number' => 'number', 'nextpagelink' => __('Next page'),
 			'previouspagelink' => __('Previous page'), 'pagelink' => '%', 'more_file' => '', 'echo' => 1);
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	global $id, $page, $numpages, $multipage, $more, $pagenow;
 	if ( $more_file != '' )
@@ -255,7 +255,7 @@ function wp_dropdown_pages($args = '') {
 	$defaults = array('depth' => 0, 'child_of' => 0, 'selected' => 0, 'echo' => 1,
 		'name' => 'page_id', 'show_option_none' => '');
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$pages = get_pages($r);
 	$output = '';

wp-includes/post.php

@@ -182,7 +182,7 @@ function get_posts($args) {
 		'orderby' => 'post_date', 'order' => 'DESC', 'include' => '', 'exclude' => '',
 		'meta_key' => '', 'meta_value' =>'', 'post_type' => 'post', 'post_status' => 'publish', 'post_parent' => 0);
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 	$numberposts = (int) $numberposts;
 	$offset = (int) $offset;
 	$category = (int) $category;
@@ -225,14 +225,6 @@ function get_posts($args) {
 	if (!empty($exclusions))
 		$exclusions .= ')';
 
-	$query ="SELECT DISTINCT * FROM $wpdb->posts " ;
-	$query .= ( empty( $category ) ? "" : ", $wpdb->post2cat " );
-	$query .= ( empty( $meta_key ) ? "" : ", $wpdb->postmeta " );
-	$query .= " WHERE (post_type = 'post' AND post_status = 'publish') $exclusions $inclusions ";
-	$query .= ( empty( $category ) ? "" : "AND ($wpdb->posts.ID = $wpdb->post2cat.post_id AND $wpdb->post2cat.category_id = " . $category. ") " );
-	$query .= ( empty( $meta_key ) | empty($meta_value)  ? "" : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )" );
-	$query .= " GROUP BY $wpdb->posts.ID ORDER BY " . $orderby . " " . $order . " LIMIT " . $offset . ',' . $numberposts;
-
 	$query  = "SELECT DISTINCT * FROM $wpdb->posts ";
 	$query .= empty( $category ) ? '' : ", $wpdb->post2cat "; 
 	$query .= empty( $meta_key ) ? '' : ", $wpdb->postmeta ";
@@ -458,17 +450,6 @@ function wp_get_post_categories($post_id = 0) {
 	return array_unique($cat_ids);
 }
 
-function wp_get_post_tags( $post_id = 0 ) {
-	global $tag_cache, $blog_id;
-
-	$post_id = (int) $post_id;
-	
-	if ( !isset( $tag_cache[$blog_id][$post_id] ) )
-		update_post_category_cache( $post_id ); // loads $tag_cache
-
-	return $tag_cache[$blog_id][$post_id];
-}
-
 function wp_get_recent_posts($num = 10) {
 	global $wpdb;
 
@@ -509,7 +490,7 @@ function wp_insert_post($postarr = array()) {
 		$postarr = get_object_vars($postarr);
 
 	// export array as variables
-	extract($postarr);
+	extract($postarr, EXTR_SKIP);
 
 	// Are we updating or creating?
 	$update = false;
@@ -530,7 +511,6 @@ function wp_insert_post($postarr = array()) {
 		$post_name       = apply_filters('name_save_pre',      $post_name);
 		$comment_status  = apply_filters('comment_status_pre', $comment_status);
 		$ping_status     = apply_filters('ping_status_pre',    $ping_status);
-		$tags_input      = apply_filters('tags_input_pre',     $tags_input);
 	}
 
 	if ( ('' == $post_content) && ('' == $post_title) && ('' == $post_excerpt) )
@@ -665,8 +645,7 @@ function wp_insert_post($postarr = array()) {
 		$wpdb->query( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = '$post_ID'" );
 	}
 
-	wp_set_post_categories( $post_ID, $post_category );
-	wp_set_post_tags( $post_ID, $tags_input );
+	wp_set_post_categories($post_ID, $post_category);
 
 	if ( 'page' == $post_type ) {
 		clean_page_cache($post_ID);
@@ -784,90 +763,6 @@ function wp_publish_post($post_id) {
 	return wp_update_post(array('post_status' => 'publish', 'ID' => $post_id, 'no_filter' => true));
 }
 
-function wp_add_post_tags($post_id = 0, $tags = '') {
-	return wp_set_post_tags($post_id, $tags, true);
-}
-
-function wp_set_post_tags( $post_id = 0, $tags = '', $append = false ) {
-	/* $append - true = don't delete existing tags, just add on, false = replace the tags with the new tags */
-	global $wpdb;
-	
-	$post_id = (int) $post_id;
-	
-	if ( !$post_id )
-		return false;
-	
-	// prevent warnings for unintialized variables
-	$tag_ids = array();
-
-	if ( empty($tags) )
-		$tags = array();
-	$tags = (is_array($tags)) ? $tags : explode( ',', $tags );
-	
-	foreach ( $tags as $tag ) {
-		$tag = trim( $tag );
-		if ( !$tag_slug = sanitize_title( $tag ) )
-			continue; // discard
-		if ( !$tag_id = tag_exists( $tag ) )
-			$tag_id = wp_create_tag( $tag );
-		$tag_ids[] = $tag_id;
-	}
-
-	if ( empty($tag_ids) && ( !empty($tags) || $append ) )
-		return false;
-	
-	$tag_ids = array_unique( $tag_ids );
-	
-	// First the old tags
-	$old_tags = $wpdb->get_col("
-		SELECT category_id
-		FROM $wpdb->post2cat
-		WHERE post_id = '$post_id' AND rel_type = 'tag'");
-	
-	if ( !$old_tags ) {
-		$old_tags = array();
-	} else {
-		$old_tags = array_unique( $old_tags );
-	}
-	
-	// Delete any?
-	$delete_tags = array_diff( $old_tags, $tag_ids);
-	if ( $delete_tags && !$append ) {
-		foreach ( $delete_tags as $del ) {
-			$wpdb->query("
-				DELETE FROM $wpdb->post2cat
-				WHERE category_id = '$del'
-					AND post_id = '$post_id'
-					AND rel_type = 'tag'
-				");
-		}
-	}
-	
-	// Add any?
-	$add_tags = array_diff( $tag_ids, $old_tags );
-	if ( $add_tags ) {
-		foreach ( $add_tags as $new_tag ) {
-			$new_tag = (int) $new_tag;
-			if ( !empty($new_tag) )
-				$wpdb->query("
-					INSERT INTO $wpdb->post2cat (post_id, category_id, rel_type) 
-					VALUES ('$post_id', '$new_tag', 'tag')");
-		}
-	}
-	
-	// Update category counts.
-	$all_affected_tags = array_unique( array_merge( $tag_ids, $old_tags ) );
-	foreach ( $all_affected_tags as $tag_id ) {
-		$count = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->post2cat, $wpdb->posts WHERE $wpdb->posts.ID=$wpdb->post2cat.post_id AND post_status = 'publish' AND post_type = 'post' AND category_id = '$tag_id' AND rel_type = 'tag'" );
-		$wpdb->query( "UPDATE $wpdb->categories SET tag_count = '$count', type = type | " . TAXONOMY_TAG . " WHERE cat_ID = '$tag_id'" );
-		if ( $count == 0 )
-			$wpdb->query( "UPDATE $wpdb->categories SET type = type & ~". TAXONOMY_TAG . " WHERE cat_ID = '$tag_id'" );
-		clean_category_cache( $tag_id );
-		do_action( 'edit_category', $tag_id );
-		do_action( 'edit_tag', $tag_id );
-	}
-}
-
 function wp_set_post_categories($post_ID = 0, $post_categories = array()) {
 	global $wpdb;
 
@@ -882,7 +777,7 @@ function wp_set_post_categories($post_ID = 0, $post_categories = array()) {
 	$old_categories = $wpdb->get_col("
 		SELECT category_id
 		FROM $wpdb->post2cat
-		WHERE post_id = '$post_ID' AND rel_type = 'category'");
+		WHERE post_id = '$post_ID'");
 
 	if (!$old_categories) {
 		$old_categories = array();
@@ -898,7 +793,7 @@ function wp_set_post_categories($post_ID = 0, $post_categories = array()) {
 			$wpdb->query("
 				DELETE FROM $wpdb->post2cat
 				WHERE category_id = '$del'
-					AND post_id = '$post_ID' AND rel_type = 'category'
+					AND post_id = '$post_ID'
 				");
 		}
 	}
@@ -919,8 +814,8 @@ function wp_set_post_categories($post_ID = 0, $post_categories = array()) {
 	// Update category counts.
 	$all_affected_cats = array_unique(array_merge($post_categories, $old_categories));
 	foreach ( $all_affected_cats as $cat_id ) {
-		$count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->post2cat, $wpdb->posts WHERE $wpdb->posts.ID=$wpdb->post2cat.post_id AND post_status = 'publish' AND post_type = 'post' AND category_id = '$cat_id' AND rel_type = 'category'");
-		$wpdb->query("UPDATE $wpdb->categories SET category_count = '$count', type = type | " . TAXONOMY_CATEGORY . " WHERE cat_ID = '$cat_id'");
+		$count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->post2cat, $wpdb->posts WHERE $wpdb->posts.ID=$wpdb->post2cat.post_id AND post_status = 'publish' AND post_type = 'post' AND category_id = '$cat_id'");
+		$wpdb->query("UPDATE $wpdb->categories SET category_count = '$count' WHERE cat_ID = '$cat_id'");
 		clean_category_cache($cat_id);
 		do_action('edit_category', $cat_id);
 	}
@@ -986,7 +881,7 @@ function trackback_url_list($tb_list, $post_id) {
 		$postdata = wp_get_single_post($post_id, ARRAY_A);
 
 		// import postdata as variables
-		extract($postdata);
+		extract($postdata, EXTR_SKIP);
 
 		// form an excerpt
 		$excerpt = strip_tags($post_excerpt?$post_excerpt:$post_content);
@@ -1172,7 +1067,7 @@ function &get_pages($args = '') {
 	$defaults = array('child_of' => 0, 'sort_order' => 'ASC', 'sort_column' => 'post_title',
 				'hierarchical' => 1, 'exclude' => '', 'include' => '', 'meta_key' => '', 'meta_value' => '', 'authors' => '');
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$key = md5( serialize( $r ) );
 	if ( $cache = wp_cache_get( 'get_pages', 'page' ) )
@@ -1326,7 +1221,7 @@ function wp_insert_attachment($object, $file = false, $post_parent = 0) {
 		$object = get_object_vars($object);
 
 	// Export array as variables
-	extract($object);
+	extract($object, EXTR_SKIP);
 
 	// Get the basics.
 	$post_content    = apply_filters('content_save_pre',   $post_content);

wp-includes/query.php

@@ -86,20 +86,6 @@ function is_category ($category = '') {
 	return false;
 }
 
-function is_tag( $slug = '' ) {
-	global $wp_query;
-	if ( !$wp_query->is_tag )
-		return false;
-
-	if ( empty( $slug ) )
-		return true;
-
-	$cat_obj = $wp_query->get_queried_object();
-	if ( $category == $cat_obj->category_nicename )
-		return true;
-	return false;
-}
-
 function is_comments_popup () {
 	global $wp_query;
 
@@ -319,7 +305,6 @@ class WP_Query {
 	var $is_time = false;
 	var $is_author = false;
 	var $is_category = false;
-	var $is_tag = false;
 	var $is_search = false;
 	var $is_feed = false;
 	var $is_comment_feed = false;
@@ -344,7 +329,6 @@ class WP_Query {
 		$this->is_time = false;
 		$this->is_author = false;
 		$this->is_category = false;
-		$this->is_tag = false;
 		$this->is_search = false;
 		$this->is_feed = false;
 		$this->is_comment_feed = false;
@@ -399,7 +383,6 @@ class WP_Query {
 			, 'year'
 			, 'w'
 			, 'category_name'
-			, 'tag'
 			, 'author_name'
 			, 'feed'
 			, 'tb'
@@ -548,9 +531,6 @@ class WP_Query {
 				$this->is_category = true;
 			}
 
-			if (  '' != $qv['tag'] )
-				$this->is_tag = true;
-
 			if ( empty($qv['author']) || ($qv['author'] == '0') ) {
 				$this->is_author = false;
 			} else {
@@ -561,7 +541,7 @@ class WP_Query {
 				$this->is_author = true;
 			}
 
-			if ( ($this->is_date || $this->is_author || $this->is_category || $this->is_tag ) )
+			if ( ($this->is_date || $this->is_author || $this->is_category) )
 				$this->is_archive = true;
 		}
 
@@ -857,7 +837,7 @@ class WP_Query {
 			$in_cats = substr($in_cats, 0, -2);
 			$out_cats = substr($out_cats, 0, -2);
 			if ( strlen($in_cats) > 0 )
-				$in_cats = " AND $wpdb->post2cat.category_id IN ($in_cats) AND rel_type = 'category' ";
+				$in_cats = " AND $wpdb->post2cat.category_id IN ($in_cats)";
 			if ( strlen($out_cats) > 0 ) {
 				$ids = $wpdb->get_col("SELECT post_id FROM $wpdb->post2cat WHERE $wpdb->post2cat.category_id IN ($out_cats)");
 				if ( is_array($ids) && count($ids > 0) ) {
@@ -874,21 +854,6 @@ class WP_Query {
 			$groupby = "{$wpdb->posts}.ID";
 		}
 
-		if ( '' != $q['tag'] ) {
-			$reqcat= get_category_by_slug( $q['tag'] );
-			if ( !empty($reqcat) )
-				$reqcat = $reqcat->cat_ID;
-			else
-				$reqcat = 0;
-
-			$q['cat'] = $reqcat;
-
-			$tables = ", $wpdb->post2cat, $wpdb->categories";
-			$join = " LEFT JOIN $wpdb->post2cat ON ($wpdb->posts.ID = $wpdb->post2cat.post_id) LEFT JOIN $wpdb->categories ON ($wpdb->post2cat.category_id = $wpdb->categories.cat_ID) ";
-			$whichcat = " AND category_id IN ({$q['cat']}) AND rel_type = 'tag' ";
-			$groupby = "{$wpdb->posts}.ID";
-		}
-
 		// Category stuff for nice URLs
 		if ( '' != $q['category_name'] ) {
 			$reqcat = get_category_by_path($q['category_name']);
@@ -919,7 +884,7 @@ class WP_Query {
 			$whichcat = " AND category_id IN ({$q['cat']}, ";
 			$whichcat .= get_category_children($q['cat'], '', ', ');
 			$whichcat = substr($whichcat, 0, -2);
-			$whichcat .= ") AND rel_type = 'category'";
+			$whichcat .= ")";
 			$groupby = "{$wpdb->posts}.ID";
 		}
 

wp-includes/registration.php

@@ -32,7 +32,7 @@ function validate_username( $username ) {
 function wp_insert_user($userdata) {
 	global $wpdb;
 
-	extract($userdata);
+	extract($userdata, EXTR_SKIP);
 
 	// Are we updating or creating?
 	if ( !empty($ID) ) {

wp-includes/rewrite.php

@@ -46,12 +46,11 @@ define('EP_ROOT',       64  );
 define('EP_COMMENTS',   128 );
 define('EP_SEARCH',     256 );
 define('EP_CATEGORIES', 512 );
-define('EP_TAGS', 1024 );
-define('EP_AUTHORS',    2048);
-define('EP_PAGES',      4096);
+define('EP_AUTHORS',    1024);
+define('EP_PAGES',      2048);
 //pseudo-places
 define('EP_NONE',       0  );
-define('EP_ALL',        8191);
+define('EP_ALL',        4095);
 
 //and an endpoint, like /trackback/
 function add_rewrite_endpoint($name, $places) {
@@ -153,9 +152,7 @@ class WP_Rewrite {
 	var $permalink_structure;
 	var $use_trailing_slashes;
 	var $category_base;
-	var $tag_base;
 	var $category_structure;
-	var $tag_structure;
 	var $author_base = 'author';
 	var $author_structure;
 	var $date_structure;
@@ -186,7 +183,6 @@ class WP_Rewrite {
 					'%postname%',
 					'%post_id%',
 					'%category%',
-					'%tag%',
 					'%author%',
 					'%pagename%',
 					'%search%'
@@ -203,7 +199,6 @@ class WP_Rewrite {
 					'([^/]+)',
 					'([0-9]+)',
 					'(.+?)',
-					'(.+?)',
 					'([^/]+)',
 					'([^/]+)',
 					'(.+)'
@@ -220,7 +215,6 @@ class WP_Rewrite {
 					'name=',
 					'p=',
 					'category_name=',
-					'tag=',
 					'author_name=',
 					'pagename=',
 					's='
@@ -386,26 +380,6 @@ class WP_Rewrite {
 		return $this->category_structure;
 	}
 
-	function get_tag_permastruct() {
-		if (isset($this->tag_structure)) {
-			return $this->tag_structure;
-		}
-
-		if (empty($this->permalink_structure)) {
-			$this->tag_structure = '';
-			return false;
-		}
-
-		if (empty($this->tag_base))
-			$this->tag_structure = $this->front . 'tag/';
-		else
-			$this->tag_structure = $this->tag_base . '/';
-
-		$this->tag_structure .= '%tag%';
-
-		return $this->tag_structure;
-	}
-
 	function get_author_permastruct() {
 		if (isset($this->author_structure)) {
 			return $this->author_structure;
@@ -762,10 +736,6 @@ class WP_Rewrite {
 		$category_rewrite = $this->generate_rewrite_rules($this->get_category_permastruct(), EP_CATEGORIES);
 		$category_rewrite = apply_filters('category_rewrite_rules', $category_rewrite);
 
-		// Tags
-		$tag_rewrite = $this->generate_rewrite_rules($this->get_tag_permastruct(), EP_TAGS);
-		$tag_rewrite = apply_filters('tag_rewrite_rules', $tag_rewrite);
-
 		// Authors
 		$author_rewrite = $this->generate_rewrite_rules($this->get_author_permastruct(), EP_AUTHORS);
 		$author_rewrite = apply_filters('author_rewrite_rules', $author_rewrite);
@@ -775,7 +745,7 @@ class WP_Rewrite {
 		$page_rewrite = apply_filters('page_rewrite_rules', $page_rewrite);
 
 		// Put them together.
-		$this->rules = array_merge($robots_rewrite, $default_feeds, $page_rewrite, $root_rewrite, $comments_rewrite, $search_rewrite, $category_rewrite, $tag_rewrite, $author_rewrite, $date_rewrite, $post_rewrite, $this->extra_rules);
+		$this->rules = array_merge($robots_rewrite, $default_feeds, $page_rewrite, $root_rewrite, $comments_rewrite, $search_rewrite, $category_rewrite, $author_rewrite, $date_rewrite, $post_rewrite, $this->extra_rules);
 
 		do_action_ref_array('generate_rewrite_rules', array(&$this));
 		$this->rules = apply_filters('rewrite_rules_array', $this->rules);
@@ -901,8 +871,7 @@ class WP_Rewrite {
 		if ($this->using_index_permalinks()) {
 			$this->root = $this->index . '/';
 		}
-		$this->category_base = get_option( 'category_base' );
-		$this->tag_base = get_option( 'tag_base' );
+		$this->category_base = get_option('category_base');
 		unset($this->category_structure);
 		unset($this->author_structure);
 		unset($this->date_structure);
@@ -927,13 +896,6 @@ class WP_Rewrite {
 		}
 	}
 
-	function set_tag_base( $tag_base ) {
-		if ( $tag_base != $this->tag_base ) {
-			update_option( 'tag_base', $tag_base );
-			$this->init();
-		}
-	}
-
 	function WP_Rewrite() {
 		$this->init();
 	}

wp-includes/template-loader.php

@@ -35,9 +35,6 @@ if ( defined('WP_USE_THEMES') && constant('WP_USE_THEMES') ) {
 	} else if ( is_category() && $template = get_category_template()) {
 		include($template);
 		return;
-	} else if ( is_tag() && $template = get_tag_template()) {
-		include($template);
-		return;
 	} else if ( is_author() && $template = get_author_template() ) {
 		include($template);
 		return;

wp-includes/theme.php

@@ -79,6 +79,7 @@ function get_theme_data( $theme_file ) {
 	$name = trim( $name );
 	$theme = $name;
 	$theme_uri = trim( $theme_uri[1] );
+	$template = trim( $template[1] );
 
 	if ( '' == $author_uri[1] ) {
 		$author = trim( $author_name[1] );
@@ -86,7 +87,7 @@ function get_theme_data( $theme_file ) {
 		$author = '<a href="' . trim( $author_uri[1] ) . '" title="' . __('Visit author homepage') . '">' . trim( $author_name[1] ) . '</a>';
 	}
 
-	return array( 'Name' => $name, 'Title' => $theme, 'URI' => $theme_uri, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1], 'Status' => $status );
+	return array( 'Name' => $name, 'Title' => $theme, 'URI' => $theme_uri, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template, 'Status' => $status );
 }
 
 function get_themes() {
@@ -163,6 +164,7 @@ function get_themes() {
 		$template    = $theme_data['Template'];
 		$stylesheet  = dirname($theme_file);
 
+		$screenshot = false;
 		foreach ( array('png', 'gif', 'jpg', 'jpeg') as $ext ) {
 			if (file_exists("$theme_root/$stylesheet/screenshot.$ext")) {
 				$screenshot = "screenshot.$ext";
@@ -328,17 +330,6 @@ function get_category_template() {
 	return apply_filters('category_template', $template);
 }
 
-function get_tag_template() {
-	$template = '';
-	if ( file_exists(TEMPLATEPATH . "/tag-" . get_query_var('tag') . '.php') )
-		$template = TEMPLATEPATH . "/tag-" . get_query_var('tag') . '.php';
-	elseif ( file_exists(TEMPLATEPATH . "/tag.php") )
-		$template = TEMPLATEPATH . "/tag.php";
-
-	return apply_filters('tag_template', $template);
-}
-
-
 function get_date_template() {
 	return get_query_template('date');
 }

wp-includes/version.php

@@ -2,7 +2,7 @@
 
 // This holds the version number in a separate file so we can bump it without cluttering the SVN
 
-$wp_version = '2.2-almost-beta';
+$wp_version = '2.2.2';
 $wp_db_version = 5183;
 
 ?>

wp-includes/widgets.php

@@ -0,0 +1,996 @@
+<?php
+
+/* Global Variables */
+
+global $wp_registered_sidebars, $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_styles, $wp_registered_widget_defaults;
+
+$wp_registered_sidebars = array();
+$wp_registered_widgets = array();
+$wp_registered_widget_controls = array();
+$wp_registered_widget_styles = array();
+$wp_register_widget_defaults = false;
+
+/* Template tags & API functions */
+
+function register_sidebars($number = 1, $args = array()) {
+	$number = (int) $number;
+
+	if ( is_string($args) )
+		parse_str($args, $args);
+
+	$i = 1;
+
+	while ( $i <= $number ) {
+		$_args = $args;
+		if ( $number > 1 ) {
+			$_args['name'] = isset($args['name']) ? $args['name'] : sprintf(__('Sidebar %d'), $i);
+		} else {
+			$_args['name'] = isset($args['name']) ? $args['name'] : __('Sidebar');
+		}
+		$_args['id'] = isset($args['id']) ? $args['id'] : "sidebar-$i";
+		register_sidebar($_args);
+		++$i;
+	}
+}
+
+function register_sidebar($args = array()) {
+	global $wp_registered_sidebars;
+
+	if ( is_string($args) )
+		parse_str($args, $args);
+
+	$i = count($wp_registered_sidebars) + 1;
+
+	$defaults = array(
+		'name' => sprintf(__('Sidebar %d'), $i ),
+		'id' => "sidebar-$i",
+		'before_widget' => '<li id="%1$s" class="widget %2$s">',
+		'after_widget' => "</li>\n",
+		'before_title' => '<h2 class="widgettitle">',
+		'after_title' => "</h2>\n",
+	);
+
+	$sidebar = array_merge($defaults, $args);
+
+	$wp_registered_sidebars[$sidebar['id']] = $sidebar;
+
+	return $sidebar['id'];
+}
+
+function unregister_sidebar( $name ) {
+	global $wp_registered_sidebars;
+		
+	if ( isset( $wp_registered_sidebars[$name] ) )
+		unset( $wp_registered_sidebars[$name] );
+}
+
+function register_sidebar_widget($name, $output_callback, $classname = '') {
+	// Compat
+	if ( is_array($name) ) {
+		if ( count($name) == 3 )
+			$name = sprintf($name[0], $name[2]);
+		else
+			$name = $name[0];
+	}
+
+	$id = sanitize_title($name);
+	$options = array();
+	if ( !empty($classname) && is_string($classname) )
+		$options['classname'] = $classname;
+	$params = array_slice(func_get_args(), 2);
+	$args = array($id, $name, $output_callback, $options);
+	if ( !empty($params) )
+		$args = array_merge($args, $params);
+
+	call_user_func_array('wp_register_sidebar_widget', $args);
+}
+
+function wp_register_sidebar_widget($id, $name, $output_callback, $options = array()) {
+
+	global $wp_registered_widgets, $wp_register_widget_defaults;
+
+	$id = sanitize_title($id);
+
+	if ( empty($output_callback) ) {
+		unset($wp_registered_widgets[$id]);
+		return;
+	}
+
+	$defaults = array('classname' => $output_callback);
+	$options = wp_parse_args($options, $defaults);
+	$widget = array(
+		'name' => $name,
+		'id' => $id,
+		'callback' => $output_callback,
+		'params' => array_slice(func_get_args(), 4)
+	);
+	$widget = array_merge($widget, $options);
+
+	if ( is_callable($output_callback) && ( !isset($wp_registered_widgets[$id]) || !$wp_register_widget_defaults) )
+		$wp_registered_widgets[$id] = $widget;
+}
+
+function unregister_sidebar_widget($id) {
+	return wp_unregister_sidebar_widget($id);
+}
+
+function wp_unregister_sidebar_widget($id) {
+	wp_register_sidebar_widget($id, '', '');
+	wp_unregister_widget_control($id);
+}
+
+function register_widget_control($name, $control_callback, $width = '', $height = '') {
+	// Compat
+	if ( is_array($name) ) {
+		if ( count($name) == 3 )
+			$name = sprintf($name[0], $name[2]);
+		else
+			$name = $name[0];
+	}
+
+	$id = sanitize_title($name);
+	$options = array();
+	if ( !empty($width) )
+		$options['width'] = $width;
+	if ( !empty($height) )
+		$options['height'] = $height;
+	$params = array_slice(func_get_args(), 4);
+	$args = array($id, $name, $control_callback, $options);
+	if ( !empty($params) )
+		$args = array_merge($args, $params);
+
+	call_user_func_array('wp_register_widget_control', $args);
+}
+
+function wp_register_widget_control($id, $name, $control_callback, $options = array()) {
+	global $wp_registered_widget_controls, $wp_register_widget_defaults;
+
+	$id = sanitize_title($id);
+
+	if ( empty($control_callback) ) {
+		unset($wp_registered_widget_controls[$id]);
+		return;
+	}
+
+	if ( isset($wp_registered_widget_controls[$id]) && $wp_register_widget_defaults )
+		return;
+
+	$defaults = array('width' => 300, 'height' => 200);
+	$options = wp_parse_args($options, $defaults);
+	$options['width'] = (int) $options['width'];
+	$options['height'] = (int) $options['height'];
+	$options['width'] = $options['width'] > 90 ? $options['width'] + 60 : 360;
+	$options['height'] = $options['height'] > 60 ? $options['height'] + 40 : 240;
+
+	$widget = array(
+		'name' => $name,
+		'id' => $id,
+		'callback' => $control_callback,
+		'params' => array_slice(func_get_args(), 4)
+	);
+	$widget = array_merge($widget, $options);
+
+	$wp_registered_widget_controls[$id] = $widget;
+}
+
+function unregister_widget_control($id) {
+	return wp_unregister_widget_control($id);
+}
+
+function wp_unregister_widget_control($id) {
+	return wp_register_widget_control($id, '', '');
+}
+
+function dynamic_sidebar($index = 1) {
+	global $wp_registered_sidebars, $wp_registered_widgets;
+
+	if ( is_int($index) ) {
+		$index = "sidebar-$index";
+	} else {
+		$index = sanitize_title($index);
+		foreach ( $wp_registered_sidebars as $key => $value ) {
+			if ( sanitize_title($value['name']) == $index ) {
+				$index = $key;
+				break;
+			}
+		}
+	}
+
+	$sidebars_widgets = wp_get_sidebars_widgets();
+
+	if ( empty($wp_registered_sidebars[$index]) || !is_array($sidebars_widgets[$index]) || empty($sidebars_widgets[$index]) )
+		return false;
+
+	$sidebar = $wp_registered_sidebars[$index];
+
+	$did_one = false;
+	foreach ( $sidebars_widgets[$index] as $id ) {
+		$callback = $wp_registered_widgets[$id]['callback'];
+
+		$params = array_merge(array($sidebar), (array) $wp_registered_widgets[$id]['params']);
+
+		// Substitute HTML id and class attributes into before_widget
+		$params[0]['before_widget'] = sprintf($params[0]['before_widget'], $id, $wp_registered_widgets[$id]['classname']);
+
+		if ( is_callable($callback) ) {
+			call_user_func_array($callback, $params);
+			$did_one = true;
+		}
+	}
+
+	return $did_one;
+}
+
+function is_active_widget($callback) {
+	global $wp_registered_widgets;
+
+	$sidebars_widgets = wp_get_sidebars_widgets(false);
+
+	if ( is_array($sidebars_widgets) ) foreach ( $sidebars_widgets as $sidebar => $widgets )
+		if ( is_array($widgets) ) foreach ( $widgets as $widget )
+			if ( $wp_registered_widgets[$widget]['callback'] == $callback )
+				return true;
+
+	return false;
+}
+
+function is_dynamic_sidebar() {
+	global $wp_registered_widgets, $wp_registered_sidebars;
+	$sidebars_widgets = get_option('sidebars_widgets');
+	foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+		if ( count($sidebars_widgets[$index]) ) {
+			foreach ( $sidebars_widgets[$index] as $widget )
+				if ( array_key_exists($widget, $wp_registered_widgets) )
+					return true;
+		}
+	}
+	return false;
+}
+
+/* Internal Functions */
+
+function wp_get_sidebars_widgets($update = true) {
+	global $wp_registered_widgets, $wp_registered_sidebars;
+
+	$sidebars_widgets = get_option('sidebars_widgets');
+	$_sidebars_widgets = array();
+
+	if ( !isset($sidebars_widgets['array_version']) )
+		$sidebars_widgets['array_version'] = 1;
+
+	switch ( $sidebars_widgets['array_version'] ) {
+		case 1 :
+			foreach ( $sidebars_widgets as $index => $sidebar )
+			if ( is_array($sidebar) )
+			foreach ( $sidebar as $i => $name ) {
+				$id = strtolower($name);
+				if ( isset($wp_registered_widgets[$id]) ) {
+					$_sidebars_widgets[$index][$i] = $id;
+					continue;
+				}
+				$id = sanitize_title($name);
+				if ( isset($wp_registered_widgets[$id]) ) {
+					$_sidebars_widgets[$index][$i] = $id;
+					continue;
+				}
+				unset($_sidebars_widgets[$index][$i]);
+			}
+			$_sidebars_widgets['array_version'] = 2;
+			$sidebars_widgets = $_sidebars_widgets;
+			unset($_sidebars_widgets);
+
+		case 2 :
+			$sidebars = array_keys( $wp_registered_sidebars );
+			if ( !empty( $sidebars ) ) {
+				// Move the known-good ones first
+				foreach ( $sidebars as $id ) {
+					if ( array_key_exists( $id, $sidebars_widgets ) ) {
+						$_sidebars_widgets[$id] = $sidebars_widgets[$id];
+						unset($sidebars_widgets[$id], $sidebars[$id]);
+					}
+				}
+
+				// Assign to each unmatched registered sidebar the first available orphan
+				unset( $sidebars_widgets[ 'array_version' ] );
+				while ( ( $sidebar = array_shift( $sidebars ) ) && $widgets = array_shift( $sidebars_widgets ) )
+					$_sidebars_widgets[ $sidebar ] = $widgets;
+
+				$_sidebars_widgets['array_version'] = 3;
+				$sidebars_widgets = $_sidebars_widgets;
+				unset($_sidebars_widgets);
+			}
+
+			if ( $update )
+				update_option('sidebars_widgets', $sidebars_widgets);
+	}
+
+	unset($sidebars_widgets['array_version']);
+
+	return $sidebars_widgets;
+}
+
+function wp_set_sidebars_widgets( $sidebars_widgets ) {
+	update_option( 'sidebars_widgets', $sidebars_widgets );
+}
+
+function wp_get_widget_defaults() {
+	global $wp_registered_sidebars;
+
+	$defaults = array();
+
+	foreach ( $wp_registered_sidebars as $index => $sidebar )
+		$defaults[$index] = array();
+
+	return $defaults;
+}
+
+/* Default Widgets */
+
+function wp_widget_pages( $args ) {
+	extract( $args );
+	$options = get_option( 'widget_pages' );
+	
+	$title = empty( $options['title'] ) ? __( 'Pages' ) : $options['title'];
+	$sortby = empty( $options['sortby'] ) ? 'menu_order' : $options['sortby'];
+	$exclude = empty( $options['exclude'] ) ? '' : '&exclude=' . $options['exclude'];
+	
+	if ( $sortby == 'menu_order' ) {
+		$sortby = 'menu_order, post_title';
+	}
+	
+	$out = wp_list_pages( 'title_li=&echo=0&sort_column=' . $sortby . $exclude );
+	
+	if ( !empty( $out ) ) {
+?>
+	<?php echo $before_widget; ?>
+		<?php echo $before_title . $title . $after_title; ?>
+		<ul>
+			<?php echo $out; ?>
+		</ul>
+	<?php echo $after_widget; ?>
+<?php
+	}
+}
+
+function wp_widget_pages_control() {
+	$options = $newoptions = get_option('widget_pages');
+	if ( $_POST['pages-submit'] ) {
+		$newoptions['title'] = strip_tags(stripslashes($_POST['pages-title']));
+		
+		$sortby = stripslashes( $_POST['pages-sortby'] );
+		
+		if ( in_array( $sortby, array( 'post_title', 'menu_order', 'ID' ) ) ) {
+			$newoptions['sortby'] = $sortby;
+		} else {
+			$newoptions['sortby'] = 'menu_order';
+		}
+		
+		$newoptions['exclude'] = strip_tags( stripslashes( $_POST['pages-exclude'] ) );
+	}
+	if ( $options != $newoptions ) {
+		$options = $newoptions;
+		update_option('widget_pages', $options);
+	}
+	$title = attribute_escape($options['title']);
+	$exclude = attribute_escape( $options['exclude'] );
+?>
+			<p><label for="pages-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="pages-title" name="pages-title" type="text" value="<?php echo $title; ?>" /></label></p>
+			<p><label for="pages-sortby"><?php _e( 'Sort by:' ); ?> 
+				<select name="pages-sortby" id="pages-sortby">
+					<option value="post_title"<?php selected( $options['sortby'], 'post_title' ); ?>><?php _e('Page title'); ?></option>
+					<option value="menu_order"<?php selected( $options['sortby'], 'menu_order' ); ?>><?php _e('Page order'); ?></option>
+					<option value="ID"<?php selected( $options['sortby'], 'ID' ); ?>><?php _e( 'Page ID' ); ?></option>
+				</select></label></p>
+			<p><label for="pages-exclude"><?php _e( 'Exclude:' ); ?> <input type="text" value="<?php echo $exclude; ?>" name="pages-exclude" id="pages-exclude" style="width: 180px;" /></label><br />
+			<small><?php _e( 'Page IDs, separated by commas.' ); ?></small></p>
+			<input type="hidden" id="pages-submit" name="pages-submit" value="1" />
+<?php
+}
+
+function wp_widget_links($args) {
+	global $wp_db_version;
+	extract($args, EXTR_SKIP);
+	if ( $wp_db_version < 3582 ) {
+		// This ONLY works with li/h2 sidebars.
+		get_links_list();
+	} else {
+		wp_list_bookmarks(array(
+			'title_before' => $before_title, 'title_after' => $after_title, 
+			'category_before' => $before_widget, 'category_after' => $after_widget, 
+			'show_images' => true, 'class' => 'linkcat widget'
+		));
+	}
+}
+
+function wp_widget_search($args) {
+	extract($args);
+?>
+		<?php echo $before_widget; ?>
+			<form id="searchform" method="get" action="<?php bloginfo('home'); ?>">
+			<div>
+			<input type="text" name="s" id="s" size="15" /><br />
+			<input type="submit" value="<?php echo attribute_escape(__('Search')); ?>" />
+			</div>
+			</form>
+		<?php echo $after_widget; ?>
+<?php
+}
+
+function wp_widget_archives($args) {
+	extract($args);
+	$options = get_option('widget_archives');
+	$c = $options['count'] ? '1' : '0';
+	$d = $options['dropdown'] ? '1' : '0';
+	$title = empty($options['title']) ? __('Archives') : $options['title'];
+
+	echo $before_widget; 
+	echo $before_title . $title . $after_title;
+
+	if($d) { 
+?>
+		<select name="archive-dropdown" onChange='document.location.href=this.options[this.selectedIndex].value;'> <option value=""><?php echo attribute_escape(__('Select Month')); ?></option> <?php wp_get_archives("type=monthly&format=option&show_post_count=$c"); ?> </select>
+<?php	
+	} else { 
+?>
+		<ul>
+		<?php wp_get_archives("type=monthly&show_post_count=$c"); ?>
+		</ul>
+<?php
+	}
+
+	echo $after_widget; 
+}
+
+function wp_widget_archives_control() {
+	$options = $newoptions = get_option('widget_archives');
+	if ( $_POST["archives-submit"] ) {
+		$newoptions['count'] = isset($_POST['archives-count']);
+		$newoptions['dropdown'] = isset($_POST['archives-dropdown']);
+		$newoptions['title'] = strip_tags(stripslashes($_POST["archives-title"]));
+	}
+	if ( $options != $newoptions ) {
+		$options = $newoptions;
+		update_option('widget_archives', $options);
+	}
+	$count = $options['count'] ? 'checked="checked"' : '';
+	$dropdown = $options['dropdown'] ? 'checked="checked"' : '';
+	$title = attribute_escape($options['title']);
+?>
+			<p><label for="archives-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="archives-title" name="archives-title" type="text" value="<?php echo $title; ?>" /></label></p>
+			<p style="text-align:right;margin-right:40px;"><label for="archives-count"><?php _e('Show post counts'); ?> <input class="checkbox" type="checkbox" <?php echo $count; ?> id="archives-count" name="archives-count" /></label></p>
+			<p style="text-align:right;margin-right:40px;"><label for="archives-dropdown"><?php _e('Display as a drop down'); ?> <input class="checkbox" type="checkbox" <?php echo $dropdown; ?> id="archives-dropdown" name="archives-dropdown" /></label></p>
+			<input type="hidden" id="archives-submit" name="archives-submit" value="1" />
+<?php
+}
+
+function wp_widget_meta($args) {
+	extract($args);
+	$options = get_option('widget_meta');
+	$title = empty($options['title']) ? __('Meta') : $options['title'];
+?>
+		<?php echo $before_widget; ?>
+			<?php echo $before_title . $title . $after_title; ?>
+			<ul>
+			<?php wp_register(); ?>
+			<li><?php wp_loginout(); ?></li>
+			<li><a href="<?php bloginfo('rss2_url'); ?>" title="<?php echo attribute_escape(__('Syndicate this site using RSS 2.0')); ?>"><?php _e('Entries <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
+			<li><a href="<?php bloginfo('comments_rss2_url'); ?>" title="<?php echo attribute_escape(__('The latest comments to all posts in RSS')); ?>"><?php _e('Comments <abbr title="Really Simple Syndication">RSS</abbr>'); ?></a></li>
+			<li><a href="http://wordpress.org/" title="<?php echo attribute_escape(__('Powered by WordPress, state-of-the-art semantic personal publishing platform.')); ?>">WordPress.org</a></li>
+			<?php wp_meta(); ?>
+			</ul>
+		<?php echo $after_widget; ?>
+<?php
+}
+function wp_widget_meta_control() {
+	$options = $newoptions = get_option('widget_meta');
+	if ( $_POST["meta-submit"] ) {
+		$newoptions['title'] = strip_tags(stripslashes($_POST["meta-title"]));
+	}
+	if ( $options != $newoptions ) {
+		$options = $newoptions;
+		update_option('widget_meta', $options);
+	}
+	$title = attribute_escape($options['title']);
+?>
+			<p><label for="meta-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="meta-title" name="meta-title" type="text" value="<?php echo $title; ?>" /></label></p>
+			<input type="hidden" id="meta-submit" name="meta-submit" value="1" />
+<?php
+}
+
+function wp_widget_calendar($args) {
+	extract($args);
+	$options = get_option('widget_calendar');
+	$title = $options['title'];
+	if ( empty($title) )
+		$title = '&nbsp;';
+	echo $before_widget . $before_title . $title . $after_title;
+	echo '<div id="calendar_wrap">';
+	get_calendar();
+	echo '</div>';
+	echo $after_widget;
+}
+function wp_widget_calendar_control() {
+	$options = $newoptions = get_option('widget_calendar');
+	if ( $_POST["calendar-submit"] ) {
+		$newoptions['title'] = strip_tags(stripslashes($_POST["calendar-title"]));
+	}
+	if ( $options != $newoptions ) {
+		$options = $newoptions;
+		update_option('widget_calendar', $options);
+	}
+	$title = attribute_escape($options['title']);
+?>
+			<p><label for="calendar-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="calendar-title" name="calendar-title" type="text" value="<?php echo $title; ?>" /></label></p>
+			<input type="hidden" id="calendar-submit" name="calendar-submit" value="1" />
+<?php
+}
+
+function wp_widget_text($args, $number = 1) {
+	extract($args);
+	$options = get_option('widget_text');
+	$title = $options[$number]['title'];
+	$text = apply_filters( 'widget_text', $options[$number]['text'] );
+?>
+		<?php echo $before_widget; ?>
+			<?php if ( !empty( $title ) ) { echo $before_title . $title . $after_title; } ?>
+			<div class="textwidget"><?php echo $text; ?></div>
+		<?php echo $after_widget; ?>
+<?php
+}
+
+function wp_widget_text_control($number) {
+	$options = $newoptions = get_option('widget_text');
+	if ( !is_array($options) )
+		$options = $newoptions = array();
+	if ( $_POST["text-submit-$number"] ) {
+		$newoptions[$number]['title'] = strip_tags(stripslashes($_POST["text-title-$number"]));
+		$newoptions[$number]['text'] = stripslashes($_POST["text-text-$number"]);
+		if ( !current_user_can('unfiltered_html') )
+			$newoptions[$number]['text'] = stripslashes(wp_filter_post_kses($newoptions[$number]['text']));
+	}
+	if ( $options != $newoptions ) {
+		$options = $newoptions;
+		update_option('widget_text', $options);
+	}
+	$title = attribute_escape($options[$number]['title']);
+	$text = format_to_edit($options[$number]['text']);
+?>
+			<input style="width: 450px;" id="text-title-<?php echo $number; ?>" name="text-title-<?php echo $number; ?>" type="text" value="<?php echo $title; ?>" />
+			<textarea style="width: 450px; height: 280px;" id="text-text-<?php echo $number; ?>" name="text-text-<?php echo $number; ?>"><?php echo $text; ?></textarea>
+			<input type="hidden" id="text-submit-<?php echo "$number"; ?>" name="text-submit-<?php echo "$number"; ?>" value="1" />
+<?php
+}
+
+function wp_widget_text_setup() {
+	$options = $newoptions = get_option('widget_text');
+	if ( isset($_POST['text-number-submit']) ) {
+		$number = (int) $_POST['text-number'];
+		if ( $number > 9 ) $number = 9;
+		if ( $number < 1 ) $number = 1;
+		$newoptions['number'] = $number;
+	}
+	if ( $options != $newoptions ) {
+		$options = $newoptions;
+		update_option('widget_text', $options);
+		wp_widget_text_register($options['number']);
+	}
+}
+
+function wp_widget_text_page() {
+	$options = $newoptions = get_option('widget_text');
+?>
+	<div class="wrap">
+		<form method="POST">
+			<h2><?php _e('Text Widgets'); ?></h2>
+			<p style="line-height: 30px;"><?php _e('How many text widgets would you like?'); ?>
+			<select id="text-number" name="text-number" value="<?php echo $options['number']; ?>">
+<?php for ( $i = 1; $i < 10; ++$i ) echo "<option value='$i' ".($options['number']==$i ? "selected='selected'" : '').">$i</option>"; ?>
+			</select>
+			<span class="submit"><input type="submit" name="text-number-submit" id="text-number-submit" value="<?php echo attribute_escape(__('Save')); ?>" /></span></p>
+		</form>
+	</div>
+<?php
+}
+
+function wp_widget_text_register() {
+	$options = get_option('widget_text');
+	$number = $options['number'];
+	if ( $number < 1 ) $number = 1;
+	if ( $number > 9 ) $number = 9;
+	$dims = array('width' => 460, 'height' => 350);
+	$class = array('classname' => 'widget_text');
+	for ($i = 1; $i <= 9; $i++) {
+		$name = sprintf(__('Text %d'), $i);
+		$id = "text-$i"; // Never never never translate an id
+		wp_register_sidebar_widget($id, $name, $i <= $number ? 'wp_widget_text' : /* unregister */ '', $class, $i);
+		wp_register_widget_control($id, $name, $i <= $number ? 'wp_widget_text_control' : /* unregister */ '', $dims, $i);
+	}
+	add_action('sidebar_admin_setup', 'wp_widget_text_setup');
+	add_action('sidebar_admin_page', 'wp_widget_text_page');
+}
+
+function wp_widget_categories($args) {
+	extract($args);
+	$options = get_option('widget_categories');
+	$c = $options['count'] ? '1' : '0';
+	$h = $options['hierarchical'] ? '1' : '0';
+	$d = $options['dropdown'] ? '1' : '0';
+	$title = empty($options['title']) ? __('Categories') : $options['title'];
+
+	echo $before_widget;
+	echo $before_title . $title . $after_title; 
+
+	$cat_args = "orderby=name&show_count={$c}&hierarchical={$h}";
+
+	if($d) {
+		wp_dropdown_categories($cat_args . '&show_option_none= ' . __('Select Category'));
+?>
+
+<script lang='javascript'><!--
+    var dropdown = document.getElementById("cat");
+    function onCatChange() {
+		if ( dropdown.options[dropdown.selectedIndex].value > 0 ) {
+			location.href = "<?php echo get_option('home'); ?>/?cat="+dropdown.options[dropdown.selectedIndex].value;
+		}
+    }
+    dropdown.onchange = onCatChange;
+--></script>
+
+<?php
+	} else {
+?>
+		<ul>
+		<?php wp_list_categories($cat_args . '&title_li='); ?>
+		</ul>
+<?php
+	}
+
+	echo $after_widget;
+}
+
+function wp_widget_categories_control() {
+	$options = $newoptions = get_option('widget_categories');
+	if ( $_POST['categories-submit'] ) {
+		$newoptions['count'] = isset($_POST['categories-count']);
+		$newoptions['hierarchical'] = isset($_POST['categories-hierarchical']);
+		$newoptions['dropdown'] = isset($_POST['categories-dropdown']);
+		$newoptions['title'] = strip_tags(stripslashes($_POST['categories-title']));
+	}
+	if ( $options != $newoptions ) {
+		$options = $newoptions;
+		update_option('widget_categories', $options);
+	}
+	$count = $options['count'] ? 'checked="checked"' : '';
+	$hierarchical = $options['hierarchical'] ? 'checked="checked"' : '';
+	$dropdown = $options['dropdown'] ? 'checked="checked"' : '';
+	$title = attribute_escape($options['title']);
+?>
+			<p><label for="categories-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="categories-title" name="categories-title" type="text" value="<?php echo $title; ?>" /></label></p>
+			<p style="text-align:right;margin-right:40px;"><label for="categories-count"><?php _e('Show post counts'); ?> <input class="checkbox" type="checkbox" <?php echo $count; ?> id="categories-count" name="categories-count" /></label></p>
+			<p style="text-align:right;margin-right:40px;"><label for="categories-hierarchical" style="text-align:right;"><?php _e('Show hierarchy'); ?> <input class="checkbox" type="checkbox" <?php echo $hierarchical; ?> id="categories-hierarchical" name="categories-hierarchical" /></label></p>
+			<p style="text-align:right;margin-right:40px;"><label for="categories-dropdown" style="text-align:right;"><?php _e('Display as a drop down'); ?> <input class="checkbox" type="checkbox" <?php echo $dropdown; ?> id="categories-dropdown" name="categories-dropdown" /></label></p>
+			<input type="hidden" id="categories-submit" name="categories-submit" value="1" />
+<?php
+}
+
+function wp_widget_recent_entries($args) {
+	if ( $output = wp_cache_get('widget_recent_entries') )
+		return print($output);
+
+	ob_start();
+	extract($args);
+	$options = get_option('widget_recent_entries');
+	$title = empty($options['title']) ? __('Recent Posts') : $options['title'];
+	if ( !$number = (int) $options['number'] )
+		$number = 10;
+	else if ( $number < 1 )
+		$number = 1;
+	else if ( $number > 15 )
+		$number = 15;
+
+	$r = new WP_Query("showposts=$number&what_to_show=posts&nopaging=0");
+	if ($r->have_posts()) :
+?>
+		<?php echo $before_widget; ?>
+			<?php echo $before_title . $title . $after_title; ?>
+			<ul>
+			<?php  while ($r->have_posts()) : $r->the_post(); ?>
+			<li><a href="<?php the_permalink() ?>"><?php if ( get_the_title() ) the_title(); else the_ID(); ?> </a></li>
+			<?php endwhile; ?>
+			</ul>
+		<?php echo $after_widget; ?>
+<?php
+	endif;
+	wp_cache_add('widget_recent_entries', ob_get_flush());
+}
+
+function wp_flush_widget_recent_entries() {
+	wp_cache_delete('widget_recent_entries');
+}
+
+add_action('save_post', 'wp_flush_widget_recent_entries');
+add_action('post_deleted', 'wp_flush_widget_recent_entries');
+
+function wp_widget_recent_entries_control() {
+	$options = $newoptions = get_option('widget_recent_entries');
+	if ( $_POST["recent-entries-submit"] ) {
+		$newoptions['title'] = strip_tags(stripslashes($_POST["recent-entries-title"]));
+		$newoptions['number'] = (int) $_POST["recent-entries-number"];
+	}
+	if ( $options != $newoptions ) {
+		$options = $newoptions;
+		update_option('widget_recent_entries', $options);
+		wp_flush_widget_recent_entries();
+	}
+	$title = attribute_escape($options['title']);
+	if ( !$number = (int) $options['number'] )
+		$number = 5;
+?>
+			<p><label for="recent-entries-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="recent-entries-title" name="recent-entries-title" type="text" value="<?php echo $title; ?>" /></label></p>
+			<p><label for="recent-entries-number"><?php _e('Number of posts to show:'); ?> <input style="width: 25px; text-align: center;" id="recent-entries-number" name="recent-entries-number" type="text" value="<?php echo $number; ?>" /></label> <?php _e('(at most 15)'); ?></p>
+			<input type="hidden" id="recent-entries-submit" name="recent-entries-submit" value="1" />
+<?php
+}
+
+function wp_widget_recent_comments($args) {
+	global $wpdb, $comments, $comment;
+	extract($args, EXTR_SKIP);
+	$options = get_option('widget_recent_comments');
+	$title = empty($options['title']) ? __('Recent Comments') : $options['title'];
+	if ( !$number = (int) $options['number'] )
+		$number = 5;
+	else if ( $number < 1 )
+		$number = 1;
+	else if ( $number > 15 )
+		$number = 15;
+
+	if ( !$comments = wp_cache_get( 'recent_comments', 'widget' ) ) {
+		$comments = $wpdb->get_results("SELECT comment_author, comment_author_url, comment_ID, comment_post_ID FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT $number");
+		wp_cache_add( 'recent_comments', $comments, 'widget' );
+	}
+?>
+
+		<?php echo $before_widget; ?>
+			<?php echo $before_title . $title . $after_title; ?>
+			<ul id="recentcomments"><?php
+			if ( $comments ) : foreach ($comments as $comment) :
+			echo  '<li class="recentcomments">' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="'. get_permalink($comment->comment_post_ID) . '#comment-' . $comment->comment_ID . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
+			endforeach; endif;?></ul>
+		<?php echo $after_widget; ?>
+<?php
+}
+
+function wp_delete_recent_comments_cache() {
+	wp_cache_delete( 'recent_comments', 'widget' );
+}
+add_action( 'comment_post', 'wp_delete_recent_comments_cache' );
+add_action( 'wp_set_comment_status', 'wp_delete_recent_comments_cache' );
+
+function wp_widget_recent_comments_control() {
+	$options = $newoptions = get_option('widget_recent_comments');
+	if ( $_POST["recent-comments-submit"] ) {
+		$newoptions['title'] = strip_tags(stripslashes($_POST["recent-comments-title"]));
+		$newoptions['number'] = (int) $_POST["recent-comments-number"];
+	}
+	if ( $options != $newoptions ) {
+		$options = $newoptions;
+		update_option('widget_recent_comments', $options);
+		wp_delete_recent_comments_cache();
+	}
+	$title = attribute_escape($options['title']);
+	if ( !$number = (int) $options['number'] )
+		$number = 5;
+?>
+			<p><label for="recent-comments-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="recent-comments-title" name="recent-comments-title" type="text" value="<?php echo $title; ?>" /></label></p>
+			<p><label for="recent-comments-number"><?php _e('Number of comments to show:'); ?> <input style="width: 25px; text-align: center;" id="recent-comments-number" name="recent-comments-number" type="text" value="<?php echo $number; ?>" /></label> <?php _e('(at most 15)'); ?></p>
+			<input type="hidden" id="recent-comments-submit" name="recent-comments-submit" value="1" />
+<?php
+}
+
+function wp_widget_recent_comments_style() {
+?>
+<style type="text/css">.recentcomments a{display:inline !important;padding: 0 !important;margin: 0 !important;}</style>
+<?php
+}
+
+function wp_widget_recent_comments_register() {
+	$dims = array('width' => 320, 'height' => 90);
+	$class = array('classname' => 'widget_recent_comments');
+	wp_register_sidebar_widget('recent-comments', __('Recent Comments'), 'wp_widget_recent_comments', $class);
+	wp_register_widget_control('recent-comments', __('Recent Comments'), 'wp_widget_recent_comments_control', $dims);
+	
+	if ( is_active_widget('wp_widget_recent_comments') )
+		add_action('wp_head', 'wp_widget_recent_comments_style');
+}
+
+function wp_widget_rss($args, $number = 1) {
+	require_once(ABSPATH . WPINC . '/rss.php');
+	extract($args, EXTR_SKIP);
+	$options = get_option('widget_rss');
+	if ( isset($options['error']) && $options['error'] )
+		return;
+	$num_items = (int) $options[$number]['items'];
+	$show_summary = $options[$number]['show_summary'];
+	if ( empty($num_items) || $num_items < 1 || $num_items > 10 ) $num_items = 10;
+	$url = $options[$number]['url'];
+	while ( strstr($url, 'http') != $url )
+		$url = substr($url, 1);
+	if ( empty($url) )
+		return;
+	$rss = fetch_rss($url);
+	$link = clean_url(strip_tags($rss->channel['link']));
+	while ( strstr($link, 'http') != $link )
+		$link = substr($link, 1);
+	$desc = attribute_escape(strip_tags(html_entity_decode($rss->channel['description'], ENT_QUOTES)));
+	$title = $options[$number]['title'];
+	if ( empty($title) )
+		$title = htmlentities(strip_tags($rss->channel['title']));
+	if ( empty($title) )
+		$title = $desc;
+	if ( empty($title) )
+		$title = __('Unknown Feed');
+	$url = clean_url(strip_tags($url));
+	if ( file_exists(dirname(__FILE__) . '/rss.png') )
+		$icon = str_replace(ABSPATH, get_option('siteurl').'/', dirname(__FILE__)) . '/rss.png';
+	else
+		$icon = get_option('siteurl').'/wp-includes/images/rss.png';
+	$title = "<a class='rsswidget' href='$url' title='" . attribute_escape(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";
+?>
+		<?php echo $before_widget; ?>
+			<?php $title ? print($before_title . $title . $after_title) : null; ?>
+			<ul>
+<?php
+	if ( is_array( $rss->items ) ) {
+		$rss->items = array_slice($rss->items, 0, $num_items);
+		foreach ($rss->items as $item ) {
+			while ( strstr($item['link'], 'http') != $item['link'] )
+				$item['link'] = substr($item['link'], 1);
+			$link = clean_url(strip_tags($item['link']));
+			$title = attribute_escape(strip_tags($item['title']));
+			if ( empty($title) )
+				$title = __('Untitled');
+			$desc = '';
+			if ( $show_summary ) {
+				$summary = '<div class="rssSummary">' . $item['description'] . '</div>';
+			} else {
+				if ( isset( $item['description'] ) && is_string( $item['description'] ) )
+					$desc = str_replace(array("\n", "\r"), ' ', attribute_escape(strip_tags(html_entity_decode($item['description'], ENT_QUOTES))));
+				$summary = '';
+			}
+			echo "<li><a class='rsswidget' href='$link' title='$desc'>$title</a>$summary</li>";
+		}
+	} else {
+		echo '<li>' . __( 'An error has occurred; the feed is probably down. Try again later.' ) . '</li>';
+	}
+?>
+			</ul>
+		<?php echo $after_widget; ?>
+<?php
+}
+
+function wp_widget_rss_control($number) {
+	$options = $newoptions = get_option('widget_rss');
+	if ( $_POST["rss-submit-$number"] ) {
+		$newoptions[$number]['items'] = (int) $_POST["rss-items-$number"];
+		$url = clean_url(strip_tags(stripslashes($_POST["rss-url-$number"])));
+		$newoptions[$number]['title'] = trim(strip_tags(stripslashes($_POST["rss-title-$number"])));
+		if ( $url !== $options[$number]['url'] ) {
+			require_once(ABSPATH . WPINC . '/rss.php');
+			$rss = fetch_rss($url);
+			if ( is_object($rss) ) {
+				$newoptions[$number]['url'] = $url;
+				$newoptions[$number]['error'] = false;
+			} else {
+				$newoptions[$number]['error'] = true;
+				$newoptions[$number]['url'] = wp_specialchars(__('Error: could not find an RSS or ATOM feed at that URL.'), 1);
+				$error = sprintf(__('Error in RSS %1$d: %2$s'), $number, $newoptions[$number]['error']);
+			}
+		}
+	}
+	if ( $options != $newoptions ) {
+		$options = $newoptions;
+		update_option('widget_rss', $options);
+	}
+	$url = attribute_escape($options[$number]['url']);
+	$items = (int) $options[$number]['items'];
+	$title = attribute_escape($options[$number]['title']);
+	if ( empty($items) || $items < 1 ) $items = 10;
+?>
+			<p style="text-align:center;"><?php _e('Enter the RSS feed URL here:'); ?></p>
+			<input style="width: 400px;" id="rss-url-<?php echo "$number"; ?>" name="rss-url-<?php echo "$number"; ?>" type="text" value="<?php echo $url; ?>" />
+			<p style="text-align:center;"><?php _e('Give the feed a title (optional):'); ?></p>
+			<input style="width: 400px;" id="rss-title-<?php echo "$number"; ?>" name="rss-title-<?php echo "$number"; ?>" type="text" value="<?php echo $title; ?>" />
+			<p style="text-align:center; line-height: 30px;"><?php _e('How many items would you like to display?'); ?> <select id="rss-items-<?php echo $number; ?>" name="rss-items-<?php echo $number; ?>"><?php for ( $i = 1; $i <= 10; ++$i ) echo "<option value='$i' ".($items==$i ? "selected='selected'" : '').">$i</option>"; ?></select></p>
+			<input type="hidden" id="rss-submit-<?php echo "$number"; ?>" name="rss-submit-<?php echo "$number"; ?>" value="1" />
+<?php
+}
+
+function wp_widget_rss_setup() {
+	$options = $newoptions = get_option('widget_rss');
+	if ( isset($_POST['rss-number-submit']) ) {
+		$number = (int) $_POST['rss-number'];
+		if ( $number > 9 ) $number = 9;
+		if ( $number < 1 ) $number = 1;
+		$newoptions['number'] = $number;
+	}
+	if ( $options != $newoptions ) {
+		$options = $newoptions;
+		update_option('widget_rss', $options);
+		wp_widget_rss_register($options['number']);
+	}
+}
+
+function wp_widget_rss_page() {
+	$options = $newoptions = get_option('widget_rss');
+?>
+	<div class="wrap">
+		<form method="POST">
+			<h2><?php _e('RSS Feed Widgets'); ?></h2>
+			<p style="line-height: 30px;"><?php _e('How many RSS widgets would you like?'); ?>
+			<select id="rss-number" name="rss-number" value="<?php echo $options['number']; ?>">
+<?php for ( $i = 1; $i < 10; ++$i ) echo "<option value='$i' ".($options['number']==$i ? "selected='selected'" : '').">$i</option>"; ?>
+			</select>
+			<span class="submit"><input type="submit" name="rss-number-submit" id="rss-number-submit" value="<?php echo attribute_escape(__('Save')); ?>" /></span></p>
+		</form>
+	</div>
+<?php
+}
+
+function wp_widget_rss_register() {
+	$options = get_option('widget_rss');
+	$number = $options['number'];
+	if ( $number < 1 ) $number = 1;
+	if ( $number > 9 ) $number = 9;
+	$dims = array('width' => 410, 'height' => 200);
+	$class = array('classname' => 'widget_rss');
+	for ($i = 1; $i <= 9; $i++) {
+		$name = sprintf(__('RSS %d'), $i);
+		$id = "rss-$i"; // Never never never translate an id
+		wp_register_sidebar_widget($id, $name, $i <= $number ? 'wp_widget_rss' : /* unregister */ '', $class, $i);
+		wp_register_widget_control($id, $name, $i <= $number ? 'wp_widget_rss_control' : /* unregister */ '', $dims, $i);
+	}
+	add_action('sidebar_admin_setup', 'wp_widget_rss_setup');
+	add_action('sidebar_admin_page', 'wp_widget_rss_page');
+}
+
+function wp_widgets_init() {
+	global $wp_register_widget_defaults;
+
+	$wp_register_widget_defaults = true;
+	$dims90 = array('height' => 90, 'width' => 300);
+	$dims100 = array('height' => 100, 'width' => 300);
+	$dims150 = array('height' => 150, 'width' => 300);
+	$class = array('classname' => 'widget_pages');
+	wp_register_sidebar_widget('pages', __('Pages'), 'wp_widget_pages', $class);
+	wp_register_widget_control('pages', __('Pages'), 'wp_widget_pages_control', $dims150);
+	$class['classname'] = 'widget_calendar';
+	wp_register_sidebar_widget('calendar', __('Calendar'), 'wp_widget_calendar', $class);
+	wp_register_widget_control('calendar', __('Calendar'), 'wp_widget_calendar_control', $dims90);
+	$class['classname'] = 'widget_archives';
+	wp_register_sidebar_widget('archives', __('Archives'), 'wp_widget_archives', $class);
+	wp_register_widget_control('archives', __('Archives'), 'wp_widget_archives_control', $dims100);
+	$class['classname'] = 'widget_links';
+	wp_register_sidebar_widget('links', __('Links'), 'wp_widget_links', $class);
+	$class['classname'] = 'widget_meta';
+	wp_register_sidebar_widget('meta', __('Meta'), 'wp_widget_meta', $class);
+	wp_register_widget_control('meta', __('Meta'), 'wp_widget_meta_control', $dims90);
+	$class['classname'] = 'widget_search';
+	wp_register_sidebar_widget('search', __('Search'), 'wp_widget_search', $class);
+	$class['classname'] = 'widget_categories';
+	wp_register_sidebar_widget('categories', __('Categories'), 'wp_widget_categories', $class);
+	wp_register_widget_control('categories', __('Categories'), 'wp_widget_categories_control', $dims150);
+	$class['classname'] = 'widget_recent_entries';
+	wp_register_sidebar_widget('recent-posts', __('Recent Posts'), 'wp_widget_recent_entries', $class);
+	wp_register_widget_control('recent-posts', __('Recent Posts'), 'wp_widget_recent_entries_control', $dims90);
+	wp_widget_text_register();
+	wp_widget_rss_register();
+	wp_widget_recent_comments_register();
+
+	$wp_register_widget_defaults = false;
+
+	do_action('widgets_init');
+}
+
+add_action('init', 'wp_widgets_init', 1);
+
+?>

wp-mail.php

@@ -62,7 +62,7 @@ for ($i=1; $i <= $count; $i++) :
 
 			// Set the author using the email address (To or Reply-To, the last used)
 			// otherwise use the site admin
-			if (preg_match('/From: /', $line) | preg_match('Reply-To: /', $line))  {
+			if (preg_match('/From: /', $line) | preg_match('/Reply-To: /', $line))  {
 				$author=trim($line);
 			if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) {
 				$author = $regs[1];

wp-settings.php

@@ -48,8 +48,8 @@ $PHP_SELF = $_SERVER['PHP_SELF'];
 if ( empty($PHP_SELF) )
 	$_SERVER['PHP_SELF'] = $PHP_SELF = preg_replace("/(\?.*)?$/",'',$_SERVER["REQUEST_URI"]);
 
-if ( !(phpversion() >= '4.1') )
-	die( 'Your server is running PHP version ' . phpversion() . ' but WordPress requires at least 4.1' );
+if ( !(phpversion() >= '4.2') )
+	die( 'Your server is running PHP version ' . phpversion() . ' but WordPress requires at least 4.2.' );
 
 if ( !extension_loaded('mysql') && !file_exists(ABSPATH . 'wp-content/db.php') )
 	die( 'Your PHP installation appears to be missing the MySQL which is required for WordPress.' );
@@ -81,7 +81,7 @@ error_reporting(E_ALL ^ E_NOTICE);
 
 // For an advanced caching plugin to use, static because you would only want one
 if ( defined('WP_CACHE') )
-	require (ABSPATH . 'wp-content/advanced-cache.php');
+	@include ABSPATH . 'wp-content/advanced-cache.php';
 
 define('WPINC', 'wp-includes');
 

xmlrpc.php

@@ -5,6 +5,12 @@ define('XMLRPC_REQUEST', true);
 // Some browser-embedded clients send cookies. We don't want them.
 $_COOKIE = array();
 
+// A bug in PHP < 5.2.2 makes $HTTP_RAW_POST_DATA not set by default, 
+// but we can do it ourself.
+if ( !isset( $HTTP_RAW_POST_DATA ) ) {
+	$HTTP_RAW_POST_DATA = file_get_contents( 'php://input' );
+}
+
 # fix for mozBlog and other cases where '<?xml' isn't on the very first line
 if ( isset($HTTP_RAW_POST_DATA) )
 	$HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);
@@ -22,10 +28,10 @@ header('Content-type: text/xml; charset=' . get_option('blog_charset'), true);
     <engineLink>http://wordpress.org/</engineLink>
     <homePageLink><?php bloginfo_rss('url') ?></homePageLink>
     <apis>
-      <api name="WordPress" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
-      <api name="Movable Type" blogID="1" preferred="true" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
-      <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
-      <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('url') ?>/xmlrpc.php" />
+      <api name="WordPress" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
+      <api name="Movable Type" blogID="1" preferred="true" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
+      <api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
+      <api name="Blogger" blogID="1" preferred="false" apiLink="<?php bloginfo_rss('wpurl') ?>/xmlrpc.php" />
     </apis>
   </service>
 </rsd>
@@ -202,7 +208,7 @@ class wp_xmlrpc_server extends IXR_Server {
 			$allow_pings = ("open" == $page->ping_status) ? 1 : 0;
 
 			// Format page date.
-			$page_date = mysql2date("Ymd\TH:i:s", $page->post_date);
+			$page_date = mysql2date("Ymd\TH:i:s\Z", $page->post_date_gmt);
 
 			// Pull the categories info together.
 			$categories = array();
@@ -423,7 +429,7 @@ class wp_xmlrpc_server extends IXR_Server {
 			SELECT ID page_id,
 				post_title page_title,
 				post_parent page_parent_id,
-				post_date
+				post_date_gmt
 			FROM {$wpdb->posts}
 			WHERE post_type = 'page'
 			ORDER BY ID
@@ -432,10 +438,10 @@ class wp_xmlrpc_server extends IXR_Server {
 		// The date needs to be formated properly.
 		$num_pages = count($page_list);
 		for($i = 0; $i < $num_pages; $i++) {
-			$post_date = mysql2date("Ymd\TH:i:s", $page_list[$i]->post_date);
+			$post_date = mysql2date("Ymd\TH:i:s\Z", $page_list[$i]->post_date_gmt);
 			$page_list[$i]->dateCreated = new IXR_Date($post_date);
 
-			unset($page_list[$i]->post_date);
+			unset($page_list[$i]->post_date_gmt);
 		}
 
 		return($page_list);
@@ -532,7 +538,7 @@ class wp_xmlrpc_server extends IXR_Server {
 		$username				= $args[1];
 		$password				= $args[2];
 		$category				= $args[3];
-		$max_results			= $args[4];
+		$max_results			= (int) $args[4];
 
 		if(!$this->login_pass_ok($username, $password)) {
 			return($this->error);
@@ -843,7 +849,7 @@ class wp_xmlrpc_server extends IXR_Server {
 	  if ( !current_user_can('edit_post', $post_ID) )
 	    return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
 
-	  extract($actual_post);
+	  extract($actual_post, EXTR_SKIP);
 
 	  if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
 	  	return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.'));
@@ -923,8 +929,9 @@ class wp_xmlrpc_server extends IXR_Server {
 	    return $this->error;
 	  }
 
+      $cap = ($publish) ? 'publish_posts' : 'edit_posts';
 	  $user = set_current_user(0, $user_login);
-	  if ( !current_user_can('publish_posts') )
+	  if ( !current_user_can($cap) )
 	    return new IXR_Error(401, __('Sorry, you can not post on this weblog or category.'));
 
 		// The post_type defaults to post, but could also be page.
@@ -993,31 +1000,67 @@ class wp_xmlrpc_server extends IXR_Server {
 	  $post_more = $content_struct['mt_text_more'];
 
 		if(isset($content_struct["mt_allow_comments"])) {
-			switch((int) $content_struct["mt_allow_comments"]) {
-				case 0:
-					$comment_status = "closed";
-					break;
-				case 1:
-					$comment_status = "open";
-					break;
-				default:
-					$comment_status = get_option("default_comment_status");
-					break;
+			if(!is_numeric($content_struct["mt_allow_comments"])) {
+				switch($content_struct["mt_allow_comments"]) {
+					case "closed":
+						$comment_status = "closed";
+						break;
+					case "open":
+						$comment_status = "open";
+						break;
+					default:
+						$comment_status = get_option("default_comment_status");
+						break;
+				}
 			}
+			else {
+				switch((int) $content_struct["mt_allow_comments"]) {
+					case 0:
+						$comment_status = "closed";
+						break;
+					case 1:
+						$comment_status = "open";
+						break;
+					default:
+						$comment_status = get_option("default_comment_status");
+						break;
+				}
+			}
+		}
+		else {
+			$comment_status = get_option("default_comment_status");
 		}
 
 		if(isset($content_struct["mt_allow_pings"])) {
-			switch((int) $content_struct["mt_allow_pings"]) {
-				case 0:
-					$ping_status = "closed";
-					break;
-				case 1:
-					$ping_status = "open";
-					break;
-				default:
-					$ping_status = get_option("default_ping_status");
-					break;
+			if(!is_numeric($content_struct["mt_allow_pings"])) {
+				switch($content["mt_allow_pings"]) {
+					case "closed":
+						$ping_status = "closed";
+						break;
+					case "open":
+						$ping_status = "open";
+						break;
+					default:
+						$ping_status = get_option("default_ping_status");
+						break;
+				}
 			}
+			else {
+				switch((int) $content_struct["mt_allow_pings"]) {
+					case 0:
+						$ping_status = "closed";
+						break;
+					case 1:
+						$ping_status = "open";
+						break;
+					default:
+						$ping_status = get_option("default_ping_status");
+						break;
+				}
+			}
+		}
+		else {
+			$ping_status = get_option("default_ping_status");
 		}
 
 	  if ($post_more) {
@@ -1033,7 +1076,7 @@ class wp_xmlrpc_server extends IXR_Server {
 	  if (!empty($dateCreatedd)) {
 	    $dateCreated = $dateCreatedd->getIso();
 	    $post_date     = get_date_from_gmt(iso8601_to_datetime($dateCreated));
-	    $post_date_gmt = iso8601_to_datetime($dateCreated, GMT);
+	    $post_date_gmt = iso8601_to_datetime($dateCreated. "Z", GMT);
 	  } else {
 	    $post_date     = current_time('mysql');
 	    $post_date_gmt = current_time('mysql', 1);
@@ -1120,8 +1163,8 @@ class wp_xmlrpc_server extends IXR_Server {
 			return(new IXR_Error(404, __("Invalid post id.")));
 		}
 
-	  extract($postdata);
 		$this->escape($postdata);
+		extract($postdata, EXTR_SKIP);
 
 		// Let WordPress manage slug if none was provided.
 		$post_name = "";
@@ -1144,7 +1187,7 @@ class wp_xmlrpc_server extends IXR_Server {
 			$menu_order = $content_struct["wp_page_order"];
 		}
 
-		$post_author = $user->ID;
+		$post_author = $postdata["post_author"];
 
 		// Only set the post_author if one is set.
 		if(
@@ -1171,15 +1214,61 @@ class wp_xmlrpc_server extends IXR_Server {
 			$post_author = $content_struct["wp_author_id"];
 		}
 
-		// Only set ping_status if it was provided.
+		if(isset($content_struct["mt_allow_comments"])) {
+			if(!is_numeric($content_struct["mt_allow_comments"])) {
+				switch($content_struct["mt_allow_comments"]) {
+					case "closed":
+						$comment_status = "closed";
+						break;
+					case "open":
+						$comment_status = "open";
+						break;
+					default:
+						$comment_status = get_option("default_comment_status");
+						break;
+				}
+			}
+			else {
+				switch((int) $content_struct["mt_allow_comments"]) {
+					case 0:
+						$comment_status = "closed";
+						break;
+					case 1:
+						$comment_status = "open";
+						break;
+					default:
+						$comment_status = get_option("default_comment_status");
+						break;
+				}
+			}
+		}
+
 		if(isset($content_struct["mt_allow_pings"])) {
-			switch((int) $content_struct["mt_allow_pings"]) {
-				case 0:
-					$ping_status = "closed";
-					break;
-				case 1:
-					$ping_status = "open";
-					break;
+			if(!is_numeric($content_struct["mt_allow_pings"])) {
+				switch($content["mt_allow_pings"]) {
+					case "closed":
+						$ping_status = "closed";
+						break;
+					case "open":
+						$ping_status = "open";
+						break;
+					default:
+						$ping_status = get_option("default_ping_status");
+						break;
+				}
+			}
+			else {
+				switch((int) $content_struct["mt_allow_pings"]) {
+					case 0:
+						$ping_status = "closed";
+						break;
+					case 1:
+						$ping_status = "open";
+						break;
+					default:
+						$ping_status = get_option("default_ping_status");
+						break;
+				}
 			}
 		}
 
@@ -1214,16 +1303,12 @@ class wp_xmlrpc_server extends IXR_Server {
 	  if ( is_array($to_ping) )
 	  	$to_ping = implode(' ', $to_ping);
 
-      if(isset($content_struct["mt_allow_comments"])) {
-		$comment_status = (int) $content_struct["mt_allow_comments"];
-      }
-	  
 	  // Do some timestamp voodoo
 	  $dateCreatedd = $content_struct['dateCreated'];
 	  if (!empty($dateCreatedd)) {
 	    $dateCreated = $dateCreatedd->getIso();
 	    $post_date     = get_date_from_gmt(iso8601_to_datetime($dateCreated));
-	    $post_date_gmt = iso8601_to_datetime($dateCreated, GMT);
+	    $post_date_gmt = iso8601_to_datetime($dateCreated . "Z", GMT);
 	  } else {
 	    $post_date     = $postdata['post_date'];
 	    $post_date_gmt = $postdata['post_date_gmt'];
@@ -1263,7 +1348,7 @@ class wp_xmlrpc_server extends IXR_Server {
 
 	  if ($postdata['post_date'] != '') {
 
-	    $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']);
+	    $post_date = mysql2date('Ymd\TH:i:s\Z', $postdata['post_date_gmt']);
 
 	    $categories = array();
 	    $catids = wp_get_post_categories($post_ID);
@@ -1331,7 +1416,7 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		foreach ($posts_list as $entry) {
 
-			$post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']);
+			$post_date = mysql2date('Ymd\TH:i:s\Z', $entry['post_date_gmt']);
 			$categories = array();
 			$catids = wp_get_post_categories($entry['ID']);
 			foreach($catids as $catid) {
@@ -1430,6 +1515,21 @@ class wp_xmlrpc_server extends IXR_Server {
 		$type = $data['type'];
 		$bits = $data['bits'];
 
+		logIO('O', '(MW) Received '.strlen($bits).' bytes');
+
+		if ( !$this->login_pass_ok($user_login, $user_pass) )
+			return $this->error;
+
+		set_current_user(0, $user_login);
+		if ( !current_user_can('upload_files') ) {
+			logIO('O', '(MW) User does not have upload_files capability');
+			$this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));
+			return $this->error;
+		}
+
+		if ( $upload_err = apply_filters( "pre_upload_error", false ) )
+			return new IXR_Error(500, $upload_err);
+
 		if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) {
 			// Get postmeta info on the object.
 			$old_file = $wpdb->get_row("
@@ -1448,21 +1548,6 @@ class wp_xmlrpc_server extends IXR_Server {
 			$name = "wpid{$old_file->ID}-{$filename}";
 		}
 
-		logIO('O', '(MW) Received '.strlen($bits).' bytes');
-
-		if ( !$this->login_pass_ok($user_login, $user_pass) )
-			return $this->error;
-
-		set_current_user(0, $user_login);
-		if ( !current_user_can('upload_files') ) {
-			logIO('O', '(MW) User does not have upload_files capability');
-			$this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));
-			return $this->error;
-		}
-
-		if ( $upload_err = apply_filters( "pre_upload_error", false ) )
-			return new IXR_Error(500, $upload_err);
-
 		$upload = wp_upload_bits($name, $type, $bits, $overwrite);
 		if ( ! empty($upload['error']) ) {
 			$errorString = 'Could not write file ' . $name . ' (' . $upload['error'] . ')';
@@ -1516,7 +1601,7 @@ class wp_xmlrpc_server extends IXR_Server {
 
 		foreach ($posts_list as $entry) {
 
-			$post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']);
+			$post_date = mysql2date('Ymd\TH:i:s\Z', $entry['post_date_gmt']);
 
 			$struct[] = array(
 				'dateCreated' => new IXR_Date($post_date),
@@ -1554,7 +1639,7 @@ class wp_xmlrpc_server extends IXR_Server {
 		$categories_struct = array();
 
 		// FIXME: can we avoid using direct SQL there?
-		if ($cats = $wpdb->get_results("SELECT cat_ID, cat_name FROM $wpdb->categories WHERE (type & " . TAXONOMY_CATEGORY . " != 0)", ARRAY_A)) {
+		if ($cats = $wpdb->get_results("SELECT cat_ID, cat_name FROM $wpdb->categories", ARRAY_A)) {
 			foreach ($cats as $cat) {
 				$struct['categoryId'] = $cat['cat_ID'];
 				$struct['categoryName'] = $cat['cat_name'];