Respect post_ID update when doing multiple add meta AJAX requests. Props mdawaffe. fixes #7170 see #6457 for 2.5

git-svn-id: http://svn.automattic.com/wordpress/branches/2.5@8178 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/admin-ajax.php

@@ -162,9 +162,8 @@ case 'add-category' : // On the Fly
 		if ( $parent ) // Do these all at once in a second
 			continue;
 		$category = get_category( $cat_id );
-		$checked_categories[] = $cat_id;
 		ob_start();
-			dropdown_categories( 0, $category );
+			wp_category_checklist( 0, $cat_id, $checked_categories );
 		$data = ob_get_contents();
 		ob_end_clean();
 		$x->add( array(
@@ -434,7 +433,7 @@ case 'add-meta' :
 	break;
 case 'add-user' :
 	check_ajax_referer( $action );
-	if ( !current_user_can('edit_users') )
+	if ( !current_user_can('create_users') )
 		die('-1');
 	require_once(ABSPATH . WPINC . '/registration.php');
 	if ( !$user_id = add_user() )

wp-admin/async-upload.php

@@ -15,18 +15,33 @@ if ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
 unset($current_user);
 require_once('admin.php');
 
-header('Content-Type: text/plain');
+header('Content-Type: text/plain; charset=' . get_option('blog_charset'));
 
 if ( !current_user_can('upload_files') )
 	wp_die(__('You do not have permission to upload files.'));
 
+// just fetch the detail form for that attachment	
+if ( ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) {
+	echo get_media_item($id);
+	exit;
+}
+
+check_admin_referer('media-form');
+
 $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
 if (is_wp_error($id)) {
 	echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
 	exit;
 }
 
-$type = $_REQUEST['type'];
-echo apply_filters("async_upload_{$type}", $id);
+if ( $_REQUEST['short'] ) {
+	// short form response - attachment ID only
+	echo $id;
+}
+else {
+	// long form response - big chunk o html
+	$type = $_REQUEST['type'];
+	echo apply_filters("async_upload_{$type}", $id);
+}
 
 ?>

wp-admin/comment.php

@@ -141,8 +141,10 @@ case 'deletecomment' :
 	else
 		wp_delete_comment( $comment->comment_ID );
 
-	if ( '' != wp_get_referer() && false == $noredir )
+	if ( '' != wp_get_referer() && false == $noredir && false === strpos(wp_get_referer(), 'comment.php' ) )
 		wp_redirect( wp_get_referer() );
+	else if ( '' != wp_get_original_referer() && false == $noredir )
+		wp_redirect( wp_get_original_referer() );
 	else
 		wp_redirect( get_option('siteurl') . '/wp-admin/edit-comments.php' );
 
@@ -191,10 +193,6 @@ case 'approvecomment' :
 
 	wp_set_comment_status( $comment->comment_ID, 'approve' );
 
-	if ( true == get_option('comments_notify') )
-		wp_notify_postauthor( $comment->comment_ID );
-
-
 	if ( '' != wp_get_referer() && false == $noredir )
 		wp_redirect( wp_get_referer() );
 	else
@@ -227,4 +225,4 @@ default:
 
 include('admin-footer.php');
 
-?>
+?>

wp-admin/css/colors-classic.css

@@ -192,6 +192,10 @@ ul.widget-control-list .sorthelper {
 	border-color: #a3a3a3;
 }
 
+.button[disabled], .button:disabled {
+	background-color: #999;
+}
+
 .tablenav .button-secondary {
 	border-color: #5396c5;
 }

wp-admin/css/colors-fresh.css

@@ -188,6 +188,10 @@ ul.widget-control-list .sorthelper {
 	border-color: #80b5d0;
 }
 
+.button[disabled], .button:disabled {
+	background-color: #999;
+}
+
 .submit input:hover, .button:hover, #edit-slug-buttons a.save:hover {
 	border-color: #535353;
 }

wp-admin/css/dashboard-rtl.css

@@ -13,6 +13,10 @@
 	margin: 1px 0 0 6px;
 }
 
+div.dashboard-widget-holder {
+	float: right;
+}
+
 h3.dashboard-widget-title span {
 	text-align: right;
 	float: right;
@@ -56,6 +60,9 @@ div.dashboard-widget {
 	float:right;
 	margin:0 0 0.2em 0.5em;
 }
+#dashboard_secondary div.dashboard-widget-content ul li {
+	float: right;
+}
 #dashboard_secondary div.dashboard-widget-content ul li a {
 	border-right:0 none;
 	border-left:1px solid #DADADA;

wp-admin/css/global-rtl.css

@@ -0,0 +1,28 @@
+/* styles for use by people extending the WordPress interface */
+.alignleft { float: right; }
+.alignright { float: left; }
+
+.textleft { text-align: right; }
+.textright { text-align: left; }
+
+.widefat td {
+	padding: 7px 10px 9px 15px;
+}
+
+.widefat th {
+	padding: 9px 10px 6px 15px;
+	text-align: right;
+}
+
+.widefat th input {
+	margin: 0 8px 0 0;
+}
+
+.widefat .check-column {
+	text-align: left;
+}
+
+.wrap h2 {
+	margin: 5px -4px 0 0;
+	padding: 0 0 7px 280px;
+}

wp-admin/css/media.css

@@ -91,8 +91,14 @@ tr.image-size label {
 	max-height: 40px;
 }
 
-.filename {
-	display: none;
+.filename.original {
+	float: left;
+}
+.crunching {
+	display: block;
+	line-height: 32px;
+	text-align: right;
+	margin-right: 5px;
 }
 button.dismiss {
 	position: absolute;
@@ -118,27 +124,31 @@ button.dismiss {
 	border-right-width: 3px;
 	border-right-style: solid;
 }
+
+#library-form .progress, #gallery-form .progress {
+	display: none;
+}
+
 .media-item .thumbnail {
 	max-width: 128px;
 	max-height: 128px;
 }
 .media-item .pinkynail {
-	position: absolute;
-	top: 2px;
-	left: 2px;
+	float: left;
+	margin: 2px;
 	height: 32px;
 	max-width: 40px;
 }
 
-tbody.media-item-info tr {
+thead.media-item-info tr {
 	background-color: transparent;
 }
-tbody.media-item-info th, tbody.media-item-info td {
+thead.media-item-info th, thead.media-item-info td {
 	border: none;
 	margin: 0;
 }
 
-.form-table tbody.media-item-info {
+.form-table thead.media-item-info {
 	border: 8px solid #fff;
 }
 
@@ -164,23 +174,14 @@ abbr.required {
 .describe-toggle-on, .describe-toggle-off {
 	display: block;
 	line-height: 36px;
-	z-index: 2;
-	position: absolute;
-	top: 0px;
-	right: 20px;
+	float: right;
+	margin-right: 20px;
 }
 .describe-toggle-off {
 	display: none;
 }
+
 .clickmask {
-	background: transparent;
-	position: absolute;
-	top: 0px;
-	left: 0px;
-	cursor: pointer;
-	border: none;
-	z-index: 3;
-	height: 36px;
 }
 
 .hidden {
@@ -195,6 +196,11 @@ abbr.required {
 #media-upload .media-upload-form p {
 	margin: 0 1em 1em 0;
 }
+
+#media-upload .media-upload-form p.ml-submit {
+	padding: 1em 0;
+}
+
 #media-upload p.help {
 	font-style: italic;
 	font-weight: normal;
@@ -210,17 +216,16 @@ abbr.required {
 }
 
 #media-upload .media-item {
+	position: relative;
 	border-bottom-width: 1px;
 	border-bottom-style: solid;
-	width: 623px;
-	position: relative;
 	min-height: 36px;
+	width: 100%;
 }
-#media-upload .filename {
-	display: block;
+.filename {
 	line-height: 36px;
-	margin-left: 50px;
-	z-index: 2;
+	margin-left: 10px;
+	float: left;
 }
 #media-upload .describe {
 	border-top-width: 1px;
@@ -239,4 +244,19 @@ abbr.required {
 #media-upload tr.image-size {
 	margin-bottom: 1em;
 	height: 3em;
-}
+}
+
+#media-upload #filter {
+	width: 623px;
+}
+
+#media-upload #filter .subsubsub {
+	margin: 8px 0;
+}
+
+#filter .tablenav select {
+	border-style:solid;
+	border-width:1px;
+	padding:2px;
+	vertical-align:top;
+}

wp-admin/css/widgets-rtl.css

@@ -35,16 +35,15 @@ h4.widget-title a {
 }
 li.widget-list-control-item h4.widget-title a, #dragHelper li.widget-list-control-item h4.widget-title a, #draghelper li.widget-list-control-item h4.widget-title a:visited {
 	right:auto;
-	left:2em;
+	left:1em;
 }
 
-li.widget-list-control-item div.widget-control {
-	padding:0 0 0 10px;
-}
 ul.widget-control-list div.widget-control-actions {
 	margin-right:0;
 	margin-left:-10px;
 }
-ul.widget-control-list .widget-title {
-	text-align:right;
+ul.widget-control-list h4.widget-title,
+#dragHelper h4.widget-title {
+	text-align: right;
+	padding: 0.4em 0.8em 0.4em 2.5em;
 }

wp-admin/css/widgets.css

@@ -74,7 +74,6 @@ ul#widget-list li.widget-list-item div.widget-description {
 	font-size: 11px;
 }
 
-
 ul#widget-list li.widget-list-item ul.widget-control-info {
 	display: none;
 }
@@ -96,18 +95,21 @@ div#current-widgets p.submit {
 }
 
 li.widget-list-control-item {
-	margin: 0 0 1em;
+	margin: 1em 0;
 	-moz-border-radius: 3px;
 	-khtml-border-radius: 3px;
 	-webkit-border-radius: 3px;
 	border-radius: 3px;
 }
 
-li.widget-list-control-item h4, #dragHelper li.widget-list-control-item h4, li.widget-sortable h4 {
+li.widget-list-control-item h4, 
+#dragHelper li.widget-list-control-item h4, 
+li.widget-sortable h4 {
 	margin: 0;
-	padding: 0.4em 2.5em 0.4em 0.8em;
 	cursor: move;
 	font-size: 13px;
+	padding: 0.4em 2.5em 0.4em 0.8em;
+	position: relative;
 	-moz-border-radius: 3px;
 	-khtml-border-radius: 3px;
 	-webkit-border-radius: 3px;
@@ -135,20 +137,20 @@ h4.widget-title a {
 li.widget-list-control-item h4.widget-title a,
 #dragHelper li.widget-list-control-item h4.widget-title a,
 #draghelper li.widget-list-control-item h4.widget-title a:visited {
-	right: 2em;
+	right: 1em;
 }
 
 li.widget-list-control-item h4.widget-title a:hover {
-
 	text-decoration: none;
 	border-bottom: none;
 }
 
 li.widget-list-control-item div.widget-control {
 	display: none;
-	margin: 1em;
-	padding: 0 10px 0 7px; /* Correction for padding, margin, border of inputs */
+	padding: 15px;
 	font-size: 11px;
+	position: relative;
+	background-color: #CFEBF7;
 }
 
 li.widget-list-control-item div.widget-control p {
@@ -157,15 +159,9 @@ li.widget-list-control-item div.widget-control p {
 }
 
 ul.widget-control-list div.widget-control-actions {
-	margin-right: -10px; /* Correction for padding, margin, border of inputs */
-	margin-left: -6px;
 	border-top-width: 1px;
 	border-top-style: solid;
-	padding: 0.5em 0 0.8em;
-}
-
-ul.widget-control-list .widget-title {
-	
+	padding: 0.5em 0 0;
 }
 
 .widget-control-edit {

wp-admin/custom-header.php

@@ -11,17 +11,27 @@ class Custom_Image_Header {
 		$page = add_theme_page(__('Custom Image Header'), __('Custom Image Header'), 'edit_themes', 'custom-header', array(&$this, 'admin_page'));
 
 		add_action("admin_print_scripts-$page", array(&$this, 'js_includes'));
+		add_action("admin_head-$page", array(&$this, 'take_action'), 50);
 		add_action("admin_head-$page", array(&$this, 'js'), 50);
 		add_action("admin_head-$page", $this->admin_header_callback, 51);
 	}
 
-	function js_includes() {
-		wp_enqueue_script('cropper');
-		wp_enqueue_script('colorpicker');
+	function step() {
+		$step = (int) @$_GET['step'];
+		if ( $step < 1 || 3 < $step )
+			$step = 1;
+		return $step;
 	}
 
-	function js() {
+	function js_includes() {
+		$step = $this->step();
+		if ( 1 == $step )
+			wp_enqueue_script('colorpicker');
+		elseif ( 2 == $step )	
+			wp_enqueue_script('cropper');
+	}
 
+	function take_action() {
 		if ( isset( $_POST['textcolor'] ) ) {
 			check_admin_referer('custom-header');
 			if ( 'blank' == $_POST['textcolor'] ) {
@@ -36,48 +46,18 @@ class Custom_Image_Header {
 			check_admin_referer('custom-header');
 			remove_theme_mods();
 		}
-	?>
-<script type="text/javascript">
-
-	function onEndCrop( coords, dimensions ) {
-		$( 'x1' ).value = coords.x1;
-		$( 'y1' ).value = coords.y1;
-		$( 'x2' ).value = coords.x2;
-		$( 'y2' ).value = coords.y2;
-		$( 'width' ).value = dimensions.width;
-		$( 'height' ).value = dimensions.height;
 	}
 
-	// with a supplied ratio
-	Event.observe(
-		window,
-		'load',
-		function() {
-			var xinit = <?php echo HEADER_IMAGE_WIDTH; ?>;
-			var yinit = <?php echo HEADER_IMAGE_HEIGHT; ?>;
-			var ratio = xinit / yinit;
-			var ximg = $('upload').width;
-			var yimg = $('upload').height;
-			if ( yimg < yinit || ximg < xinit ) {
-				if ( ximg / yimg > ratio ) {
-					yinit = yimg;
-					xinit = yinit * ratio;
-				} else {
-					xinit = ximg;
-					yinit = xinit / ratio;
-				}
-			}
-			new Cropper.Img(
-				'upload',
-				{
-					ratioDim: { x: xinit, y: yinit },
-					displayOnInit: true,
-					onEndCrop: onEndCrop
-				}
-			)
-		}
-	);
+	function js() {
+		$step = $this->step();
+		if ( 1 == $step )
+			$this->js_1();
+		elseif ( 2 == $step )
+			$this->js_2();
+	}
 
+	function js_1() { ?>
+<script type="text/javascript">
 	var cp = new ColorPicker();
 
 	function pickColor(color) {
@@ -116,7 +96,7 @@ class Custom_Image_Header {
 		}
 	}
 	function colorDefault() {
-		pickColor('<?php echo HEADER_TEXTCOLOR; ?>');
+		pickColor('#<?php echo HEADER_TEXTCOLOR; ?>');
 	}
 
 	function hide_text() {
@@ -149,6 +129,50 @@ Event.observe( window, 'load', hide_text );
 <?php
 	}
 
+	function js_2() { ?>
+<script type="text/javascript">
+	function onEndCrop( coords, dimensions ) {
+		$( 'x1' ).value = coords.x1;
+		$( 'y1' ).value = coords.y1;
+		$( 'x2' ).value = coords.x2;
+		$( 'y2' ).value = coords.y2;
+		$( 'width' ).value = dimensions.width;
+		$( 'height' ).value = dimensions.height;
+	}
+
+	// with a supplied ratio
+	Event.observe(
+		window,
+		'load',
+		function() {
+			var xinit = <?php echo HEADER_IMAGE_WIDTH; ?>;
+			var yinit = <?php echo HEADER_IMAGE_HEIGHT; ?>;
+			var ratio = xinit / yinit;
+			var ximg = $('upload').width;
+			var yimg = $('upload').height;
+			if ( yimg < yinit || ximg < xinit ) {
+				if ( ximg / yimg > ratio ) {
+					yinit = yimg;
+					xinit = yinit * ratio;
+				} else {
+					xinit = ximg;
+					yinit = xinit / ratio;
+				}
+			}
+			new Cropper.Img(
+				'upload',
+				{
+					ratioDim: { x: xinit, y: yinit },
+					displayOnInit: true,
+					onEndCrop: onEndCrop
+				}
+			)
+		}
+	);
+</script>
+<?php
+	}
+
 	function step_1() {
 		if ( $_GET['updated'] ) { ?>
 <div id="message" class="updated fade">
@@ -252,7 +276,7 @@ Event.observe( window, 'load', hide_text );
 <form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>">
 
 <p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
-<div id="testWrap">
+<div id="testWrap" style="position: relative">
 <img src="<?php echo $url; ?>" id="upload" width="<?php echo $width; ?>" height="<?php echo $height; ?>" />
 </div>
 
@@ -327,19 +351,13 @@ Event.observe( window, 'load', hide_text );
 	}
 
 	function admin_page() {
-		if ( !isset( $_GET['step'] ) )
-			$step = 1;
-		else
-			$step = (int) $_GET['step'];
-
-		if ( 1 == $step ) {
+		$step = $this->step();
+		if ( 1 == $step )
 			$this->step_1();
-		} elseif ( 2 == $step ) {
+		elseif ( 2 == $step )
 			$this->step_2();
-		} elseif ( 3 == $step ) {
+		elseif ( 3 == $step )
 			$this->step_3();
-		}
-
 	}
 
 }

wp-admin/edit-attachment-rows.php

@@ -26,6 +26,10 @@ while (have_posts()) : the_post();
 $class = 'alternate' == $class ? '' : 'alternate';
 global $current_user;
 $post_owner = ( $current_user->ID == $post->post_author ? 'self' : 'other' );
+$att_title = get_the_title();
+if ( empty($att_title) )
+	$att_title = __('(no title)');
+
 ?>
 	<tr id='post-<?php echo $id; ?>' class='<?php echo trim( $class . ' author-' . $post_owner . ' status-' . $post->post_status ); ?>' valign="top">
 
@@ -50,7 +54,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 
 	case 'media':
 		?>
-		<td><strong><a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), get_the_title())); ?>"><?php the_title(); ?></a></strong><br />
+		<td><strong><a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
 		<?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?>
 		<?php do_action('manage_media_media_column', $post->ID); ?>
 		</td>

wp-admin/edit-comments.php

@@ -97,7 +97,7 @@ if ( isset( $_GET['approved'] ) || isset( $_GET['deleted'] ) || isset( $_GET['sp
 <?php
 $status_links = array();
 $num_comments = wp_count_comments();
-$stati = array('moderated' => sprintf(__ngettext('Awaiting Moderation (%s)', 'Awaiting Moderation (%s)', $num_comments->moderated), "<span class='comment-count'>$num_comments->moderated</span>"), 'approved' => _c('Approved|plural'));
+$stati = array('moderated' => sprintf(__ngettext('Awaiting Moderation (%s)', 'Awaiting Moderation (%s)', number_format_i18n($num_comments->moderated) ), "<span class='comment-count'>" . number_format_i18n($num_comments->moderated) . "</span>"), 'approved' => _c('Approved|plural'));
 $class = ( '' === $comment_status ) ? ' class="current"' : '';
 $status_links[] = "<li><a href=\"edit-comments.php\"$class>".__('Show All Comments')."</a>";
 foreach ( $stati as $status => $label ) {

wp-admin/edit-form-advanced.php

@@ -1,4 +1,4 @@
-<?php
+ <?php
 $action = isset($action)? $action : '';
 if ( isset($_GET['message']) )
 	$_GET['message'] = absint( $_GET['message'] );
@@ -54,13 +54,13 @@ $saveasdraft = '<input name="save" type="submit" id="save" class="button" tabind
 <input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" />
 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
-<input type="hidden" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
+<input type="hidden" id="post_author" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
 <input type="hidden" id="post_type" name="post_type" value="<?php echo $post->post_type ?>" />
 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo $post->post_status ?>" />
 <input name="referredby" type="hidden" id="referredby" value="<?php
 if ( !empty($_REQUEST['popupurl']) )
 	echo clean_url(stripslashes($_REQUEST['popupurl']));
-else if ( url_to_postid(wp_get_referer()) == $post_ID && strpos( wp_get_referer(), '/wp-admin/' ) === false )
+else if ( strpos( wp_get_referer(), '/wp-admin/' ) === false && $post_ID && url_to_postid(wp_get_referer()) === $post_ID  )
 	echo 'redo';
 else
 	echo clean_url(stripslashes(wp_get_referer()));
@@ -222,7 +222,7 @@ endif; ?>
 	<p id="category-add" class="wp-hidden-child">
 		<input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _e( 'New category name' ); ?>" tabindex="3" />
 		<?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?>
-		<input type="button" id="category-add-sumbit" class="add:categorychecklist:categorydiv button" value="<?php _e( 'Add' ); ?>" tabindex="3" />
+		<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _e( 'Add' ); ?>" tabindex="3" />
 		<?php wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?>
 		<span id="category-ajax-response"></span>
 	</p>
@@ -233,15 +233,15 @@ endif; ?>
 	<li class="wp-no-js-hidden"><a href="#categories-pop" tabindex="3"><?php _e( 'Most Used' ); ?></a></li>
 </ul>
 
-<div id="categories-all" class="ui-tabs-panel">
-	<ul id="categorychecklist" class="list:category categorychecklist form-no-clear">
-		<?php dropdown_categories(); ?>
+<div id="categories-pop" class="ui-tabs-panel" style="display: none;">
+	<ul id="categorychecklist-pop" class="categorychecklist form-no-clear" >
+		<?php $popular_ids = wp_popular_terms_checklist('category'); ?>
 	</ul>
 </div>
 
-<div id="categories-pop" class="ui-tabs-panel" style="display: none;">
-	<ul id="categorychecklist-pop" class="categorychecklist form-no-clear" >
-		<?php wp_popular_terms_checklist('category'); ?>
+<div id="categories-all" class="ui-tabs-panel">
+	<ul id="categorychecklist" class="list:category categorychecklist form-no-clear">
+		<?php wp_category_checklist($post_ID) ?>
 	</ul>
 </div>
 

wp-admin/edit-form-comment.php

@@ -46,7 +46,7 @@ $time = mysql2date(get_option('time_format'), $comment->comment_date);
 <p class="submit">
 <input type="submit" name="save" value="<?php _e('Save'); ?>" tabindex="4" class="button button-highlighted" />
 <?php
-echo "<a class='submitdelete' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID", 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ) { return true;}return false;\">" . __('Delete comment') . "</a>";
+echo "<a class='submitdelete' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . wp_get_referer(), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ) { return true;}return false;\">" . __('Delete comment') . "</a>";
 ?>
 </p>
 
@@ -95,6 +95,7 @@ echo "<a class='submitdelete' href='" . wp_nonce_url("comment.php?action=deletec
 <input type="hidden" name="c" value="<?php echo $comment->comment_ID ?>" />
 <input type="hidden" name="p" value="<?php echo $comment->comment_post_ID ?>" />
 <input name="referredby" type="hidden" id="referredby" value="<?php echo wp_get_referer(); ?>" />
+<?php wp_original_referer_field(true, 'previous'); ?>
 <input type="hidden" name="noredir" value="1" />
 </div>
 </div>

wp-admin/edit-link-form.php

@@ -118,7 +118,7 @@ if ( ( 'edit' == $action) && current_user_can('manage_links') )
 
 <div id="categories-all" class="ui-tabs-panel">
 	<ul id="categorychecklist" class="list:category categorychecklist form-no-clear">
-		<?php dropdown_link_categories(); ?>
+		<?php wp_link_category_checklist($link_id); ?>
 	</ul>
 </div>
 

wp-admin/edit-page-form.php

@@ -48,7 +48,7 @@ if (isset($mode) && 'bookmarklet' == $mode)
 <input type="hidden" id="post_type" name="post_type" value="<?php echo $post->post_type ?>" />
 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo $post->post_status ?>" />
 <input name="referredby" type="hidden" id="referredby" value="<?php
-if ( url_to_postid(wp_get_referer()) == $post_ID && strpos( wp_get_referer(), '/wp-admin/' ) === false )
+if ( strpos( wp_get_referer(), '/wp-admin/' ) === false && $post_ID && url_to_postid(wp_get_referer()) === $post_ID )
 	echo 'redo';
 else
 	echo clean_url(stripslashes(wp_get_referer()));
@@ -68,14 +68,14 @@ else
 </div>
 
 <div class="inside">
-
 <p><strong><?php _e('Publish Status') ?></strong></p>
 <p>
 <select name='post_status' tabindex='4'>
-<?php if ( current_user_can('publish_posts') ) : ?>
+<?php // Show publish in dropdown if user can publish or if they can re-publish this page ('edit_published_pages')
+// 'publish' option will be selected for published AND private posts (checkbox overrides dropdown)
+if ( current_user_can('publish_pages') OR ( $post->post_status == 'publish' AND current_user_can('edit_page', $post->ID) ) ) : 
+?>
 <option<?php selected( $post->post_status, 'publish' ); selected( $post->post_status, 'private' );?> value='publish'><?php _e('Published') ?></option>
-<?php else: ?>
-<option<?php selected( $post->post_status, 'private' ); ?> value='private'><?php _e('Published') ?></option>
 <?php endif; ?>
 <?php if ( 'future' == $post->post_status ) : ?>
 <option<?php selected( $post->post_status, 'future' ); ?> value='future'><?php _e('Pending') ?></option>
@@ -84,8 +84,10 @@ else
 <option<?php selected( $post->post_status, 'draft' ); ?> value='draft'><?php _e('Unpublished') ?></option>
 </select>
 </p>
-
+<?php if ( current_user_can( 'publish_posts' ) ) : ?> 
 <p><label for="post_status_private" class="selectit"><input id="post_status_private" name="post_status" type="checkbox" value="private" <?php checked($post->post_status, 'private'); ?> tabindex='4' /> <?php _e('Keep this page private') ?></label></p>
+<?php endif; ?>
+
 <?php
 if ($post_ID) {
 	if ( 'future' == $post->post_status ) { // scheduled for publishing at a future date

wp-admin/edit-post-rows.php

@@ -22,6 +22,14 @@
 if ( have_posts() ) {
 $bgcolor = '';
 add_filter('the_title','wp_specialchars');
+
+// Create array of post IDs.
+$post_ids = array();
+foreach ( $wp_query->posts as $a_post )
+	$post_ids[] = $a_post->ID;
+
+$comment_pending_count = get_pending_comments_num($post_ids);
+
 while (have_posts()) : the_post();
 $class = 'alternate' == $class ? '' : 'alternate';
 global $current_user;
@@ -67,7 +75,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 			}
 		}
 		?>
-		<td><abbr title="<?php echo $t_time ?>"><?php echo $h_time ?></abbr></td>
+		<td><abbr title="<?php echo $t_time ?>"><?php echo apply_filters('post_date_column_time', $h_time, $post, $column_name) ?></abbr></td>
 		<?php
 		break;
 	case 'title':
@@ -113,7 +121,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 		?>
 		<td class="num"><div class="post-com-count-wrapper">
 		<?php
-		$left = get_pending_comments_num( $post->ID );
+		$left = isset($comment_pending_count) ? $comment_pending_count[$post->ID] : 0;
 		$pending_phrase = sprintf( __('%s pending'), number_format( $left ) );
 		if ( $left )
 			echo '<strong>';

wp-admin/edit.php

@@ -167,8 +167,12 @@ foreach ($arc_result as $arc_row) {
 </select>
 <?php } ?>
 
-<?php wp_dropdown_categories('show_option_all='.__('View all categories').'&hide_empty=1&hierarchical=1&show_count=1&selected='.$cat);?>
-<?php do_action('restrict_manage_posts'); ?>
+<?php
+$dropdown_options = array('show_option_all' => __('View all categories'), 'hide_empty' => 0, 'hierarchical' => 1,
+	'show_count' => 0, 'orderby' => 'name', 'selected' => $cat);
+wp_dropdown_categories($dropdown_options);
+do_action('restrict_manage_posts');
+?>
 <input type="submit" id="post-query-submit" value="<?php _e('Filter'); ?>" class="button-secondary" />
 
 <?php } ?>

wp-admin/import/blogger.php

@@ -770,7 +770,7 @@ class Blogger_Import {
 				$this->$key = $value;
 
 		if ( isset( $_REQUEST['blog'] ) ) {
-			$blog = is_array($_REQUEST['blog']) ? array_shift( array_keys( $_REQUEST['blog'] ) ) : $_REQUEST['blog'];
+			$blog = is_array($_REQUEST['blog']) ? array_shift( $keys = array_keys( $_REQUEST['blog'] ) ) : $_REQUEST['blog'];
 			$blog = (int) $blog;
 			$result = $this->import_blog( $blog );
 			if ( is_wp_error( $result ) )

wp-admin/import/mt.php

@@ -335,7 +335,7 @@ class MT_Import {
 				else if ( 'ping' == $context )
 					$ping->title = $title;
 			} else if ( 0 === strpos($line, "STATUS:") ) {
-				$status = trim( substr($line, strlen("STATUS:")) );
+				$status = trim( strtolower( substr($line, strlen("STATUS:")) ) );
 				if ( empty($status) )
 					$status = 'publish';
 				$post->post_status = $status;

wp-admin/includes/admin.php

@@ -1,8 +1,5 @@
 <?php
 
-if ( !defined( 'AUTOSAVE_INTERVAL' ) )
-	define( 'AUTOSAVE_INTERVAL', 60 );
-
 require_once(ABSPATH . 'wp-admin/includes/bookmark.php');
 require_once(ABSPATH . 'wp-admin/includes/comment.php');
 require_once(ABSPATH . 'wp-admin/includes/file.php');

wp-admin/includes/class-wp-filesystem-direct.php

@@ -26,8 +26,7 @@ class WP_Filesystem_Direct{
 		return @file($file);
 	}
 	function put_contents($file,$contents,$mode=false,$type=''){
-		$fp=@fopen($file,'w'.$type);
-		if (!$fp)
+		if ( ! ($fp = @fopen($file,'w'.$type)) )
 			return false;
 		@fwrite($fp,$contents);
 		@fclose($fp);
@@ -37,6 +36,9 @@ class WP_Filesystem_Direct{
 	function cwd(){
 		return @getcwd();
 	}
+	function chdir($dir){
+		return @chdir($dir);
+	}
 	function chgrp($file,$group,$recursive=false){
 		if( ! $this->exists($file) )
 			return false;
@@ -45,10 +47,11 @@ class WP_Filesystem_Direct{
 		if( ! $this->is_dir($file) )
 			return @chgrp($file,$group);
 		//Is a directory, and we want recursive
+		$file = trailingslashit($file);
 		$filelist = $this->dirlist($file);
-		foreach($filelist as $filename){
-			$this->chgrp($file.'/'.$filename,$group,$recursive);
-		}
+		foreach($filelist as $filename)
+			$this->chgrp($file . $filename, $group, $recursive);
+
 		return true;
 	}
 	function chmod($file,$mode=false,$recursive=false){
@@ -61,10 +64,11 @@ class WP_Filesystem_Direct{
 		if( ! $this->is_dir($file) )
 			return @chmod($file,$mode);
 		//Is a directory, and we want recursive
+		$file = trailingslashit($file);
 		$filelist = $this->dirlist($file);
-		foreach($filelist as $filename){
-			$this->chmod($file.'/'.$filename,$mode,$recursive);
-		}
+		foreach($filelist as $filename)
+			$this->chmod($file . $filename, $mode, $recursive);
+
 		return true;
 	}
 	function chown($file,$owner,$recursive=false){
@@ -82,12 +86,12 @@ class WP_Filesystem_Direct{
 		return true;
 	}
 	function owner($file){
-		$owneruid=@fileowner($file);
+		$owneruid = @fileowner($file);
 		if( ! $owneruid )
 			return false;
 		if( !function_exists('posix_getpwuid') )
 			return $owneruid;
-		$ownerarray=posix_getpwuid($owneruid);
+		$ownerarray = posix_getpwuid($owneruid);
 		return $ownerarray['name'];
 	}
 	function getchmod($file){
@@ -163,23 +167,23 @@ class WP_Filesystem_Direct{
 		return $newmode;
 	}
 	function group($file){
-		$gid=@filegroup($file);
+		$gid = @filegroup($file);
 		if( ! $gid )
 			return false;
 		if( !function_exists('posix_getgrgid') )
 			return $gid;
-		$grouparray=posix_getgrgid($gid);
+		$grouparray = posix_getgrgid($gid);
 		return $grouparray['name'];
 	}
 
 	function copy($source,$destination,$overwrite=false){
-		if( $overwrite && $this->exists($destination) )
+		if( ! $overwrite && $this->exists($destination) )
 			return false;
 		return copy($source,$destination);
 	}
 
 	function move($source,$destination,$overwrite=false){
-		//Possible to use rename()
+		//Possible to use rename()?
 		if( $this->copy($source,$destination,$overwrite) && $this->exists($destination) ){
 			$this->delete($source);
 			return true;
@@ -188,24 +192,24 @@ class WP_Filesystem_Direct{
 		}
 	}
 
-	function delete($file,$recursive=false){
+	function delete($file, $recursive=false){
 		$file = str_replace('\\','/',$file); //for win32, occasional problems deleteing files otherwise
 
 		if( $this->is_file($file) )
 			return @unlink($file);
-
 		if( !$recursive && $this->is_dir($file) )
 			return @rmdir($file);
 
-		$filelist = $this->dirlist($file);
-		if( ! $filelist )
-			return true; //No files exist, Say we've deleted them
+		//At this point its a folder, and we're in recursive mode
+		$file = trailingslashit($file);
+		$filelist = $this->dirlist($file, true);
 
 		$retval = true;
-		foreach($filelist as $filename=>$fileinfo){
-			if( ! $this->delete($file.'/'.$filename,$recursive) )
-				$retval = false;
-		}
+		if( is_array($filelist) ) //false if no files, So check first.
+			foreach($filelist as $filename=>$fileinfo)
+				if( ! $this->delete($file . $filename, $recursive) )
+					$retval = false;
+
 		if( ! @rmdir($file) )
 			return false;
 		return $retval;
@@ -224,7 +228,7 @@ class WP_Filesystem_Direct{
 	}
 
 	function is_readable($file){
-			return @is_readable($file);
+		return @is_readable($file);
 	}
 
 	function is_writable($file){
@@ -242,15 +246,15 @@ class WP_Filesystem_Direct{
 		return @filesize($file);
 	}
 
-	function touch($file,$time=0,$atime=0){
-		if($time==0)
+	function touch($file, $time = 0, $atime = 0){
+		if($time == 0)
 			$time = time();
-		if($atime==0)
+		if($atime == 0)
 			$atime = time();
 		return @touch($file,$time,$atime);
 	}
 
-	function mkdir($path,$chmod=false,$chown=false,$chgrp=false){
+	function mkdir($path, $chmod = false, $chown = false, $chgrp = false){
 		if( ! $chmod)
 			$chmod = $this->permission;
 
@@ -264,6 +268,7 @@ class WP_Filesystem_Direct{
 	}
 
 	function rmdir($path,$recursive=false){
+		//Currently unused and untested, Use delete() instead.
 		if( ! $recursive )
 			return @rmdir($path);
 		//recursive:
@@ -292,6 +297,8 @@ class WP_Filesystem_Direct{
 			$struc = array();
 			$struc['name'] 		= $entry;
 
+			if( '.' == $struc['name'] || '..' == $struc['name'] )
+				continue; //Do not care about these folders.
 			if( '.' == $struc['name'][0] && !$incdot)
 				continue;
 			if( $limitFile && $struc['name'] != $limitFile)
@@ -307,22 +314,15 @@ class WP_Filesystem_Direct{
 			$struc['lastmod']   = date('M j',$struc['lastmodunix']);
 			$struc['time']    	= date('h:i:s',$struc['lastmodunix']);
 			$struc['type']		= $this->is_dir($path.'/'.$entry) ? 'd' : 'f';
-			if ('d' == $struc['type'] ){
-				$struc['files'] = array();
 
-				if( $incdot ){
-					//We're including the doted starts
-					if( '.' != $struc['name'] && '..' != $struc['name'] ){ //Ok, It isnt a special folder
-						if ($recursive)
-							$struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive);
-					}
-				} else { //No dots
-					if ($recursive)
-						$struc['files'] = $this->dirlist($path.'/'.$struc['name'],$incdot,$recursive);
-				}
+			if ('d' == $struc['type'] ){
+				if( $recursive )
+					$struc['files'] = $this->dirlist($path.'/'.$struc['name'], $incdot, $recursive);
+				else
+					$struc['files'] = array();
 			}
-			//File
-			$ret[$struc['name']] = $struc;
+
+			$ret[ $struc['name'] ] = $struc;
 		}
 		$dir->close();
 		unset($dir);

wp-admin/includes/comment.php

@@ -21,7 +21,7 @@ function edit_comment() {
 	$_POST['comment_content'] = $_POST['content'];
 	$_POST['comment_ID'] = (int) $_POST['comment_ID'];
 
-	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mm') as $timeunit ) {
+	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
 		if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
 			$_POST['edit_date'] = '1';
 			break;
@@ -66,9 +66,28 @@ function get_comment_to_edit( $id ) {
 
 function get_pending_comments_num( $post_id ) {
 	global $wpdb;
-	$post_id = (int) $post_id;
-	$pending = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '0'" );
-	return $pending;
+
+	$single = false;
+	if ( !is_array($post_id) ) {
+		$post_id = (array) $post_id;
+		$single = true;
+	}
+	$post_id = array_map('intval', $post_id);
+	$post_id = "'" . implode("', '", $post_id) . "'";
+
+	$pending = $wpdb->get_results( "SELECT comment_post_ID, COUNT(comment_ID) as num_comments FROM $wpdb->comments WHERE comment_post_ID IN ( $post_id ) AND comment_approved = '0' GROUP BY comment_post_ID", ARRAY_N );
+
+	if ( empty($pending) )
+		return 0;
+
+	if ( $single )
+		return $pending[0][1];
+
+	$pending_keyed = array();
+	foreach ( $pending as $pend )
+		$pending_keyed[$pend[0]] = $pend[1];
+
+	return $pending_keyed;
 }
 
 // Add avatars to relevant places in admin, or try to
@@ -93,4 +112,4 @@ if ( is_admin() && ('edit-comments.php' == $pagenow || 'edit.php' == $pagenow) )
 		add_filter( 'comment_author', 'floated_admin_avatar' );
 }
 
-?>
+?>

wp-admin/includes/dashboard.php

@@ -4,7 +4,8 @@
 function wp_dashboard_setup() {
 	global $wpdb, $wp_dashboard_sidebars;
 	$update = false;
-	if ( !$widget_options = get_option( 'dashboard_widget_options' ) )
+	$widget_options = get_option( 'dashboard_widget_options' );
+	if ( !$widget_options || !is_array($widget_options) )
 		$widget_options = array();
 
 
@@ -22,7 +23,9 @@ function wp_dashboard_setup() {
 	/* Register Widgets and Controls */
 
 	// Recent Comments Widget
-	if ( current_user_can( 'moderate_comments' ) && $mod_comments = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'") ) {
+	$mod_comments = wp_count_comments();
+	$mod_comments = $mod_comments->moderated;
+	if ( current_user_can( 'moderate_comments' ) && $mod_comments ) {
 		$notice = sprintf( __ngettext( '%d comment awaiting moderation', '%d comments awaiting moderation', $mod_comments ), $mod_comments );
 		$notice = "<a href='edit-comments.php?comment_status=moderated'>$notice</a>";
 	} else {
@@ -213,11 +216,11 @@ function wp_dashboard_dynamic_sidebar_params( $params ) {
 			$wp_registered_widgets[$widget_id]['callback'] = 'wp_dashboard_empty';
 			$sidebar_widget_name = $wp_registered_widget_controls[$widget_id]['name'];
 			$params[1] = 'wp_dashboard_trigger_widget_control';
-			$sidebar_before_widget .= '<form action="' . remove_query_arg( 'edit' )  . '" method="post">';
+			$sidebar_before_widget .= '<form action="' . clean_url(remove_query_arg( 'edit' ))  . '" method="post">';
 			$sidebar_after_widget   = "<div class='dashboard-widget-submit'><input type='hidden' name='sidebar' value='wp_dashboard' /><input type='hidden' name='widget_id' value='$widget_id' /><input type='submit' value='" . __( 'Save' ) . "' /></div></form>$sidebar_after_widget";
-			$links[] = '<a href="' . remove_query_arg( 'edit' ) . '">' . __( 'Cancel' ) . '</a>';
+			$links[] = '<a href="' . clean_url(remove_query_arg( 'edit' )) . '">' . __( 'Cancel' ) . '</a>';
 		} else {
-			$links[] = '<a href="' . add_query_arg( 'edit', $widget_id ) . "#$widget_id" . '">' . __( 'Edit' ) . '</a>';
+			$links[] = '<a href="' . clean_url(add_query_arg( 'edit', $widget_id )) . "#$widget_id" . '">' . __( 'Edit' ) . '</a>';
 		}
 	}
 

wp-admin/includes/file.php

@@ -56,22 +56,6 @@ function get_temp_dir() {
 	return '/tmp/';
 }
 
-function validate_file( $file, $allowed_files = '' ) {
-	if ( false !== strpos( $file, '..' ))
-		return 1;
-
-	if ( false !== strpos( $file, './' ))
-		return 1;
-
-	if (':' == substr( $file, 1, 1 ))
-		return 2;
-
-	if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )
-		return 3;
-
-	return 0;
-}
-
 function validate_file_to_edit( $file, $allowed_files = '' ) {
 	$file = stripslashes( $file );
 
@@ -172,8 +156,9 @@ function wp_handle_upload( &$file, $overrides = false ) {
 
 	// Move the file to the uploads dir
 	$new_file = $uploads['path'] . "/$filename";
-	if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) )
-		wp_die( printf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ));
+	if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) ) {
+		return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) );
+	}
 
 	// Set correct file permissions
 	$stat = stat( dirname( $new_file ));

wp-admin/includes/image.php

@@ -235,7 +235,7 @@ function wp_read_image_metadata( $file ) {
 
 	// fetch additional info from exif if available
 	if ( is_callable('exif_read_data') && in_array($sourceImageType, apply_filters('wp_read_image_metadata_types', array(IMAGETYPE_JPEG, IMAGETYPE_TIFF_II, IMAGETYPE_TIFF_MM)) ) ) {
-		$exif = exif_read_data( $file );
+		$exif = @exif_read_data( $file );
 		if (!empty($exif['FNumber']))
 			$meta['aperture'] = round( wp_exif_frac2dec( $exif['FNumber'] ), 2 );
 		if (!empty($exif['Model']))

wp-admin/includes/media.php

@@ -41,8 +41,8 @@ function the_media_upload_tabs() {
 			if ( $current == $callback )
 				$class = " class='current'";
 			$href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false));
-			$link = "<a href='$href'$class>$text</a>";
-			echo "\t<li id='tab-$callback'>$link</li>\n";
+			$link = "<a href='" . clean_url($href) . "'$class>$text</a>";
+			echo "\t<li id='" . attribute_escape("tab-$callback") . "'>$link</li>\n";
 		}
 		echo "</ul>\n";
 	}
@@ -55,9 +55,9 @@ function get_image_send_to_editor($id, $alt, $title, $align, $url='', $rel = fal
 	$rel = $rel ? ' rel="attachment wp-att-'.attribute_escape($id).'"' : '';
 
 	if ( $url )
-		$html = "<a href='".attribute_escape($url)."'$rel>$html</a>";
+		$html = '<a href="' . clean_url($url) . "\"$rel>$html</a>";
 
-	$html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url );
+	$html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size );
 
 	return $html;
 }
@@ -180,7 +180,7 @@ add_action( 'media_buttons', 'media_buttons' );
 function media_buttons_head() {
 $siteurl = get_option('siteurl');
 echo "<style type='text/css' media='all'>
-	@import '{$siteurl}/wp-includes/js/thickbox/thickbox.css?1';
+	@import '{$siteurl}/wp-includes/js/thickbox/thickbox.css?ver=20080430';
 	div#TB_title {
 		background-color: #222222;
 		color: #cfcfcf;
@@ -188,6 +188,9 @@ echo "<style type='text/css' media='all'>
 	div#TB_title a, div#TB_title a:visited {
 		color: #cfcfcf;
 	}
+	#TB_window {
+		top: 20px;
+	}
 </style>\n";
 }
 
@@ -202,18 +205,6 @@ add_action('media_upload_media', 'media_upload_handler');
 function media_upload_form_handler() {
 	check_admin_referer('media-form');
 
-	// Insert media button was clicked
-	if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
-		// Upload File button was clicked
-
-		$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
-
-		if ( is_wp_error($id) ) {
-			$errors['upload_error'] = $id;
-			$id = false;
-		}
-	}
-
 	if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
 		$post = $_post = get_post($attachment_id, ARRAY_A);
 		if ( isset($attachment['post_content']) )
@@ -590,8 +581,9 @@ function get_attachment_fields_to_edit($post, $errors = null) {
 }
 
 function get_media_items( $post_id, $errors ) {
-	if ( $post_id && $post = get_post($post_id) ) {
-		if ( $post->post_type == 'attachment' )
+	if ( $post_id ) {
+		$post = get_post($post_id);
+		if ( $post && $post->post_type == 'attachment' )
 			$attachments = array($post->ID => $post);
 		else
 			$attachments = get_children("post_parent=$post_id&post_type=attachment&orderby=menu_order ASC, ID&order=DESC");
@@ -606,7 +598,7 @@ function get_media_items( $post_id, $errors ) {
 
 	foreach ( $attachments as $id => $attachment )
 		if ( $item = get_media_item( $id, array( 'errors' => isset($errors[$id]) ? $errors[$id] : null) ) )
-			$output .= "\n<div id='media-item-$id' class='media-item child-of-$attachment->post_parent preloaded'><div id='media-upload-error-$id'></div><div class='filename'></div><div class='progress'><div class='bar'></div></div>$item<div class='progress clickmask'></div>\n</div>";
+			$output .= "\n<div id='media-item-$id' class='media-item child-of-$attachment->post_parent preloaded'><div class='progress'><div class='bar'></div></div><div id='media-upload-error-$id'></div><div class='filename'></div>$item\n</div>";
 
 	return $output;
 }
@@ -643,7 +635,7 @@ function get_media_item( $attachment_id, $args = null ) {
 	if ( isset($post_mime_types) ) {
 		$keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type));
 		$type = array_shift($keys);
-		$type = "<input type='hidden' id='type-of-$attachment_id' value='$type' />";
+		$type = "<input type='hidden' id='type-of-$attachment_id' value='" . attribute_escape( $type ) . "' />";
 	}
 
 	$form_fields = get_attachment_fields_to_edit($post, $errors);
@@ -665,15 +657,15 @@ function get_media_item( $attachment_id, $args = null ) {
 	$toggle_links
 	<div class='filename new'>$display_title</div>
 	<table class='slidetoggle describe $class'>
-		<tbody class='media-item-info'>
+		<thead class='media-item-info'>
 		<tr>
 			<td class='A1B1' rowspan='4'><img class='thumbnail' src='$thumb_url' alt='' /></td>
 			<td>$filename</td>
 		</tr>
-		<td>$post->post_mime_type</td></tr>
+		<tr><td>$post->post_mime_type</td></tr>
 		<tr><td>" . mysql2date($post->post_date, get_option('time_format')) . "</td></tr>
-		<tr><td>" . apply_filters('media_meta', '', $post) . "</tr></td>
-		</tbody>
+		<tr><td>" . apply_filters('media_meta', '', $post) . "</td></tr>
+		</thead>
 		<tbody>\n";
 
 	$defaults = array(
@@ -685,7 +677,7 @@ function get_media_item( $attachment_id, $args = null ) {
 
 	$delete_href = wp_nonce_url("post.php?action=delete-post&amp;post=$attachment_id", 'delete-post_' . $attachment_id);
 	if ( $send )
-		$send = "<button type='submit' class='button' value='1' name='send[$attachment_id]'>" . __('Insert into Post') . '</button>';
+		$send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attribute_escape( __( 'Insert into Post' ) ) . "' />";
 	if ( $delete )
 		$delete = "<a href='$delete_href' id='del[$attachment_id]' disabled='disabled' class='delete'>" . __('Delete') . "</button>";
 	if ( ( $send || $delete ) && !isset($form_fields['buttons']) )
@@ -718,9 +710,9 @@ function get_media_item( $attachment_id, $args = null ) {
 		if ( !empty($field[$field['input']]) )
 			$item .= $field[$field['input']];
 		elseif ( $field['input'] == 'textarea' ) {
-			$item .= "<textarea type='text' id='$name' name='$name'>" . wp_specialchars($field['value'], 1) . "</textarea>";
+			$item .= "<textarea type='text' id='$name' name='$name'>" . attribute_escape( $field['value'] ) . "</textarea>";
 		} else {
-			$item .= "<input type='text' id='$name' name='$name' value='" . wp_specialchars($field['value'], 1) . "' />";
+			$item .= "<input type='text' id='$name' name='$name' value='" . attribute_escape( $field['value'] ) . "' />";
 		}
 		if ( !empty($field['helps']) )
 			$item .= "<p class='help'>" . join( "</p>\n<p class='help'>", array_unique((array) $field['helps']) ) . '</p>';
@@ -744,10 +736,11 @@ function get_media_item( $attachment_id, $args = null ) {
 
 	if ( !empty($form_fields['_final']) )
 		$item .= "\t\t<tr class='final'><td colspan='2'>{$form_fields['_final']}</td></tr>\n";
+	$item .= "\t</tbody>\n";
 	$item .= "\t</table>\n";
 
 	foreach ( $hidden_fields as $name => $value )
-		$item .= "\t<input type='hidden' name='$name' id='$name' value='" . wp_specialchars($value, 1) . "' />\n";
+		$item .= "\t<input type='hidden' name='$name' id='$name' value='" . attribute_escape( $value ) . "' />\n";
 
 	return $item;
 }
@@ -775,7 +768,7 @@ function media_upload_form( $errors = null ) {
 	$post_id = intval($_REQUEST['post_id']);
 
 ?>
-<input type='hidden' name='post_id' value='<?php echo $post_id; ?>' />
+<input type='hidden' name='post_id' value='<?php echo (int) $post_id; ?>' />
 <div id="media-upload-notice">
 <?php if (isset($errors['upload_notice']) ) { ?>
 	<?php echo $errors['upload_notice']; ?>
@@ -794,12 +787,14 @@ jQuery(function($){
 			upload_url : "<?php echo attribute_escape( $flash_action_url ); ?>",
 			flash_url : "<?php echo get_option('siteurl').'/wp-includes/js/swfupload/swfupload_f9.swf'; ?>",
 			file_post_name: "async-upload",
-			file_types: "*.*",
+			file_types: "<?php echo apply_filters('upload_file_glob', '*.*'); ?>",
 			post_params : {
 				"post_id" : "<?php echo $post_id; ?>",
 				"auth_cookie" : "<?php echo $_COOKIE[AUTH_COOKIE]; ?>",
+				"_wpnonce" : "<?php echo wp_create_nonce('media-form'); ?>",
 				"type" : "<?php echo $type; ?>",
-				"tab" : "<?php echo $tab; ?>"
+				"tab" : "<?php echo $tab; ?>",
+				"short" : "1"
 			},
 			file_size_limit : "<?php echo wp_max_upload_size(); ?>b",
 			swfupload_element_id : "flash-upload-ui", // id of the element displayed when swfupload is available
@@ -814,7 +809,7 @@ jQuery(function($){
 			file_queue_error_handler : fileQueueError,
 			file_dialog_complete_handler : fileDialogComplete,
 
-			debug: false,
+			debug: false
 		});
 	$("#flash-browse-button").bind( "click", function(){swfu.selectFiles();});
 });
@@ -823,7 +818,7 @@ jQuery(function($){
 
 
 <div id="flash-upload-ui">
-	<p><input id="flash-browse-button" type="button" value="<?php _e('Choose files to upload'); ?>" class="button" /></p>
+	<p><input id="flash-browse-button" type="button" value="<?php echo attribute_escape( __( 'Choose files to upload' ) ); ?>" class="button" /></p>
 	<p><?php _e('After a file has been uploaded, you can add titles and descriptions.'); ?></p>
 </div>
 
@@ -833,7 +828,7 @@ jQuery(function($){
 	<p>
 	<input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attribute_escape(__('Upload')); ?>" /> <a href="#" onClick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
 	</p>
-	<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
+	<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 	<br class="clear" />
 	<?php if ( is_lighttpd_before_150() ): ?>
 	<p><?php _e('If you want to use all capabilities of the uploader, like uploading multiple files at once, please upgrade to lighttpd 1.5.'); ?></p>
@@ -853,7 +848,7 @@ function media_upload_type_form($type = 'file', $errors = null, $id = null) {
 ?>
 
 <form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
-<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
+<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 <?php wp_nonce_field('media-form'); ?>
 <h3><?php _e('From Computer'); ?></h3>
 <?php media_upload_form( $errors ); ?>
@@ -873,7 +868,7 @@ jQuery(function($){
 <div id="media-items">
 <?php echo get_media_items( $id, $errors ); ?>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />
+<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
 
 <?php elseif ( is_callable($callback) ) : ?>
 
@@ -887,7 +882,7 @@ jQuery(function($){
 <?php echo call_user_func($callback); ?>
 </div>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />
+<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
 <?php
 	endif;
 }
@@ -920,11 +915,11 @@ jQuery(function($){
 <div id="media-items">
 <?php echo get_media_items($post_id, $errors); ?>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />
-<input type="submit" class="button insert-gallery" name="insert-gallery" value="<?php _e('Insert gallery into post'); ?>" />
-<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
-<input type="hidden" name="type" value="<?php echo $GLOBALS['type']; ?>" />
-<input type="hidden" name="tab" value="<?php echo $GLOBALS['tab']; ?>" />
+<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
+<input type="submit" class="button insert-gallery" name="insert-gallery" value="<?php echo attribute_escape( __( 'Insert gallery into post' ) ); ?>" />
+<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
+<input type="hidden" name="type" value="<?php echo attribute_escape( $GLOBALS['type'] ); ?>" />
+<input type="hidden" name="tab" value="<?php echo attribute_escape( $GLOBALS['tab'] ); ?>" />
 </form>
 <?php
 }
@@ -951,17 +946,16 @@ function media_upload_library_form($errors) {
 ?>
 
 <form id="filter" action="" method="get">
-<input type="hidden" name="type" value="<?php echo $type; ?>" />
-<input type="hidden" name="tab" value="<?php echo $tab; ?>" />
-<input type="hidden" name="post_id" value="<?php echo $post_id; ?>" />
-<input type="hidden" name="post_mime_type" value="<?php echo wp_specialchars($_GET['post_mime_type'], true); ?>" />
+<input type="hidden" name="type" value="<?php echo attribute_escape( $type ); ?>" />
+<input type="hidden" name="tab" value="<?php echo attribute_escape( $tab ); ?>" />
+<input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" />
+<input type="hidden" name="post_mime_type" value="<?php echo attribute_escape( $_GET['post_mime_type'] ); ?>" />
 
 <div id="search-filter">
 	<input type="text" id="post-search-input" name="s" value="<?php the_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Media' ); ?>" class="button" />
+	<input type="submit" value="<?php echo attribute_escape( __( 'Search Media' ) ); ?>" class="button" />
 </div>
 
-<p>
 <ul class="subsubsub">
 <?php
 $type_links = array();
@@ -977,7 +971,7 @@ if ( empty($_GET['post_mime_type']) && !empty($num_posts[$type]) ) {
 }
 if ( empty($_GET['post_mime_type']) || $_GET['post_mime_type'] == 'all' )
 	$class = ' class="current"';
-$type_links[] = "<li><a href='" . add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false)) . "'$class>".__('All Types')."</a>";
+$type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>";
 foreach ( $post_mime_types as $mime_type => $label ) {
 	$class = '';
 
@@ -987,13 +981,12 @@ foreach ( $post_mime_types as $mime_type => $label ) {
 	if ( wp_match_mime_types($mime_type, $_GET['post_mime_type']) )
 		$class = ' class="current"';
 
-	$type_links[] = "<li><a href='" . add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false)) . "'$class>" . sprintf(__ngettext($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>';
+	$type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(__ngettext($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>';
 }
 echo implode(' | </li>', $type_links) . '</li>';
 unset($type_links);
 ?>
 </ul>
-</p>
 
 <div class="tablenav">
 
@@ -1032,15 +1025,15 @@ foreach ($arc_result as $arc_row) {
 	else
 		$default = '';
 
-	echo "<option$default value='$arc_row->yyear$arc_row->mmonth'>";
-	echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear";
+	echo "<option$default value='" . attribute_escape( $arc_row->yyear . $arc_row->mmonth ) . "'>";
+	echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
 	echo "</option>\n";
 }
 ?>
 </select>
 <?php } ?>
 
-<input type="submit" id="post-query-submit" value="<?php _e('Filter &#187;'); ?>" class="button-secondary" />
+<input type="submit" id="post-query-submit" value="<?php echo attribute_escape( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
 
 </div>
 
@@ -1068,8 +1061,10 @@ jQuery(function($){
 <div id="media-items">
 <?php echo get_media_items(null, $errors); ?>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php _e('Save all changes'); ?>" />
-<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
+<p class="ml-submit">
+<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
+<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
+</p>
 </form>
 <?php
 }

wp-admin/includes/post.php

@@ -62,7 +62,8 @@ function edit_post() {
 
 	if ( 'page' == $_POST['post_type'] ) {
 		if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ))
-			$_POST['post_status'] = 'pending';
+			if ( $previous_status != 'publish' OR !current_user_can( 'edit_published_pages') )
+				$_POST['post_status'] = 'pending';
 	} else {
 		if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ))
 			$_POST['post_status'] = 'pending';
@@ -74,7 +75,7 @@ function edit_post() {
 	if (!isset( $_POST['ping_status'] ))
 		$_POST['ping_status'] = 'closed';
 
-	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mm') as $timeunit ) {
+	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
 		if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
 			$_POST['edit_date'] = '1';
 			break;
@@ -288,7 +289,7 @@ function wp_write_post() {
 	if (!isset( $_POST['ping_status'] ))
 		$_POST['ping_status'] = 'closed';
 
-	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mm') as $timeunit ) {
+	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
 		if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
 			$_POST['edit_date'] = '1';
 			break;
@@ -506,10 +507,9 @@ function _relocate_children( $old_ID, $new_ID ) {
 }
 
 function get_available_post_statuses($type = 'post') {
-	global $wpdb;
+	$stati = wp_count_posts($type);
 
-	$stati = $wpdb->get_col($wpdb->prepare("SELECT DISTINCT post_status FROM $wpdb->posts WHERE post_type = %s", $type));
-	return $stati;
+	return array_keys(get_object_vars($stati));
 }
 
 function wp_edit_posts_query( $q = false ) {

wp-admin/includes/schema.php

@@ -230,7 +230,7 @@ function populate_options() {
 	}
 
 	// 2.0.3
-	add_option('secret', wp_generate_password());
+	add_option('secret', wp_generate_password(64));
 
 	// 2.1
 	add_option('blog_public', '1');

wp-admin/includes/template.php

@@ -55,11 +55,12 @@ function _cat_row( $category, $level, $name_override = false ) {
 	$output = "<tr id='cat-$category->term_id'$class>
 			   <th scope='row' class='check-column'>";
 	if ( absint(get_option( 'default_category' ) ) != $category->term_id ) {
-		$output .= "<input type='checkbox' name='delete[]' value='$category->term_id' /></th>";
+		$output .= "<input type='checkbox' name='delete[]' value='$category->term_id' />";
 	} else {
 		$output .= "&nbsp;";
 	}
-	$output .= "<td>$edit</td>
+	$output .= "</th>
+				<td>$edit</td>
 				<td>$category->description</td>
 				<td class='num'>$posts_count</td>\n\t</tr>\n";
 
@@ -86,11 +87,17 @@ function link_cat_row( $category ) {
 
 	$category->count = number_format_i18n( $category->count );
 	$count = ( $category->count > 0 ) ? "<a href='link-manager.php?cat_id=$category->term_id'>$category->count</a>" : $category->count;
-	$output = "<tr id='link-cat-$category->term_id'$class>" .
-		'<th scope="row" class="check-column"> <input type="checkbox" name="delete[]" value="' . $category->term_id . '" /></th>' .
-		"<td>$edit</td>
-		<td>$category->description</td>
-		<td class='num'>$count</td></tr>";
+	$output = "<tr id='link-cat-$category->term_id'$class>
+			   <th scope='row' class='check-column'>";
+	if ( absint( get_option( 'default_link_category' ) ) != $category->term_id ) {
+		$output .= "<input type='checkbox' name='delete[]' value='$category->term_id' />";
+	} else {
+		$output .= "&nbsp;";
+	}
+	$output .= "</th>
+				<td>$edit</td>
+				<td>$category->description</td>
+				<td class='num'>$count</td></tr>";
 
 	return apply_filters( 'link_cat_row', $output );
 }
@@ -106,93 +113,83 @@ function selected( $selected, $current) {
 }
 
 //
-// Nasty Category Stuff
+// Category Checklists
 //
 
-function sort_cats( $cat1, $cat2 ) {
-	if ( $cat1['checked'] || $cat2['checked'] )
-		return ( $cat1['checked'] && !$cat2['checked'] ) ? -1 : 1;
+// Deprecated. Use wp_link_category_checklist
+function dropdown_categories( $default = 0, $parent = 0, $popular_ids = array() ) {
+	global $post_ID;
+	wp_category_checklist($post_ID);
+}
+
+class Walker_Category_Checklist extends Walker {
+	var $tree_type = 'category';
+	var $db_fields = array ('parent' => 'parent', 'id' => 'term_id'); //TODO: decouple this
+
+	function start_lvl(&$output, $depth, $args) {
+		$indent = str_repeat("\t", $depth);
+		$output .= "$indent<ul class='children'>\n";
+	}
+
+	function end_lvl(&$output, $depth, $args) {
+		$indent = str_repeat("\t", $depth);
+		$output .= "$indent</ul>\n";
+	}
+
+	function start_el(&$output, $category, $depth, $args) {
+		extract($args);
+
+		$class = in_array( $category->term_id, $popular_cats ) ? ' class="popular-category"' : '';
+		$output .= "\n<li id='category-$category->term_id'$class>" . '<label for="in-category-' . $category->term_id . '" class="selectit"><input value="' . $category->term_id . '" type="checkbox" name="post_category[]" id="in-category-' . $category->term_id . '"' . (in_array( $category->term_id, $selected_cats ) ? ' checked="checked"' : "" ) . '/> ' . wp_specialchars( apply_filters('the_category', $category->name )) . '</label>';
+	}
+
+	function end_el(&$output, $category, $depth, $args) {
+		$output .= "</li>\n";
+	}
+}
+
+function wp_category_checklist( $post_id = 0, $descendants_and_self = 0, $selected_cats = false ) {
+	$walker = new Walker_Category_Checklist;
+	$descendants_and_self = (int) $descendants_and_self;
+
+	$args = array();
+	
+	if ( $post_id )
+		$args['selected_cats'] = wp_get_post_categories($post_id);
 	else
-		return strcasecmp( $cat1['cat_name'], $cat2['cat_name'] );
-}
-
-function wp_set_checked_post_categories( $default = 0 ) {
-	global $post_ID, $checked_categories;
-
-	if ( empty($checked_categories) ) {
-		if ( $post_ID ) {
-			$checked_categories = wp_get_post_categories($post_ID);
-
-			if ( count( $checked_categories ) == 0 ) {
-				// No selected categories, strange
-			$checked_categories[] = $default;
-			}
-		} else {
-			$checked_categories[] = $default;
-		}
-	}
-
-}
-function get_nested_categories( $default = 0, $parent = 0 ) {
-	global $checked_categories;
-
-	wp_set_checked_post_categories( $default = 0 );
-
-	if ( is_object($parent) ) { // Hack: if passed a category object, will return nested cats with parent as root
-		$root = array(
-			'children' => get_nested_categories( $default, $parent->term_id ),
-			'cat_ID' => $parent->term_id,
-			'checked' => in_array( $parent->term_id, $checked_categories ),
-			'cat_name' => get_the_category_by_ID( $parent->term_id )
-		);
-		$result = array( $parent->term_id => $root );
+		$args['selected_cats'] = array();
+	if ( is_array( $selected_cats ) )
+		$args['selected_cats'] = $selected_cats;
+	$args['popular_cats'] = get_terms( 'category', array( 'fields' => 'ids', 'orderby' => 'count', 'order' => 'DESC', 'number' => 10, 'hierarchical' => false ) );
+	if ( $descendants_and_self ) {
+		$categories = get_categories( "child_of=$descendants_and_self&hierarchical=0&hide_empty=0" );
+		$self = get_category( $descendants_and_self );
+		array_unshift( $categories, $self );
 	} else {
-		$parent = (int) $parent;
-
-		$cats = get_categories("parent=$parent&hide_empty=0&fields=ids");
-
-		$result = array();
-		if ( is_array( $cats ) ) {
-			foreach ( $cats as $cat ) {
-				$result[$cat]['children'] = get_nested_categories( $default, $cat );
-				$result[$cat]['cat_ID'] = $cat;
-				$result[$cat]['checked'] = in_array( $cat, $checked_categories );
-				$result[$cat]['cat_name'] = get_the_category_by_ID( $cat );
-			}
-		}
+		$categories = get_categories('get=all');
 	}
 
-	$result = apply_filters('get_nested_categories', $result);
-	usort( $result, 'sort_cats' );
+	$args = array($categories, 0, $args);
+	$output = call_user_func_array(array(&$walker, 'walk'), $args);
 
-	return $result;
-}
-
-function write_nested_categories( $categories ) {
-	foreach ( $categories as $category ) {
-		echo "\n", '<li id="category-', $category['cat_ID'], '"><label for="in-category-', $category['cat_ID'], '" class="selectit"><input value="', $category['cat_ID'], '" type="checkbox" name="post_category[]" id="in-category-', $category['cat_ID'], '"', ($category['checked'] ? ' checked="checked"' : "" ), '/> ', wp_specialchars( apply_filters('the_category', $category['cat_name'] )), '</label>';
-
-		if ( $category['children'] ) {
-			echo "\n<ul>";
-			write_nested_categories( $category['children'] );
-			echo "\n</ul>";
-		}
-		echo '</li>';
-	}
-}
-
-function dropdown_categories( $default = 0, $parent = 0 ) {
-	write_nested_categories( get_nested_categories( $default, $parent ) );
+	echo $output;
 }
 
 function wp_popular_terms_checklist( $taxonomy, $default = 0, $number = 10 ) {
-	$categories = get_terms( $taxonomy, array( 'orderby' => 'count', 'order' => 'DESC', 'number' => $number ) );
+	global $post_ID;
+	if ( $post_ID )
+		$checked_categories = wp_get_post_categories($post_ID);
+	else
+		$checked_categories = array();
+	$categories = get_terms( $taxonomy, array( 'orderby' => 'count', 'order' => 'DESC', 'number' => $number, 'hierarchical' => false ) );
 
+	$popular_ids = array();
 	foreach ( (array) $categories as $category ) {
+		$popular_ids[] = $category->term_id;
 		$id = "popular-category-$category->term_id";
 		?>
 
-		<li id="<?php echo $id; ?>" >
+		<li id="<?php echo $id; ?>" class="popular-category">
 			<label class="selectit" for="in-<?php echo $id; ?>">
 			<input id="in-<?php echo $id; ?>" type="checkbox" value="<?php echo (int) $category->term_id; ?>" />
 				<?php echo wp_specialchars( apply_filters( 'the_category', $category->name ) ); ?>
@@ -201,11 +198,17 @@ function wp_popular_terms_checklist( $taxonomy, $default = 0, $number = 10 ) {
 
 		<?php
 	}
+	return $popular_ids;
 }
 
+// Deprecated. Use wp_link_category_checklist
 function dropdown_link_categories( $default = 0 ) {
 	global $link_id;
 
+	wp_link_category_checklist($link_id);
+}
+
+function wp_link_category_checklist( $link_id = 0 ) {
 	if ( $link_id ) {
 		$checked_categories = wp_get_link_cats($link_id);
 
@@ -585,7 +588,7 @@ function _wp_get_comment_list( $status = '', $s = false, $start, $num ) {
 	elseif ( 'spam' == $status )
 		$approved = "comment_approved = 'spam'";
 	else
-		$approved = "comment_approved != 'spam'";
+		$approved = "( comment_approved = '0' OR comment_approved = '1' )";
 
 	if ( $s ) {
 		$s = $wpdb->escape($s);
@@ -820,7 +823,7 @@ function meta_form() {
 	</tr>
 <tr class="submit"><td colspan="3">
 	<?php wp_nonce_field( 'add-meta', '_ajax_nonce', false ); ?>
-	<input type="submit" id="addmetasub" name="addmeta" class="add:the-list:newmeta::post_id=<?php echo $GLOBALS['post_ID'] ? $GLOBALS['post_ID'] : $GLOBALS['temp_ID']; ?>" tabindex="9" value="<?php _e( 'Add Custom Field' ) ?>" />
+	<input type="submit" id="addmetasub" name="addmeta" class="add:the-list:newmeta" tabindex="9" value="<?php _e( 'Add Custom Field' ) ?>" />
 </td></tr>
 </table>
 <?php
@@ -1049,7 +1052,7 @@ function add_meta_box($id, $title, $callback, $page, $context = 'advanced') {
 	if ( !isset($wp_meta_boxes[$page][$context]) )
 		$wp_meta_boxes[$page][$context] = array();
 
-	$wp_meta_boxes[$page][$context][] = array('id' => $id, 'title' => $title, 'callback' => $callback);
+	$wp_meta_boxes[$page][$context][$id] = array('id' => $id, 'title' => $title, 'callback' => $callback);
 }
 
 function do_meta_boxes($page, $context, $object) {

wp-admin/includes/upgrade.php

@@ -62,13 +62,13 @@ function wp_install_defaults($user_id) {
 
 	// Default category
 	$cat_name = $wpdb->escape(__('Uncategorized'));
-	$cat_slug = sanitize_title(__('Uncategorized'));
+	$cat_slug = sanitize_title(_c('Uncategorized|Default category slug'));
 	$wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')");
 	$wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('1', 'category', '', '0', '1')");
 
 	// Default link category
 	$cat_name = $wpdb->escape(__('Blogroll'));
-	$cat_slug = sanitize_title(__('Blogroll'));
+	$cat_slug = sanitize_title(_c('Blogroll|Default link category slug'));
 	$wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')");
 	$wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('2', 'link_category', '', '0', '7')");
 
@@ -98,7 +98,7 @@ function wp_install_defaults($user_id) {
 	$now = date('Y-m-d H:i:s');
 	$now_gmt = gmdate('Y-m-d H:i:s');
 	$first_post_guid = get_option('home') . '/?p=1';
-	$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, comment_count, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(__('hello-world'))."', '$now', '$now_gmt', '$first_post_guid', '1', '', '', '')");
+	$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, comment_count, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(_c('hello-world|Default post slug'))."', '$now', '$now_gmt', '$first_post_guid', '1', '', '', '')");
 	$wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 1)" );
 
 	// Default comment
@@ -106,7 +106,7 @@ function wp_install_defaults($user_id) {
 
 	// First Page
 	$first_post_guid = get_option('home') . '/?page_id=2';
-	$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, post_status, post_type, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt','$first_post_guid', 'publish', 'page', '', '', '')");
+	$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, post_status, post_type, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(_c('about|Default page slug'))."', '$now', '$now_gmt','$first_post_guid', 'publish', 'page', '', '', '')");
 }
 endif;
 
@@ -202,6 +202,12 @@ function upgrade_all() {
 	if ( $wp_current_db_version < 7499 )
 		upgrade_250();
 
+	if ( $wp_current_db_version < 7796 )
+		upgrade_251();
+
+	if ( $wp_current_db_version < 7935 )
+		upgrade_252();
+
 	maybe_disable_automattic_widgets();
 
 	$wp_rewrite->flush_rules();
@@ -729,6 +735,19 @@ function upgrade_250() {
 	
 }
 
+function upgrade_251() {
+	global $wp_current_db_version;
+
+	// Make the secret longer
+	update_option('secret', wp_generate_password(64));
+}
+
+function upgrade_252() {
+	global $wpdb;
+
+	$wpdb->query("UPDATE $wpdb->users SET user_activation_key = ''");
+}
+
 // The functions we use to actually do stuff
 
 // General

wp-admin/includes/widgets.php

@@ -21,7 +21,7 @@ function wp_list_widgets( $show = 'all', $_search = false ) {
 		$no_widgets_shown = true;
 		$already_shown = array();
 		foreach ( $wp_registered_widgets as $name => $widget ) :
-			if ( in_array( $widget['callback'], $already_shown ) ) // We already showed this multi-widget
+			if ( 'all' == $show && in_array( $widget['callback'], $already_shown ) ) // We already showed this multi-widget
 				continue;
 
 			if ( $search_terms ) {
@@ -47,7 +47,7 @@ function wp_list_widgets( $show = 'all', $_search = false ) {
 				continue;
 
 			ob_start();
-				$args = wp_list_widget_controls_dynamic_sidebar( array( 0 => array( 'widget_id' => $widget['id'], 'widget_name' => $widget['name'], '_display' => 'template' ) ) );
+				$args = wp_list_widget_controls_dynamic_sidebar( array( 0 => array( 'widget_id' => $widget['id'], 'widget_name' => $widget['name'], '_display' => 'template', '_show' => $show ), 1 => $widget['params'][0] ) );
 				$sidebar_args = call_user_func_array( 'wp_widget_control', $args );
 			$widget_control_template = ob_get_contents();
 			ob_end_clean();
@@ -61,7 +61,7 @@ function wp_list_widgets( $show = 'all', $_search = false ) {
 					'key' => false,
 					'edit' => false
 				);
-				if ( $is_multi ) {
+				if ( 'all' == $show && $is_multi ) {
 					// it's a multi-widget.  We only need to show it in the list once.
 					$already_shown[] = $widget['callback'];
 					$num = (int) array_pop( explode( '-', $widget['id'] ) );
@@ -76,7 +76,7 @@ function wp_list_widgets( $show = 'all', $_search = false ) {
 				}
 				$add_query['add'] = $widget['id'];
 				$action = 'add';
-				$add_url = wp_nonce_url( add_query_arg( $add_query ), "add-widget_$widget[id]" );
+				$add_url = clean_url( wp_nonce_url( add_query_arg( $add_query ), "add-widget_$widget[id]" ) );
 			} else {
 				$action = 'edit';
 				$edit_url = clean_url( add_query_arg( array(
@@ -92,12 +92,17 @@ function wp_list_widgets( $show = 'all', $_search = false ) {
 
 			$no_widgets_shown = false;
 
+
+			if ( 'all' != $show && $sidebar_args['_widget_title'] )
+				$widget_title = $sidebar_args['_widget_title'];
+			else
+				$widget_title = $widget['name'];
 		?>
 
 		<li id="widget-list-item-<?php echo attribute_escape( $widget['id'] ); ?>" class="widget-list-item">
 			<h4 class="widget-title widget-draggable">
 
-				<?php echo wp_specialchars( $widget['name'] ); ?>
+				<?php echo $widget_title; ?>
 
 				<?php if ( 'add' == $action ) : ?>
 
@@ -192,7 +197,7 @@ function wp_widget_control( $sidebar_args ) {
 
 	$id_format = $widget['id'];
 	// We aren't showing a widget control, we're outputing a template for a mult-widget control
-	if ( 'template' == $sidebar_args['_display'] && isset($control['params'][0]['number']) ) {
+	if ( 'all' == $sidebar_args['_show'] && 'template' == $sidebar_args['_display'] && isset($control['params'][0]['number']) ) {
 		// number == -1 implies a template where id numbers are replaced by a generic '%i%'
 		$control['params'][0]['number'] = -1;
 		// if given, id_base means widget id's should be constructed like {$id_base}-{$id_number}
@@ -202,7 +207,7 @@ function wp_widget_control( $sidebar_args ) {
 
 	$widget_title = '';
 	// We grab the normal widget output to find the widget's title
-	if ( is_callable( $widget['_callback'] ) ) {
+	if ( ( 'all' != $sidebar_args['_show'] || 'template' != $sidebar_args['_display'] ) && is_callable( $widget['_callback'] ) ) {
 		ob_start();
 		$args = func_get_args();
 		call_user_func_array( $widget['_callback'], $args );
@@ -212,19 +217,22 @@ function wp_widget_control( $sidebar_args ) {
 	$wp_registered_widgets[$widget_id]['callback'] = $wp_registered_widgets[$widget_id]['_callback'];
 	unset($wp_registered_widgets[$widget_id]['_callback']);
 
-	if ( $widget_title && $widget_title != $control['name'] )
+	if ( $widget_title && $widget_title != $sidebar_args['widget_name'] )
 		$widget_title = sprintf( _c('%1$s: %2$s|1: widget name, 2: widget title' ), $sidebar_args['widget_name'], $widget_title );
 	else
 		$widget_title = wp_specialchars( strip_tags( $sidebar_args['widget_name'] ) );
 
+	$sidebar_args['_widget_title'] = $widget_title;
+
 	if ( empty($sidebar_args['_display']) || 'template' != $sidebar_args['_display'] )
 		echo $sidebar_args['before_widget'];
 ?>
+		<div class="widget-top">
 		<h4 class="widget-title"><?php echo $widget_title ?>
 
 			<?php if ( $edit ) : ?>
 
-			<a class="widget-action widget-control-edit" href="<?php echo remove_query_arg( array( 'edit', 'key' ) ); ?>"><?php _e('Cancel'); ?></a>
+			<a class="widget-action widget-control-edit" href="<?php echo clean_url( remove_query_arg( array( 'edit', 'key' ) ) ); ?>"><?php _e('Cancel'); ?></a>
 
 			<?php else : ?>
 
@@ -232,7 +240,7 @@ function wp_widget_control( $sidebar_args ) {
 
 			<?php endif; ?>
 
-		</h4>
+		</h4></div>
 
 		<div class="widget-control"<?php if ( $edit ) echo ' style="display: block;"'; ?>>
 
@@ -270,7 +278,8 @@ function wp_widget_control_ob_filter( $string ) {
 	if ( false === $end = strpos( $string, '%END_OF_TITLE%' ) )
 		return '';
 	$string = substr( $string, $beg + 14 , $end - $beg - 14);
-	return wp_specialchars( strip_tags( $string ) );
+	$string = str_replace( '&nbsp;', ' ', $string );
+	return trim( wp_specialchars( strip_tags( $string ) ) );
 }
 
 function widget_css() {

wp-admin/index.php

@@ -9,12 +9,18 @@ wp_dashboard_setup();
 function index_js() {
 ?>
 <script type="text/javascript">
-	jQuery(function() {
-		jQuery('#dashboard_incoming_links div.dashboard-widget-content').not( '.dashboard-widget-control' ).find( '.widget-loading' ).parent().load('index-extra.php?jax=incominglinks');
-		jQuery('#dashboard_primary div.dashboard-widget-content').not( '.dashboard-widget-control' ).find( '.widget-loading' ).parent().load('index-extra.php?jax=devnews');
-		jQuery('#dashboard_secondary div.dashboard-widget-content').not( '.dashboard-widget-control' ).find( '.widget-loading' ).parent().load('index-extra.php?jax=planetnews');
-		jQuery('#dashboard_plugins div.dashboard-widget-content').not( '.dashboard-widget-control' ).find( '.widget-loading' ).parent().load('index-extra.php?jax=plugins');
-	});
+jQuery(function($) {
+	var ajaxWidgets = {
+		dashboard_incoming_links: 'incominglinks',
+		dashboard_primary: 'devnews',
+		dashboard_secondary: 'planetnews',
+		dashboard_plugins: 'plugins'
+	};
+	$.each( ajaxWidgets, function(i,a) {
+		var e = jQuery('#' + i + ' div.dashboard-widget-content').not('.dashboard-widget-control').find('.widget-loading');
+		if ( e.size() ) { e.parent().load('index-extra.php?jax=' + a); }
+	} );
+});
 </script>
 <?php
 }
@@ -98,7 +104,7 @@ $sentence = apply_filters( 'dashboard_count_sentence', $sentence, $post_type_tex
 <?php
 $ct = current_theme_info();
 $sidebars_widgets = wp_get_sidebars_widgets();
-$num_widgets = array_reduce( $sidebars_widgets, create_function( '$prev, $curr', 'return $prev+count($curr);' ) );
+$num_widgets = array_reduce( $sidebars_widgets, create_function( '$prev, $curr', 'return $prev+count($curr);' ), 0 );
 $widgets_text = sprintf( __ngettext( '%d widget', '%d widgets', $num_widgets ), $num_widgets );
 if ( $can_switch_themes = current_user_can( 'switch_themes' ) )
 	$widgets_text = "<a href='widgets.php'>$widgets_text</a>";

wp-admin/js/editor.js

@@ -13,7 +13,7 @@ wpEditorInit = function() {
 switchEditors = {
 
     saveCallback : function(el, content, body) {
-    
+
         document.getElementById(el).style.color = '#fff';
         if ( tinyMCE.activeEditor.isHidden() ) 
             content = document.getElementById(el).value;
@@ -26,8 +26,14 @@ switchEditors = {
     pre_wpautop : function(content) {
         // We have a TON of cleanup to do. Line breaks are already stripped.
 
+        // Protect pre|script tags
+        content = content.replace(/<(pre|script)[^>]*>[\s\S]+?<\/\1>/g, function(a) {
+            a = a.replace(/<br ?\/?>[\r\n]*/g, '<wp_temp>');
+            return a.replace(/<\/?p( [^>]*)?>[\r\n]*/g, '<wp_temp>');
+        });
+
         // Pretty it up for the source editor
-        var blocklist1 = 'blockquote|ul|ol|li|table|thead|tbody|tr|th|td|div|h[1-6]|pre|p';
+        var blocklist1 = 'blockquote|ul|ol|li|table|thead|tbody|tr|th|td|div|h[1-6]|p';
         content = content.replace(new RegExp('\\s*</('+blocklist1+')>\\s*', 'mg'), '</$1>\n');
         content = content.replace(new RegExp('\\s*<(('+blocklist1+')[^>]*)>', 'mg'), '\n<$1>');
 
@@ -46,7 +52,7 @@ switchEditors = {
         // Fix some block element newline issues
         content = content.replace(new RegExp('\\s*<div', 'mg'), '\n<div');
         content = content.replace(new RegExp('</div>\\s*', 'mg'), '</div>\n');
-        
+
         var blocklist2 = 'blockquote|ul|ol|li|table|thead|tr|th|td|h[1-6]|pre';
         content = content.replace(new RegExp('\\s*<(('+blocklist2+') ?[^>]*)\\s*>', 'mg'), '\n<$1>');
         content = content.replace(new RegExp('\\s*</('+blocklist2+')>\\s*', 'mg'), '</$1>\n');
@@ -65,6 +71,9 @@ switchEditors = {
         content = content.replace(new RegExp('^\\s*', ''), '');
         content = content.replace(new RegExp('\\s*$', ''), '');
 
+        // put back the line breaks in pre|script
+        content = content.replace(/<wp_temp>/g, '\n');
+
         // Hope.
         return content;
     },
@@ -109,7 +118,7 @@ switchEditors = {
 				ec.style.padding = '6px';
             }
 
-			ta.style.color = '';
+            ta.style.color = '';
             this.wpSetDefaultEditor('html');
         }
     },
@@ -148,15 +157,21 @@ switchEditors = {
         pee = pee.replace(new RegExp('<p>\\s*?</p>', 'gi'), '');
         pee = pee.replace(new RegExp('<p>\\s*(</?(?:'+blocklist+')[^>]*>)\\s*</p>', 'gi'), "$1");
         pee = pee.replace(new RegExp("<p>(<li.+?)</p>", 'gi'), "$1");
-        pee = pee.replace(new RegExp('<p><blockquote([^>]*)>', 'gi'), "<blockquote$1><p>");
-        pee = pee.replace(new RegExp('</blockquote></p>', 'gi'), '</p></blockquote>');
+        pee = pee.replace(new RegExp('<p>\\s*<blockquote([^>]*)>', 'gi'), "<blockquote$1><p>");
+        pee = pee.replace(new RegExp('</blockquote>\\s*</p>', 'gi'), '</p></blockquote>');
         pee = pee.replace(new RegExp('<p>\\s*(</?(?:'+blocklist+')[^>]*>)', 'gi'), "$1");
         pee = pee.replace(new RegExp('(</?(?:'+blocklist+')[^>]*>)\\s*</p>', 'gi'), "$1");
         pee = pee.replace(new RegExp('\\s*\\n', 'gi'), "<br />\n");
         pee = pee.replace(new RegExp('(</?(?:'+blocklist+')[^>]*>)\\s*<br />', 'gi'), "$1");
         pee = pee.replace(new RegExp('<br />(\\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)>)', 'gi'), '$1');
-        pee = pee.replace(new RegExp('^((?:&nbsp;)*)\\s', 'mg'), '$1&nbsp;');
-        //pee = pee.replace(new RegExp('(<pre.*?>)(.*?)</pre>!ise', " stripslashes('$1') .  stripslashes(clean_pre('$2'))  . '</pre>' "); // Hmm...
-        return pee;
+        // pee = pee.replace(new RegExp('^((?:&nbsp;)*)\\s', 'mg'), '$1&nbsp;');
+
+        // Fix the pre|script tags	   
+        pee = pee.replace(/<(pre|script)[^>]*>[\s\S]+?<\/\1>/g, function(a) {
+			a = a.replace(/<br ?\/?>[\r\n]*/g, '\n');
+			return a.replace(/<\/?p( [^>]*)?>[\r\n]*/g, '\n');
+        });
+
+	    return pee;
     }
 }

wp-admin/js/link.js

@@ -1,4 +1,7 @@
 jQuery(document).ready( function() {
+	// close postboxes that should be closed
+	jQuery('.if-js-closed').removeClass('if-js-closed').addClass('closed');
+
 	jQuery('#link_name').focus();
 	// postboxes
 	add_postbox_toggles('link');

wp-admin/js/media-upload.js

@@ -1,12 +1,39 @@
 // send html to the post editor
 function send_to_editor(h) {
-	var win = window.opener ? window.opener : window.dialogArguments;
-	if ( !win )
-		win = top;
+	var win = window.dialogArguments || opener || parent || top;
+
 	tinyMCE = win.tinyMCE;
 	if ( typeof tinyMCE != 'undefined' && ( ed = tinyMCE.getInstanceById('content') ) && !ed.isHidden() ) {
 		tinyMCE.selectedInstance.getWin().focus();
 		tinyMCE.execCommand('mceInsertContent', false, h);
 	} else
 		win.edInsertContent(win.edCanvas, h);
-}
+}
+
+// thickbox settings
+jQuery(function($) {
+	tb_position = function() {
+		var tbWindow = $('#TB_window');
+		var width = $(window).width();
+		var H = $(window).height();
+		var W = ( 720 < width ) ? 720 : width;
+
+		if ( tbWindow.size() ) {
+			tbWindow.width( W - 50 ).height( H - 45 );
+			$('#TB_iframeContent').width( W - 50 ).height( H - 75 );
+			tbWindow.css({marginLeft: '-' + parseInt((( W - 50 ) / 2),10) + 'px'});
+		};
+
+		return $('a.thickbox').each( function() {
+			var href = $(this).attr('href');
+			if ( ! href ) return;
+			href = href.replace(/&width=[0-9]+/g, '');
+			href = href.replace(/&height=[0-9]+/g, '');
+			$(this).attr( 'href', href + '&width=' + ( W - 80 ) + '&height=' + ( H - 85 ) );
+		});
+	};
+
+	$(window).resize( function() { tb_position() } );
+	$(document).ready( function() { tb_position() } );
+});
+

wp-admin/js/post.js

@@ -118,6 +118,10 @@ jQuery(document).ready( function() {
 		jQuery('#in-category-' + id + ', #in-popular-category-' + id).attr( 'checked', c );
 		noSyncChecks = false;
 	};
+	var catAddBefore = function( s ) {
+		s.data += '&' + jQuery( '#categorychecklist :checked' ).serialize();
+		return s;
+	};
 	var catAddAfter = function( r, s ) {
 		if ( !newCatParent ) newCatParent = jQuery('#newcat_parent');
 		if ( !newCatParentOption ) newCatParentOption = newCatParent.find( 'option[value=-1]' );
@@ -127,7 +131,7 @@ jQuery(document).ready( function() {
 				var th = jQuery(this);
 				var val = th.find('input').val();
 				var id = th.find('input')[0].id
-				jQuery('#' + id).change( syncChecks );
+				jQuery('#' + id).change( syncChecks ).change();
 				if ( newCatParent.find( 'option[value=' + val + ']' ).size() )
 					return;
 				var name = jQuery.trim( th.text() );
@@ -140,6 +144,7 @@ jQuery(document).ready( function() {
 	jQuery('#categorychecklist').wpList( {
 		alt: '',
 		response: 'category-ajax-response',
+		addBefore: catAddBefore,
 		addAfter: catAddAfter
 	} );
 	jQuery('#category-add-toggle').click( function() {
@@ -148,7 +153,7 @@ jQuery(document).ready( function() {
 		jQuery('#newcat').focus();
 		return false;
 	} );
-	jQuery('.categorychecklist :checkbox').change( syncChecks ).filter( ':checked' ).change();
+	jQuery('.categorychecklist .popular-category :checkbox').change( syncChecks ).filter( ':checked' ).change();
 
 	jQuery('.edit-timestamp').click(function () {
 		if (jQuery('#timestampdiv').is(":hidden")) {
@@ -172,5 +177,9 @@ jQuery(document).ready( function() {
 		if ( jQuery.isFunction( autosave_update_post_ID ) ) {
 			autosave_update_post_ID(s.parsed.responses[0].supplemental.postid);
 		}
-	} });
+	}, addBefore: function( s ) {
+		s.data += '&post_id=' + jQuery('#post_ID').val();
+		return s;
+	}
+	});
 });

wp-admin/js/widgets.js

@@ -11,29 +11,29 @@ jQuery(function($) {
 		var widgetAnim = $.browser.msie ? function() {
 			var t = $(this);
 			if ( t.is(':visible') ) {
-				if ( disableFields ) { t.find( ':enabled' ).not( '[name="widget-id[]"], [name*="[submit]"]' ).attr( 'disabled', 'disabled' ); }
+				if ( disableFields ) { t.find( ':input:enabled' ).not( '[name="widget-id[]"], [name*="[submit]"]' ).attr( 'disabled', 'disabled' ); }
 				li.css( 'marginLeft', 0 );
-				t.siblings('h4').children('a').text( widgetsL10n.edit );
+				t.siblings('div').children('h4').children('a').text( widgetsL10n.edit );
 			} else {
 				t.find( ':disabled' ).attr( 'disabled', '' ); // always enable on open
 				if ( width > 250 )
 					li.css( 'marginLeft', ( width - 250 ) * -1 );
-				t.siblings('h4').children('a').text( widgetsL10n.cancel );
+				t.siblings('div').children('h4').children('a').text( widgetsL10n.cancel );
 			}
 			t.toggle();
 		} : function() {
 			var t = $(this);
 
 			if ( t.is(':visible') ) {
-				if ( disableFields ) { t.find( ':enabled' ).not( '[name="widget-id[]"], [name*="[submit]"]' ).attr( 'disabled', 'disabled' ); }
+				if ( disableFields ) { t.find( ':input:enabled' ).not( '[name="widget-id[]"], [name*="[submit]"]' ).attr( 'disabled', 'disabled' ); }
 				if ( width > 250 )
 					li.animate( { marginLeft: 0 } );
-				t.siblings('h4').children('a').text( widgetsL10n.edit );
+				t.siblings('div').children('h4').children('a').text( widgetsL10n.edit );
 			} else {
 				t.find( ':disabled' ).attr( 'disabled', '' ); // always enable on open
 				if ( width > 250 )
 					li.animate( { marginLeft: ( width - 250 ) * -1 } );
-				t.siblings('h4').children('a').text( widgetsL10n.cancel );
+				t.siblings('div').children('h4').children('a').text( widgetsL10n.cancel );
 			}
 			t.animate( { height: 'toggle' } );
 		};

wp-admin/media.php

@@ -9,8 +9,14 @@ wp_reset_vars(array('action'));
 
 switch( $action ) :
 case 'editattachment' :
-	$errors = media_upload_form_handler();
 	$attachment_id = (int) $_POST['attachment_id'];
+	check_admin_referer('media-form');
+
+	if ( !current_user_can('edit_post', $attachment_id) )
+		wp_die ( __('You are not allowed to edit this attachment.') );
+
+	$errors = media_upload_form_handler();
+
 	if ( empty($errors) ) {
 		$location = 'media.php';
 		if ( $referer = wp_get_original_referer() ) {
@@ -39,6 +45,10 @@ case 'edit' :
 		exit();
 	}
 	$att_id = (int) $_GET['attachment_id'];
+
+	if ( !current_user_can('edit_post', $att_id) )
+		wp_die ( __('You are not allowed to edit this attachment.') );
+
 	$att = get_post($att_id);
 
 	add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2);
@@ -82,7 +92,7 @@ case 'edit' :
 <?php wp_original_referer_field(true, 'previous'); ?>
 <?php wp_nonce_field('media-form'); ?>
 </p>
-
+</form>
 
 </div>
 

wp-admin/menu.php

@@ -20,9 +20,10 @@ elseif (strpos($_SERVER['REQUEST_URI'], 'link-add.php') !== false)
 else
 	$menu[10] = array(__('Manage'), 'edit_posts', 'edit.php');
 
-$awaiting_mod = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'");
+$awaiting_mod = wp_count_comments();
+$awaiting_mod = $awaiting_mod->moderated;
 $menu[15] = array(__('Design'), 'switch_themes', 'themes.php');
-$menu[20] = array( sprintf( __('Comments %s'), "<span id='awaiting-mod' class='count-$awaiting_mod'><span class='comment-count'>$awaiting_mod</span></span>" ), 'edit_posts', 'edit-comments.php');
+$menu[20] = array( sprintf( __('Comments %s'), "<span id='awaiting-mod' class='count-$awaiting_mod'><span class='comment-count'>" . number_format_i18n($awaiting_mod) . "</span></span>" ), 'edit_posts', 'edit-comments.php');
 $menu[30] = array(__('Settings'), 'manage_options', 'options-general.php');
 $menu[35] = array(__('Plugins'), 'activate_plugins', 'plugins.php');
 if ( current_user_can('edit_users') )
@@ -52,6 +53,7 @@ if ( current_user_can('edit_users') ) {
 	$submenu['users.php'][5] = array(__('Authors &amp; Users'), 'edit_users', 'users.php');
 	$submenu['users.php'][10] = array(__('Your Profile'), 'read', 'profile.php');
 } else {
+	$_wp_real_parent_file['users.php'] = 'profile.php';
 	$submenu['profile.php'][5] = array(__('Your Profile'), 'read', 'profile.php');
 }
 

wp-admin/page.php

@@ -8,8 +8,10 @@ wp_reset_vars(array('action'));
 
 function redirect_page($page_ID) {
 	$referredby = '';
-	if ( !empty($_POST['referredby']) )
+	if ( !empty($_POST['referredby']) ) {
 		$referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
+		$referredby = remove_query_arg('_wp_original_http_referer', $referredby);
+	}
 	$referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
 
 	if ( 'post' == $_POST['originalaction'] && !empty($_POST['mode']) && 'bookmarklet' == $_POST['mode'] ) {
@@ -31,6 +33,7 @@ function redirect_page($page_ID) {
 		$location = $location[0] . '#postcustom';
 	} elseif (!empty($referredby) && $referredby != $referer) {
 		$location = $_POST['referredby'];
+		$location = remove_query_arg('_wp_original_http_referer', $location);
 		if ( $_POST['referredby'] == 'redo' )
 			$location = get_permalink( $page_ID );
 		elseif ( false !== strpos($location, 'edit-pages.php') )
@@ -80,15 +83,18 @@ case 'edit':
 		wp_enqueue_script('editor');
 	wp_enqueue_script('thickbox');
 	wp_enqueue_script('media-upload');
-	if ( $last = wp_check_post_lock( $post->ID ) ) {
-		$last_user = get_userdata( $last );
-		$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
-		$message = sprintf( __( 'Warning: %s is currently editing this page' ), wp_specialchars( $last_user_name ) );
-		$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
-		add_action('admin_notices', create_function( '', "echo '$message';" ) );
-	} else {
-		wp_set_post_lock( $post->ID );
-		wp_enqueue_script('autosave');
+
+	if ( current_user_can('edit_page', $page_ID) ) {
+		if ( $last = wp_check_post_lock( $post->ID ) ) {
+			$last_user = get_userdata( $last );
+			$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
+			$message = sprintf( __( 'Warning: %s is currently editing this page' ), wp_specialchars( $last_user_name ) );
+			$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
+			add_action('admin_notices', create_function( '', "echo '$message';" ) );
+		} else {
+			wp_set_post_lock( $post->ID );
+			wp_enqueue_script('autosave');
+		}
 	}
 
 	require_once('admin-header.php');

wp-admin/plugins.php

@@ -86,11 +86,11 @@ if (empty($plugins)) {
 	$inactive = get_option('deactivated_plugins');
 	if ( !empty($active) ) {
 	?>
-	<a class="button-secondary" href="<?php echo wp_nonce_url('plugins.php?action=deactivate-all', 'deactivate-all'); ?>" class="delete"><?php _e('Deactivate All Plugins'); ?></a>
+	<a class="button-secondary delete" href="<?php echo wp_nonce_url('plugins.php?action=deactivate-all', 'deactivate-all'); ?>"><?php _e('Deactivate All Plugins'); ?></a>
 	<?php
 	} elseif ( empty($active) && !empty($inactive) ) {
 	?>
-	<a class="button-secondary" href="<?php echo wp_nonce_url('plugins.php?action=reactivate-all', 'reactivate-all'); ?>" class="delete"><?php _e('Reactivate Plugins'); ?></a>
+	<a class="button-secondary delete" href="<?php echo wp_nonce_url('plugins.php?action=reactivate-all', 'reactivate-all'); ?>"><?php _e('Reactivate Plugins'); ?></a>
 	<?php
 	} // endif active/inactive plugin check
 	?>

wp-admin/post.php

@@ -10,8 +10,10 @@ function redirect_post($post_ID = '') {
 	global $action;
 
 	$referredby = '';
-	if ( !empty($_POST['referredby']) )
+	if ( !empty($_POST['referredby']) ) {
 		$referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
+		$referredby = remove_query_arg('_wp_original_http_referer', $referredby);
+	}
 	$referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
 
 	if ( !empty($_POST['mode']) && 'bookmarklet' == $_POST['mode'] ) {
@@ -33,6 +35,7 @@ function redirect_post($post_ID = '') {
 		$location = $location[0] . '#postcustom';
 	} elseif (!empty($referredby) && $referredby != $referer) {
 		$location = $_POST['referredby'];
+		$location = remove_query_arg('_wp_original_http_referer', $location);
 		if ( $_POST['referredby'] == 'redo' )
 			$location = get_permalink( $post_ID );
 		elseif ( false !== strpos($location, 'edit.php') )
@@ -87,15 +90,18 @@ case 'edit':
 		wp_enqueue_script('editor');
 	wp_enqueue_script('thickbox');
 	wp_enqueue_script('media-upload');
-	if ( $last = wp_check_post_lock( $post->ID ) ) {
-		$last_user = get_userdata( $last );
-		$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
-		$message = sprintf( __( 'Warning: %s is currently editing this post' ), wp_specialchars( $last_user_name ) );
-		$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
-		add_action('admin_notices', create_function( '', "echo '$message';" ) );
-	} else {
-		wp_set_post_lock( $post->ID );
-		wp_enqueue_script('autosave');
+
+	if ( current_user_can('edit_post', $post_ID) ) {
+		if ( $last = wp_check_post_lock( $post->ID ) ) {
+			$last_user = get_userdata( $last );
+			$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
+			$message = sprintf( __( 'Warning: %s is currently editing this post' ), wp_specialchars( $last_user_name ) );
+			$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
+			add_action('admin_notices', create_function( '', "echo '$message';" ) );
+		} else {
+			wp_set_post_lock( $post->ID );
+			wp_enqueue_script('autosave');
+		}
 	}
 
 	require_once('admin-header.php');

wp-admin/rtl.css

@@ -114,6 +114,12 @@ p#post-search
 	float:right!important
 }
 
+.tablenav .delete 
+{
+	margin-left: 40px;
+	margin-right: 0;
+}
+
 ul.view-switch
 {
 	float:left;
@@ -155,7 +161,7 @@ form#themeselector
 
 #poststuff #media-buttons
 {
-	direction: ltr;
+	direction: rtl;
 	float:left;
 	margin-left:20px;
 	margin-right:0

wp-admin/update.php

@@ -22,7 +22,7 @@ function request_filesystem_credentials($form_post, $type = '', $error = false)
 	$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? $_POST['hostname'] : $credentials['hostname']);
 	$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? $_POST['username'] : $credentials['username']);
 	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? $_POST['password'] : $credentials['password']);
-	$credentials['ssl']      = defined('FTP_SSL')  ? FTP_SSL  : (!empty($_POST['ssl'])      ? $_POST['ssl']      : $credentials['ssl']);
+	$credentials['ssl']      = defined('FTP_SSL')  ? FTP_SSL  : ( isset($_POST['ssl'])      ? $_POST['ssl']      : $credentials['ssl']);
 
 	if ( ! $error && !empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) ) {
 		$stored_credentials = $credentials;

wp-admin/user-edit.php

@@ -164,7 +164,7 @@ include ('admin-header.php');
 <th scope="row"><?php _e('Admin Color Scheme')?></th>
 <td>
 <?php
-$current_color = get_user_option('admin_color');
+$current_color = get_user_option('admin_color', $user_id);
 if ( empty($current_color) )
 	$current_color = 'fresh';
 foreach ( $_wp_admin_css_colors as $color => $color_info ): ?>

wp-admin/users.php

@@ -362,9 +362,9 @@ foreach ( $wp_user_search->get_results() as $userid ) {
 <br class="clear" />
 </div>
 
-</form>
 <?php endif; ?>
 
+</form>
 </div>
 
 <?php
@@ -378,6 +378,7 @@ foreach ( $wp_user_search->get_results() as $userid ) {
 ?>
 
 <br class="clear" />
+<?php if ( current_user_can('create_users') ) { ?>
 
 <div class="wrap">
 <h2 id="add-new-user"><?php _e('Add New User') ?></h2>
@@ -452,6 +453,7 @@ foreach ( $wp_user_search->get_results() as $userid ) {
 </div>
 
 <?php
+}
 break;
 
 } // end of the $action switch

wp-admin/widgets.php

@@ -18,7 +18,7 @@ if ( isset($_GET['sidebar']) && isset($wp_registered_sidebars[$_GET['sidebar']])
 	$sidebar = attribute_escape( $_GET['sidebar'] );
 } elseif ( is_array($wp_registered_sidebars) && !empty($wp_registered_sidebars) ) {
 	// By default we look at the first defined sidebar
-	$sidebar = array_shift( array_keys($wp_registered_sidebars) );
+	$sidebar = array_shift( $keys = array_keys($wp_registered_sidebars) );
 } else {
 	// If no sidebars, die.
 	require_once( 'admin-header.php' );
@@ -134,7 +134,9 @@ if ( isset($_GET['add']) && $_GET['add'] ) {
 		
 			<ul class="widget-control-list">
 				<li class="widget-list-control-item">
+					<div class="widget-top">
 					<h4 class="widget-title"><?php echo $control['name']; ?></h4>
+					</div>
 					<div class="widget-control" style="display: block;">
 	<?php
 						call_user_func_array( $control_callback, $control['params'] );
@@ -317,5 +319,7 @@ if ( isset($_GET['message']) && isset($messages[$_GET['message']]) ) : ?>
 
 <?php do_action( 'sidebar_admin_page' ); ?>
 
+<br class="clear" />
+
 <?php require_once( 'admin-footer.php' ); ?>
 

wp-admin/wp-admin.css

@@ -34,8 +34,8 @@ form#upload #post_content, form#upload #post_title {
 }
 
 .form-invalid input {
-	border-width: 1px; !important
-	border-style: solid; !important
+	border-width: 1px !important;
+	border-style: solid !important;
 }
 
 
@@ -879,6 +879,10 @@ html, body {
 	margin-bottom: 6px;
 }
 
+#profile-page .form-table input[type=text] { 
+	width: 300px;
+}
+
 #pass-strength-result {
 	width: 197px;
 	float: left;
@@ -1436,7 +1440,7 @@ ul.view-switch li.current {
 	background-image: url(images/tail.gif);
 	background-repeat: no-repeat;
 	background-position: 15px bottom;
-	background-color: thansparent;
+	background-color: transparent;
 }
 
 #tTips p#tTips_inside {

wp-config-sample.php

@@ -8,8 +8,8 @@ define('DB_CHARSET', 'utf8');
 define('DB_COLLATE', '');
 
 // Change SECRET_KEY to a unique phrase.  You won't have to remember it later,
-// so make it long and complicated.  You can visit https://www.grc.com/passwords.htm
-// to get a phrase generated for you, or just make something up.
+// so make it long and complicated.  You can visit http://api.wordpress.org/secret-key/1.0/
+// to get a secret key generated for you, or just make something up.
 define('SECRET_KEY', 'put your unique phrase here'); // Change this to a unique phrase.
 
 // You can have multiple installations in one database if you give each a unique prefix

wp-content/themes/classic/index.php

@@ -27,6 +27,6 @@ get_header();
 <p><?php _e('Sorry, no posts matched your criteria.'); ?></p>
 <?php endif; ?>
 
-<?php posts_nav_link(' &#8212; ', __('&laquo; Older Posts'), __('Newer Posts &raquo;')); ?>
+<?php posts_nav_link(' &#8212; ', __('&laquo; Newer Posts'), __('Older Posts &raquo;')); ?>
 
 <?php get_footer(); ?>

wp-includes/bookmark-template.php

@@ -172,7 +172,7 @@ function wp_list_bookmarks($args = '') {
 
 	if ( $categorize ) {
 		//Split the bookmarks into ul's for each category
-		$cats = get_terms('link_category', "category_name=$category_name&include=$category&orderby=$category_orderby&order=$category_order&hierarchical=0");
+		$cats = get_terms('link_category', array('name__like' => $category_name, 'include' => $category, 'orderby' => $category_orderby, 'order' => $category_order, 'hierarchical' => 0));
 
 		foreach ( (array) $cats as $cat ) {
 			$params = array_merge($r, array('category'=>$cat->term_id));

wp-includes/class-IXR.php

@@ -571,7 +571,7 @@ class IXR_Error {
     var $message;
     function IXR_Error($code, $message) {
         $this->code = $code;
-        $this->message = $message;
+        $this->message = htmlspecialchars($message);
     }
     function getXml() {
         $xml = <<<EOD

wp-includes/classes.php

@@ -395,26 +395,26 @@ class Walker {
 	var $db_fields;
 
 	//abstract callbacks
-	function start_lvl($output) { return $output; }
-	function end_lvl($output)   { return $output; }
-	function start_el($output)  { return $output; }
-	function end_el($output)    { return $output; }
+	function start_lvl(&$output) {}
+	function end_lvl(&$output)   {}
+	function start_el(&$output)  {}
+	function end_el(&$output)    {}
 
 	/*
  	 * display one element if the element doesn't have any children
  	 * otherwise, display the element and its children
  	 */
-	function display_element( $element, &$children_elements, $max_depth, $depth=0, $args, $output ) {
+	function display_element( $element, &$children_elements, $max_depth, $depth=0, $args, &$output ) {
 
-		if ( !$element)
-			return $output;
+		if ( !$element )
+			return;
 
 		$id_field = $this->db_fields['id'];
 		$parent_field = $this->db_fields['parent'];
 
 		//display this element
-		$cb_args = array_merge( array($output, $element, $depth), $args);
-		$output = call_user_func_array(array(&$this, 'start_el'), $cb_args);
+		$cb_args = array_merge( array(&$output, $element, $depth), $args);
+		call_user_func_array(array(&$this, 'start_el'), $cb_args);
 
 		if ( $max_depth == 0 ||
 		     ($max_depth != 0 &&  $max_depth > $depth+1 )) { //whether to descend
@@ -427,12 +427,12 @@ class Walker {
 					if ( !isset($newlevel) ) {
 						$newlevel = true;
 						//start the child delimiter
-						$cb_args = array_merge( array($output, $depth), $args);
-						$output = call_user_func_array(array(&$this, 'start_lvl'), $cb_args);
+						$cb_args = array_merge( array(&$output, $depth), $args);
+						call_user_func_array(array(&$this, 'start_lvl'), $cb_args);
 					}
 
 					array_splice( $children_elements, $i, 1 );
-					$output = $this->display_element( $child, $children_elements, $max_depth, $depth + 1, $args, $output );
+					$this->display_element( $child, $children_elements, $max_depth, $depth + 1, $args, $output );
 					$i = -1;
 				}
 			}
@@ -440,15 +440,13 @@ class Walker {
 
 		if ( isset($newlevel) && $newlevel ){
 			//end the child delimiter
-			$cb_args = array_merge( array($output, $depth), $args);
-			$output = call_user_func_array(array(&$this, 'end_lvl'), $cb_args);
+			$cb_args = array_merge( array(&$output, $depth), $args);
+			call_user_func_array(array(&$this, 'end_lvl'), $cb_args);
 		}
 
 		//end this element
-		$cb_args = array_merge( array($output, $element, $depth), $args);
-		$output = call_user_func_array(array(&$this, 'end_el'), $cb_args);
-
-		return $output;
+		$cb_args = array_merge( array(&$output, $element, $depth), $args);
+		call_user_func_array(array(&$this, 'end_el'), $cb_args);
 	}
 
 	/*
@@ -476,7 +474,7 @@ class Walker {
 		if ( -1 == $max_depth ) {
 			$empty_array = array();
 			foreach ( $elements as $e )
-				$output = $this->display_element( $e, $empty_array, 1, 0, $args, $output );
+				$this->display_element( $e, $empty_array, 1, 0, $args, $output );
 			return $output;
 		}
 
@@ -512,7 +510,7 @@ class Walker {
 		}
 
 		foreach ( $top_level_elements as $e )
-			$output = $this->display_element( $e, $children_elements, $max_depth, 0, $args, $output );
+			$this->display_element( $e, $children_elements, $max_depth, 0, $args, $output );
 
 		/*
 		* if we are displaying all levels, and remaining children_elements is not empty,
@@ -521,7 +519,7 @@ class Walker {
 		if ( ( $max_depth == 0 ) && sizeof( $children_elements ) > 0 ) {
 			$empty_array = array();
 			foreach ( $children_elements as $orphan_e )
-				$output = $this->display_element( $orphan_e, $empty_array, 1, 0, $args, $output );
+				$this->display_element( $orphan_e, $empty_array, 1, 0, $args, $output );
 		 }
 		 return $output;
 	}
@@ -531,19 +529,17 @@ class Walker_Page extends Walker {
 	var $tree_type = 'page';
 	var $db_fields = array ('parent' => 'post_parent', 'id' => 'ID'); //TODO: decouple this
 
-	function start_lvl($output, $depth) {
+	function start_lvl(&$output, $depth) {
 		$indent = str_repeat("\t", $depth);
 		$output .= "\n$indent<ul>\n";
-		return $output;
 	}
 
-	function end_lvl($output, $depth) {
+	function end_lvl(&$output, $depth) {
 		$indent = str_repeat("\t", $depth);
 		$output .= "$indent</ul>\n";
-		return $output;
 	}
 
-	function start_el($output, $page, $depth, $current_page, $args) {
+	function start_el(&$output, $page, $depth, $current_page, $args) {
 		if ( $depth )
 			$indent = str_repeat("\t", $depth);
 		else
@@ -571,14 +567,10 @@ class Walker_Page extends Walker {
 
 			$output .= " " . mysql2date($date_format, $time);
 		}
-
-		return $output;
 	}
 
-	function end_el($output, $page, $depth) {
+	function end_el(&$output, $page, $depth) {
 		$output .= "</li>\n";
-
-		return $output;
 	}
 
 }
@@ -587,18 +579,16 @@ class Walker_PageDropdown extends Walker {
 	var $tree_type = 'page';
 	var $db_fields = array ('parent' => 'post_parent', 'id' => 'ID'); //TODO: decouple this
 
-	function start_el($output, $page, $depth, $args) {
-				$pad = str_repeat('&nbsp;', $depth * 3);
+	function start_el(&$output, $page, $depth, $args) {
+		$pad = str_repeat('&nbsp;', $depth * 3);
 
-				$output .= "\t<option value=\"$page->ID\"";
-				if ( $page->ID == $args['selected'] )
-								$output .= ' selected="selected"';
-				$output .= '>';
-				$title = wp_specialchars($page->post_title);
-				$output .= "$pad$title";
-				$output .= "</option>\n";
-
-				return $output;
+		$output .= "\t<option value=\"$page->ID\"";
+		if ( $page->ID == $args['selected'] )
+			$output .= ' selected="selected"';
+		$output .= '>';
+		$title = wp_specialchars($page->post_title);
+		$output .= "$pad$title";
+		$output .= "</option>\n";
 	}
 }
 
@@ -606,25 +596,23 @@ class Walker_Category extends Walker {
 	var $tree_type = 'category';
 	var $db_fields = array ('parent' => 'parent', 'id' => 'term_id'); //TODO: decouple this
 
-	function start_lvl($output, $depth, $args) {
+	function start_lvl(&$output, $depth, $args) {
 		if ( 'list' != $args['style'] )
-			return $output;
+			return;
 
 		$indent = str_repeat("\t", $depth);
 		$output .= "$indent<ul class='children'>\n";
-		return $output;
 	}
 
-	function end_lvl($output, $depth, $args) {
+	function end_lvl(&$output, $depth, $args) {
 		if ( 'list' != $args['style'] )
-			return $output;
+			return;
 
 		$indent = str_repeat("\t", $depth);
 		$output .= "$indent</ul>\n";
-		return $output;
 	}
 
-	function start_el($output, $category, $depth, $args) {
+	function start_el(&$output, $category, $depth, $args) {
 		extract($args);
 
 		$cat_name = attribute_escape( $category->name);
@@ -687,16 +675,13 @@ class Walker_Category extends Walker {
 		} else {
 			$output .= "\t$link<br />\n";
 		}
-
-		return $output;
 	}
 
-	function end_el($output, $page, $depth, $args) {
+	function end_el(&$output, $page, $depth, $args) {
 		if ( 'list' != $args['style'] )
-			return $output;
+			return;
 
 		$output .= "</li>\n";
-		return $output;
 	}
 
 }
@@ -705,7 +690,7 @@ class Walker_CategoryDropdown extends Walker {
 	var $tree_type = 'category';
 	var $db_fields = array ('parent' => 'parent', 'id' => 'term_id'); //TODO: decouple this
 
-	function start_el($output, $category, $depth, $args) {
+	function start_el(&$output, $category, $depth, $args) {
 		$pad = str_repeat('&nbsp;', $depth * 3);
 
 		$cat_name = apply_filters('list_cats', $category->name, $category);
@@ -721,8 +706,6 @@ class Walker_CategoryDropdown extends Walker {
 			$output .= '&nbsp;&nbsp;' . gmdate($format, $category->last_update_timestamp);
 		}
 		$output .= "</option>\n";
-
-		return $output;
 	}
 }
 

wp-includes/comment.php

@@ -451,6 +451,11 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age
 function wp_count_comments() {
 	global $wpdb;
 
+	$count = wp_cache_get('comments', 'counts');
+
+	if ( false !== $count )
+		return $count;
+
 	$count = $wpdb->get_results( "SELECT comment_approved, COUNT( * ) AS num_comments FROM {$wpdb->comments} GROUP BY comment_approved", ARRAY_A );
 
 	$stats = array( );
@@ -464,7 +469,10 @@ function wp_count_comments() {
 			$stats[$key] = 0;
 	}
 
-	return (object) $stats;
+	$stats = (object) $stats;
+	wp_cache_set('comments', $stats, 'counts');
+
+	return $stats;
 }
 
 /**
@@ -718,6 +726,11 @@ function wp_set_comment_status($comment_id, $comment_status) {
 			break;
 		case 'approve':
 			$query = "UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID='$comment_id' LIMIT 1";
+			if ( get_option('comments_notify') ) {
+				$comment = get_comment($comment_id);
+				wp_notify_postauthor($comment_id, $comment->comment_type);
+			}
+
 			break;
 		case 'spam':
 			$query = "UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID='$comment_id' LIMIT 1";

wp-includes/feed-atom.php

@@ -49,7 +49,7 @@ $more = 1;
 <?php atom_enclosure(); ?>
 <?php do_action('atom_entry'); ?>
 		<link rel="replies" type="text/html" href="<?php the_permalink_rss() ?>#comments" thr:count="<?php echo get_comments_number()?>"/>
-		<link rel="replies" type="appication/atom+xml" href="<?php echo get_post_comments_feed_link(0,'atom') ?>" thr:count="<?php echo get_comments_number()?>"/>
+		<link rel="replies" type="application/atom+xml" href="<?php echo get_post_comments_feed_link(0,'atom') ?>" thr:count="<?php echo get_comments_number()?>"/>
 		<thr:total><?php echo get_comments_number()?></thr:total>
 	</entry>
 	<?php endwhile ; ?>

wp-includes/formatting.php

@@ -5,7 +5,7 @@ function wptexturize($text) {
 	$next = true;
 	$output = '';
 	$curl = '';
-	$textarr = preg_split('/(<.*>)/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
+	$textarr = preg_split('/(<.*>|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
 	$stop = count($textarr);
 
 	// if a plugin has provided an autocorrect array, use it
@@ -26,7 +26,7 @@ function wptexturize($text) {
 	for ( $i = 0; $i < $stop; $i++ ) {
  		$curl = $textarr[$i];
 
-		if (isset($curl{0}) && '<' != $curl{0} && $next) { // If it's not a tag
+		if (isset($curl{0}) && '<' != $curl{0} && '[' != $curl{0} && $next) { // If it's not a tag
 			// static strings
 			$curl = str_replace($static_characters, $static_replacements, $curl);
 			// regular expressions
@@ -92,6 +92,7 @@ function wpautop($pee, $br = 1) {
 	if (strpos($pee, '<pre') !== false)
 		$pee = preg_replace_callback('!(<pre.*?>)(.*?)</pre>!is', 'clean_pre', $pee );
 	$pee = preg_replace( "|\n</p>$|", '</p>', $pee );
+	$pee = preg_replace('/<p>\s*?(' . get_shortcode_regex() . ')\s*<\/p>/s', '$1', $pee); // don't auto-p wrap shortcodes that stand alone
 
 	return $pee;
 }
@@ -366,6 +367,15 @@ function sanitize_title_with_dashes($title) {
 	return $title;
 }
 
+// ensures a string is a valid SQL order by clause like: post_name ASC, ID DESC
+// accepts one or more columns, with or without ASC/DESC, and also accepts RAND()
+function sanitize_sql_orderby( $orderby ){
+	preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
+	if ( !$obmatches )
+		return false;
+	return $orderby;
+}
+
 function convert_chars($content, $deprecated = '') {
 	// Translation of invalid Unicode references range to valid range
 	$wp_htmltranswinuni = array(
@@ -1119,6 +1129,10 @@ function wp_richedit_pre($text) {
 	$output = str_replace('&lt;', '&amp;lt;', $output);
 	$output = str_replace('&gt;', '&amp;gt;', $output);
 
+	// These should be entities too
+	$output = str_replace('<', '&lt;', $output);
+	$output = str_replace('>', '&gt;', $output);
+	
 	return apply_filters('richedit_pre', $output);
 }
 

wp-includes/functions.php

@@ -404,7 +404,7 @@ function delete_option( $name ) {
 
 function maybe_serialize( $data ) {
 	if ( is_string( $data ) )
-		$data = trim( $data );
+		return $data;
 	elseif ( is_array( $data ) || is_object( $data ) )
 		return serialize( $data );
 	if ( is_serialized( $data ) )
@@ -1142,7 +1142,8 @@ function wp_unique_filename( $dir, $filename, $unique_filename_callback = NULL )
 			$ext = strtolower( ".$ext" );
 
 		$filename = str_replace( $ext, '', $filename );
-		$filename = sanitize_title_with_dashes( $filename ) . $ext;
+		// Strip % so the server doesn't try to decode entities.
+		$filename = str_replace('%', '', sanitize_title_with_dashes( $filename ) ) . $ext;
 
 		while ( file_exists( $dir . "/$filename" ) ) {
 			if ( '' == "$number$ext" )
@@ -1748,4 +1749,20 @@ function apache_mod_loaded($mod, $default = false) {
 	return $default;
 }
 
+function validate_file( $file, $allowed_files = '' ) {
+	if ( false !== strpos( $file, '..' ))
+		return 1;
+
+	if ( false !== strpos( $file, './' ))
+		return 1;
+
+	if (':' == substr( $file, 1, 1 ))
+		return 2;
+
+	if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )
+		return 3;
+
+	return 0;
+}
+
 ?>

wp-includes/general-template.php

@@ -343,13 +343,17 @@ function get_archives_link($url, $text, $format = 'html', $before = '', $after =
 	$url = clean_url($url);
 
 	if ('link' == $format)
-		return "\t<link rel='archives' title='$title_text' href='$url' />\n";
+		$link_html = "\t<link rel='archives' title='$title_text' href='$url' />\n";
 	elseif ('option' == $format)
-		return "\t<option value='$url'>$before $text $after</option>\n";
+		$link_html = "\t<option value='$url'>$before $text $after</option>\n";
 	elseif ('html' == $format)
-		return "\t<li>$before<a href='$url' title='$title_text'>$text</a>$after</li>\n";
+		$link_html = "\t<li>$before<a href='$url' title='$title_text'>$text</a>$after</li>\n";
 	else // custom
-		return "\t$before<a href='$url' title='$title_text'>$text</a>$after\n";
+		$link_html = "\t$before<a href='$url' title='$title_text'>$text</a>$after\n";
+
+	$link_html = apply_filters( "get_archives_link", $link_html );
+		
+	return $link_html;
 }
 
 

wp-includes/js/autosave.js

@@ -10,8 +10,7 @@ jQuery(function($) {
 	$("#post").submit(function() { $.cancel(autosavePeriodical); });
 });
 
-// called when autosaving pre-existing post
-function autosave_saved(response) {
+function autosave_parse_response(response) {
 	var res = wpAjax.parseAjaxResponse(response, 'autosave'); // parse the ajax response
 	var message = '';
 
@@ -41,22 +40,29 @@ function autosave_saved(response) {
 	}
 	if ( message ) { jQuery('#autosave').html(message); } // update autosave message
 	else if ( autosaveOldMessage && res ) { jQuery('#autosave').html( autosaveOldMessage ); }
-	autosave_enable_buttons(); // re-enable disabled form buttons
 	return res;
 }
 
+// called when autosaving pre-existing post
+function autosave_saved(response) {
+	autosave_parse_response(response); // parse the ajax response
+	autosave_enable_buttons(); // re-enable disabled form buttons
+}
+
 // called when autosaving new post
 function autosave_saved_new(response) {
-	var res = autosave_saved(response); // parse the ajax response do the above
+	var res = autosave_parse_response(response); // parse the ajax response
 	// if no errors: update post_ID from the temporary value, grab new save-nonce for that new ID
 	if ( res && res.responses.length && !res.errors ) {
 		var tempID = jQuery('#post_ID').val();
 		var postID = parseInt( res.responses[0].id );
-		autosave_update_post_ID( postID );
+		autosave_update_post_ID( postID ); // disabled form buttons are re-enabled here
 		if ( tempID < 0 && postID > 0) // update media buttons
 			jQuery('#media-buttons a').each(function(){
 				this.href = this.href.replace(tempID, postID);
 			});
+	} else {
+		autosave_enable_buttons(); // re-enable disabled form buttons
 	}
 }
 
@@ -73,6 +79,7 @@ function autosave_update_post_ID( postID ) {
 			post_type: jQuery('#post_type').val()
 		}, function(html) {
 			jQuery('#_wpnonce').val(html);
+			autosave_enable_buttons(); // re-enable disabled form buttons
 		});
 		jQuery('#hiddenaction').val('editpost');
 	}
@@ -122,7 +129,7 @@ function autosave_enable_buttons() {
 
 function autosave_disable_buttons() {
 	jQuery("#submitpost :button:enabled, #submitpost :submit:enabled").attr('disabled', 'disabled');
-	setTimeout(autosave_enable_buttons, 1000); // Re-enable 1 sec later.  Just gives autosave a head start to avoid collisions.
+	setTimeout(autosave_enable_buttons, 5000); // Re-enable 5 sec later.  Just gives autosave a head start to avoid collisions.
 }
 
 var autosave = function() {
@@ -175,8 +182,10 @@ var autosave = function() {
 		post_data["comment_status"] = 'open';
 	if ( jQuery("#ping_status").attr("checked") )
 		post_data["ping_status"] = 'open';
-	if( jQuery("#excerpt"))
+	if ( jQuery("#excerpt") )
 		post_data["excerpt"] = jQuery("#excerpt").val();
+	if ( jQuery("#post_author") )
+		post_data["post_author"] = jQuery("#post_author").val();
 
 	// Don't run while the TinyMCE spellcheck is on.  Why?  Who knows.
 	if ( rich && tinyMCE.activeEditor.plugins.spellchecker && tinyMCE.activeEditor.plugins.spellchecker.active ) {

wp-includes/js/swfupload/handlers.js

@@ -12,7 +12,9 @@ function fileQueued(fileObj) {
 		jQuery('.slidetoggle').slideUp(200).siblings().removeClass('hidden');
 	}
 	// Create a progress bar containing the filename
-	jQuery('#media-items').append('<div id="media-item-' + fileObj.id + '" class="media-item child-of-' + post_id + '"><div class="filename original">' + fileObj.name + '</div><div class="progress"><div class="bar"></div></div></div>');
+	jQuery('#media-items').append('<div id="media-item-' + fileObj.id + '" class="media-item child-of-' + post_id + '"><div class="progress"><div class="bar"></div></div><div class="filename original">' + fileObj.name + '</div></div>');
+	// Display the progress div
+	jQuery('#media-item-' + fileObj.id + ' .progress').show();
 
 	// Disable the submit button
 	jQuery('#insert-gallery').attr('disabled', 'disabled');
@@ -24,16 +26,27 @@ function uploadProgress(fileObj, bytesDone, bytesTotal) {
 	// Lengthen the progress bar
 	jQuery('#media-item-' + fileObj.id + ' .bar').width(620*bytesDone/bytesTotal);
 
-	if ( bytesDone== bytesTotal )
-		jQuery('#media-item-' + fileObj.id + ' .bar').html('<strong style="display: block; padding-top: 9px; padding-left: 1em;">' + swfuploadL10n.crunching + '</strong>');
+	if ( bytesDone == bytesTotal )
+		jQuery('#media-item-' + fileObj.id + ' .bar').html('<strong class="crunching">' + swfuploadL10n.crunching + '</strong>');
 }
 
 function prepareMediaItem(fileObj, serverData) {
 	// Move the progress bar to 100%
 	jQuery('#media-item-' + fileObj.id + ' .bar').remove();
+	jQuery('#media-item-' + fileObj.id + ' .progress').hide();
 
-	// Append the HTML returned by the server -- thumbnail and form inputs
-	jQuery('#media-item-' + fileObj.id).append(serverData);
+	// Old style: Append the HTML returned by the server -- thumbnail and form inputs
+	if ( isNaN(serverData) || !serverData ) {
+		jQuery('#media-item-' + fileObj.id).append(serverData);
+		prepareMediaItemInit(fileObj);
+	}
+	// New style: server data is just the attachment ID, fetch the thumbnail and form html from the server
+	else {
+		jQuery('#media-item-' + fileObj.id).load('async-upload.php', {attachment_id:serverData, fetch:1}, function(){prepareMediaItemInit(fileObj);updateMediaForm()});
+	}
+}
+		
+function prepareMediaItemInit(fileObj) {
 
 	// Clone the thumbnail as a "pinkynail" -- a tiny image to the left of the filename
 	jQuery('#media-item-' + fileObj.id + ' .thumbnail').clone().attr('className', 'pinkynail toggle').prependTo('#media-item-' + fileObj.id);
@@ -41,11 +54,8 @@ function prepareMediaItem(fileObj, serverData) {
 	// Replace the original filename with the new (unique) one assigned during upload
 	jQuery('#media-item-' + fileObj.id + ' .filename.original').replaceWith(jQuery('#media-item-' + fileObj.id + ' .filename.new'));
 
-	// Bind toggle function to a new mask over the progress bar area
-	jQuery('#media-item-' + fileObj.id + ' .progress').clone().empty().addClass('clickmask').bind('click', function(){jQuery(this).siblings('.slidetoggle').slideToggle(150);jQuery(this).siblings('.toggle').toggle();}).appendTo('#media-item-' + fileObj.id);
-
 	// Also bind toggle to the links
-	jQuery('#media-item-' + fileObj.id + ' a.toggle').bind('click', function(){jQuery(this).siblings('.slidetoggle').slideToggle(150);jQuery(this).parent().eq(0).children('.toggle').toggle();jQuery(this).siblings('a.toggle').focus();return false;});
+	jQuery('#media-item-' + fileObj.id + ' a.toggle').bind('click', function(){jQuery(this).siblings('.slidetoggle').slideToggle(150, function(){window.scrollTo(0,this.parentNode.offsetTop);});jQuery(this).parent().eq(0).children('.toggle').toggle();jQuery(this).siblings('a.toggle').focus();return false;});
 
 	// Bind AJAX to the new Delete button
 	jQuery('#media-item-' + fileObj.id + ' a.delete').bind('click',function(){
@@ -96,7 +106,7 @@ function deleteSuccess(data, textStatus) {
 	jQuery('#media-item-' + this.id + ' .filename').append(' <span class="file-error">'+swfuploadL10n.deleted+'</span>').siblings('a.toggle').remove();
 	jQuery('#media-item-' + this.id).children('.describe').css({backgroundColor:'#fff'}).end()
 			.animate({backgroundColor:'#ffc0c0'}, {queue:false,duration:50})
-			.animate({minHeight:0,height:36,}, 400, null, function(){jQuery(this).children('.describe').remove()})
+			.animate({minHeight:0,height:36}, 400, null, function(){jQuery(this).children('.describe').remove()})
 			.animate({backgroundColor:'#fff'}, 400)
 			.animate({height:0}, 800, null, function(){jQuery(this).remove();updateMediaForm();});
 

wp-includes/js/thickbox/thickbox.css

@@ -45,19 +45,17 @@
 
 #TB_window {
 	position: fixed;
-	background: #ffffff;
 	z-index: 102;
 	color:#000000;
 	display:none;
-	border: 4px solid #525252;
 	text-align:left;
-	top:50%;
+	top:20px;
 	left:50%;
 }
 
 * html #TB_window { /* ie6 hack */
 position: absolute;
-margin-top: expression(0 - parseInt(this.offsetHeight / 2) + (TBWindowMargin = document.documentElement && document.documentElement.scrollTop || document.body.scrollTop) + 'px');
+margin-top: expression(20) + (TBWindowMargin = document.documentElement && document.documentElement.scrollTop || document.body.scrollTop) + 'px');
 }
 
 #TB_window img#TB_Image {
@@ -97,6 +95,9 @@ margin-top: expression(0 - parseInt(this.offsetHeight / 2) + (TBWindowMargin = d
 #TB_title{
 	background-color:#e8e8e8;
 	height:27px;
+	border-width: 4px;
+	border-color: #525252;
+	border-style: solid solid none;
 }
 
 #TB_ajaxContent{

wp-includes/js/tinymce/plugins/fullscreen/editor_plugin.js

@@ -1 +1 @@
-(function(){var DOM=tinymce.DOM;tinymce.create('tinymce.plugins.FullScreenPlugin',{init:function(ed,url){var t=this,s={},vp;t.editor=ed;ed.addCommand('mceFullScreen',function(){var win,de=document.documentElement;if(ed.getParam('fullscreen_is_enabled')){if(ed.getParam('fullscreen_new_window'))closeFullscreen();else{window.setTimeout(function(){tinymce.dom.Event.remove(window,'resize',t.resizeFunc);tinyMCE.get(ed.getParam('fullscreen_editor_id')).setContent(ed.getContent({format:'raw'}),{format:'raw'});tinyMCE.remove(ed);DOM.remove('mce_fullscreen_container');de.style.overflow=ed.getParam('fullscreen_html_overflow');DOM.setStyle(document.body,'overflow',ed.getParam('fullscreen_overflow'));window.scrollTo(ed.getParam('fullscreen_scrollx'),ed.getParam('fullscreen_scrolly'));tinyMCE.settings=tinyMCE.oldSettings;},10);}return;}if(ed.getParam('fullscreen_new_window')){win=window.open(url+"/fullscreen.htm","mceFullScreenPopup","fullscreen=yes,menubar=no,toolbar=no,scrollbars=no,resizable=yes,left=0,top=0,width="+screen.availWidth+",height="+screen.availHeight);try{win.resizeTo(screen.availWidth,screen.availHeight);}catch(e){}}else{tinyMCE.oldSettings=tinyMCE.settings;s.fullscreen_overflow=DOM.getStyle(document.body,'overflow',1)||'auto';s.fullscreen_html_overflow=DOM.getStyle(de,'overflow',1);vp=DOM.getViewPort();s.fullscreen_scrollx=vp.x;s.fullscreen_scrolly=vp.y;if(tinymce.isOpera&&s.fullscreen_overflow=='visible')s.fullscreen_overflow='auto';if(tinymce.isIE&&s.fullscreen_overflow=='scroll')s.fullscreen_overflow='auto';if(s.fullscreen_overflow=='0px')s.fullscreen_overflow='';DOM.setStyle(document.body,'overflow','hidden');de.style.overflow='hidden';vp=DOM.getViewPort();window.scrollTo(0,0);if(tinymce.isIE)vp.h-=1;n=DOM.add(document.body,'div',{id:'mce_fullscreen_container',style:'position:absolute;top:0;left:0;width:'+vp.w+'px;height:'+vp.h+'px;z-index:150;'});DOM.add(n,'div',{id:'mce_fullscreen'});tinymce.each(ed.settings,function(v,n){s[n]=v;});s.id='mce_fullscreen';s.width=n.clientWidth;s.height=n.clientHeight-15;s.fullscreen_is_enabled=true;s.fullscreen_editor_id=ed.id;s.theme_advanced_resizing=false;s.save_onsavecallback=function(){ed.setContent(tinyMCE.get(s.id).getContent({format:'raw'}),{format:'raw'});ed.execCommand('mceSave');};tinymce.each(ed.getParam('fullscreen_settings'),function(v,k){s[k]=v;});if(s.theme_advanced_toolbar_location==='external')s.theme_advanced_toolbar_location='top';t.fullscreenEditor=new tinymce.Editor('mce_fullscreen',s);t.fullscreenEditor.onInit.add(function(){t.fullscreenEditor.setContent(ed.getContent());});t.fullscreenEditor.render();tinyMCE.add(t.fullscreenEditor);t.fullscreenElement=new tinymce.dom.Element('mce_fullscreen_container');t.fullscreenElement.update();t.resizeFunc=tinymce.dom.Event.add(window,'resize',function(){var vp=tinymce.DOM.getViewPort();t.fullscreenEditor.theme.resizeTo(vp.w,vp.h);});}});ed.addButton('fullscreen',{title:'fullscreen.desc',cmd:'mceFullScreen'});ed.onNodeChange.add(function(ed,cm){cm.setActive('fullscreen',ed.getParam('fullscreen_is_enabled'));});},getInfo:function(){return{longname:'Fullscreen',author:'Moxiecode Systems AB',authorurl:'http://tinymce.moxiecode.com',infourl:'http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/fullscreen',version:tinymce.majorVersion+"."+tinymce.minorVersion};}});tinymce.PluginManager.add('fullscreen',tinymce.plugins.FullScreenPlugin);})();
+(function(){var DOM=tinymce.DOM;tinymce.create('tinymce.plugins.FullScreenPlugin',{init:function(ed,url){var t=this,s={},vp;t.editor=ed;ed.addCommand('mceFullScreen',function(){var win,de=DOM.doc.documentElement;if(ed.getParam('fullscreen_is_enabled')){if(ed.getParam('fullscreen_new_window'))closeFullscreen();else{DOM.win.setTimeout(function(){tinymce.dom.Event.remove(DOM.win,'resize',t.resizeFunc);tinyMCE.get(ed.getParam('fullscreen_editor_id')).setContent(ed.getContent({format:'raw'}),{format:'raw'});tinyMCE.remove(ed);DOM.remove('mce_fullscreen_container');de.style.overflow=ed.getParam('fullscreen_html_overflow');DOM.setStyle(DOM.doc.body,'overflow',ed.getParam('fullscreen_overflow'));DOM.win.scrollTo(ed.getParam('fullscreen_scrollx'),ed.getParam('fullscreen_scrolly'));tinyMCE.settings=tinyMCE.oldSettings;},10);}return;}if(ed.getParam('fullscreen_new_window')){win=DOM.win.open(url+"/fullscreen.htm","mceFullScreenPopup","fullscreen=yes,menubar=no,toolbar=no,scrollbars=no,resizable=yes,left=0,top=0,width="+screen.availWidth+",height="+screen.availHeight);try{win.resizeTo(screen.availWidth,screen.availHeight);}catch(e){}}else{tinyMCE.oldSettings=tinyMCE.settings;s.fullscreen_overflow=DOM.getStyle(DOM.doc.body,'overflow',1)||'auto';s.fullscreen_html_overflow=DOM.getStyle(de,'overflow',1);vp=DOM.getViewPort();s.fullscreen_scrollx=vp.x;s.fullscreen_scrolly=vp.y;if(tinymce.isOpera&&s.fullscreen_overflow=='visible')s.fullscreen_overflow='auto';if(tinymce.isIE&&s.fullscreen_overflow=='scroll')s.fullscreen_overflow='auto';if(s.fullscreen_overflow=='0px')s.fullscreen_overflow='';DOM.setStyle(DOM.doc.body,'overflow','hidden');de.style.overflow='hidden';vp=DOM.getViewPort();DOM.win.scrollTo(0,0);if(tinymce.isIE)vp.h-=1;n=DOM.add(DOM.doc.body,'div',{id:'mce_fullscreen_container',style:'position:absolute;top:0;left:0;width:'+vp.w+'px;height:'+vp.h+'px;z-index:200000;'});DOM.add(n,'div',{id:'mce_fullscreen'});tinymce.each(ed.settings,function(v,n){s[n]=v;});s.id='mce_fullscreen';s.width=n.clientWidth;s.height=n.clientHeight-15;s.fullscreen_is_enabled=true;s.fullscreen_editor_id=ed.id;s.theme_advanced_resizing=false;s.save_onsavecallback=function(){ed.setContent(tinyMCE.get(s.id).getContent({format:'raw'}),{format:'raw'});ed.execCommand('mceSave');};tinymce.each(ed.getParam('fullscreen_settings'),function(v,k){s[k]=v;});if(s.theme_advanced_toolbar_location==='external')s.theme_advanced_toolbar_location='top';t.fullscreenEditor=new tinymce.Editor('mce_fullscreen',s);t.fullscreenEditor.onInit.add(function(){t.fullscreenEditor.setContent(ed.getContent());t.fullscreenEditor.focus();});t.fullscreenEditor.render();tinyMCE.add(t.fullscreenEditor);t.fullscreenElement=new tinymce.dom.Element('mce_fullscreen_container');t.fullscreenElement.update();t.resizeFunc=tinymce.dom.Event.add(DOM.win,'resize',function(){var vp=tinymce.DOM.getViewPort();t.fullscreenEditor.theme.resizeTo(vp.w,vp.h);});}});ed.addButton('fullscreen',{title:'fullscreen.desc',cmd:'mceFullScreen'});ed.onNodeChange.add(function(ed,cm){cm.setActive('fullscreen',ed.getParam('fullscreen_is_enabled'));});},getInfo:function(){return{longname:'Fullscreen',author:'Moxiecode Systems AB',authorurl:'http://tinymce.moxiecode.com',infourl:'http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/fullscreen',version:tinymce.majorVersion+"."+tinymce.minorVersion};}});tinymce.PluginManager.add('fullscreen',tinymce.plugins.FullScreenPlugin);})();

wp-includes/js/tinymce/plugins/fullscreen/fullscreen.htm

@@ -3,7 +3,7 @@
 <head>
 	<title></title>
 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-	<script type="text/javascript" src="../../tiny_mce.js"></script>
+	<script type="text/javascript" src="../../tiny_mce.js?v=307"></script>
 	<script type="text/javascript">
 		function patchCallback(settings, key) {
 			if (settings[key])

wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/window.css

@@ -8,6 +8,7 @@
 .clearlooks2 .mceWrapper {position:static}
 .mceEventBlocker {position:absolute; left:0; top:0; background:url(img/horizontal.gif) no-repeat 0 -75px; width:100%; height:100%;}
 .clearlooks2 .mcePlaceHolder {border:1px solid #000; background:#888; top:0; left:0; opacity:0.5; filter:alpha(opacity=50);}
+.clearlooks2_modalBlocker {position:absolute; left:0; top:0; width:100%; height:100%; background:#FFF; opacity:0.6; filter:alpha(opacity=60); display:none}
 
 /* Top */
 .clearlooks2 .mceTop, 
@@ -57,69 +58,69 @@ color:#FFF
 }
 
 /* Middle */
-.clearlooks2 .mceMiddle, .clearlooks2 .mceMiddle div {top:0;}
-.clearlooks2 .mceMiddle {width:100%; height:100%; clip:rect(23px auto auto auto);}
-.clearlooks2 .mceMiddle .mceLeft {left:0; width:5px; height:100%; background:#E4F2FD;border-left:1px solid #c6d9e9;}
-.clearlooks2 .mceMiddle span {top:23px; left:5px; width:100%; height:100%; background:#FFF;}
-.clearlooks2 .mceMiddle .mceRight {right:0; width:5px; height:100%; background:#E4F2FD;border-right:1px solid #c6d9e9;}
+.clearlooks2 .mceMiddle, .clearlooks2 .mceMiddle div {top:0}
+.clearlooks2 .mceMiddle {width:100%; height:100%; clip:rect(23px auto auto auto)}
+.clearlooks2 .mceMiddle .mceLeft {left:0; width:5px; height:100%; background:#E4F2FD;border-left:1px solid #c6d9e9}
+.clearlooks2 .mceMiddle span {top:23px; left:5px; width:100%; height:100%; background:#FFF}
+.clearlooks2 .mceMiddle .mceRight {right:0; width:5px; height:100%; background:#E4F2FD;border-right:1px solid #c6d9e9}
 
 /* Bottom */
-.clearlooks2 .mceBottom, .clearlooks2 .mceBottom div {height:6px;}
-.clearlooks2 .mceBottom {left:0; bottom:0; width:100%;background:#E4F2FD;border-bottom:1px solid #c6d9e9;}
-.clearlooks2 .mceBottom div {top:0;}
-.clearlooks2 .mceBottom .mceLeft {left:0; width:5px; background:#E4F2FD  ;border-left:1px solid #c6d9e9;}
-.clearlooks2 .mceBottom .mceCenter {left:5px; width:100%;}
-.clearlooks2 .mceBottom .mceRight {right:0; width:6px; background:#E4F2FD url(img/drag.gif) no-repeat;border-right:1px solid #c6d9e9;}
-.clearlooks2 .mceBottom span {display:none;}
-.clearlooks2 .mceStatusbar .mceBottom, .clearlooks2 .mceStatusbar .mceBottom div {height:23px;}
-.clearlooks2 .mceStatusbar .mceBottom .mceLeft {background:url(img/corners.gif) -29px 0;}
-.clearlooks2 .mceStatusbar .mceBottom .mceCenter {background:url(img/horizontal.gif) 0 -52px;}
-.clearlooks2 .mceStatusbar .mceBottom .mceRight {background:url(img/corners.gif) -24px 0;}
-.clearlooks2 .mceStatusbar .mceBottom span {display:block; left:7px; font-family:Arial, Verdana; font-size:11px; line-height:23px;}
+.clearlooks2 .mceBottom, .clearlooks2 .mceBottom div {height:6px}
+.clearlooks2 .mceBottom {left:0; bottom:0; width:100%;background:#E4F2FD;border-bottom:1px solid #c6d9e9}
+.clearlooks2 .mceBottom div {top:0}
+.clearlooks2 .mceBottom .mceLeft {left:0; width:5px; background:#E4F2FD  ;border-left:1px solid #c6d9e9}
+.clearlooks2 .mceBottom .mceCenter {left:5px; width:100%}
+.clearlooks2 .mceBottom .mceRight {right:0; width:6px; background:#E4F2FD url(img/drag.gif) no-repeat;border-right:1px solid #c6d9e9}
+.clearlooks2 .mceBottom span {display:none}
+.clearlooks2 .mceStatusbar .mceBottom, .clearlooks2 .mceStatusbar .mceBottom div {height:23px}
+.clearlooks2 .mceStatusbar .mceBottom .mceLeft {background:url(img/corners.gif) -29px 0}
+.clearlooks2 .mceStatusbar .mceBottom .mceCenter {background:url(img/horizontal.gif) 0 -52px}
+.clearlooks2 .mceStatusbar .mceBottom .mceRight {background:url(img/corners.gif) -24px 0}
+.clearlooks2 .mceStatusbar .mceBottom span {display:block; left:7px; font-family:Arial, Verdana; font-size:11px; line-height:23px}
 
 /* Actions */
-.clearlooks2 a {width:29px; height:16px; top:3px;}
-.clearlooks2 .mceClose {right:6px; background:url(img/buttons.gif) -87px 0;}
-.clearlooks2 .mceMin {display:none; right:68px; background:url(img/buttons.gif) 0 0;}
-.clearlooks2 .mceMed {display:none; right:37px; background:url(img/buttons.gif) -29px 0;}
-.clearlooks2 .mceMax {display:none; right:37px; background:url(img/buttons.gif) -58px 0;}
-.clearlooks2 .mceMove {display:none;width:100%;cursor:move;background:url(img/corners.gif) no-repeat -100px -100px;}
-.clearlooks2 .mceMovable .mceMove {display:block;}
-.clearlooks2 .mceFocus .mceClose {right:6px; background:url(img/buttons.gif) -87px -16px;}
-.clearlooks2 .mceFocus .mceMin {right:68px; background:url(img/buttons.gif) 0 -16px;}
-.clearlooks2 .mceFocus .mceMed {right:37px; background:url(img/buttons.gif) -29px -16px;}
-.clearlooks2 .mceFocus .mceMax {right:37px; background:url(img/buttons.gif) -58px -16px;}
-.clearlooks2 .mceFocus .mceClose:hover {right:6px; background:url(img/buttons.gif) -87px -32px;}
-.clearlooks2 .mceFocus .mceClose:hover {right:6px; background:url(img/buttons.gif) -87px -32px;}
-.clearlooks2 .mceFocus .mceMin:hover {right:68px; background:url(img/buttons.gif) 0 -32px;}
-.clearlooks2 .mceFocus .mceMed:hover {right:37px; background:url(img/buttons.gif) -29px -32px;}
-.clearlooks2 .mceFocus .mceMax:hover {right:37px; background:url(img/buttons.gif) -58px -32px;}
+.clearlooks2 a {width:29px; height:16px; top:3px}
+.clearlooks2 .mceClose {right:6px; background:url(img/buttons.gif) -87px 0}
+.clearlooks2 .mceMin {display:none; right:68px; background:url(img/buttons.gif) 0 0}
+.clearlooks2 .mceMed {display:none; right:37px; background:url(img/buttons.gif) -29px 0}
+.clearlooks2 .mceMax {display:none; right:37px; background:url(img/buttons.gif) -58px 0}
+.clearlooks2 .mceMove {display:none;width:100%;cursor:move;background:url(img/corners.gif) no-repeat -100px -100px}
+.clearlooks2 .mceMovable .mceMove {display:block}
+.clearlooks2 .mceFocus .mceClose {right:6px; background:url(img/buttons.gif) -87px -16px}
+.clearlooks2 .mceFocus .mceMin {right:68px; background:url(img/buttons.gif) 0 -16px}
+.clearlooks2 .mceFocus .mceMed {right:37px; background:url(img/buttons.gif) -29px -16px}
+.clearlooks2 .mceFocus .mceMax {right:37px; background:url(img/buttons.gif) -58px -16px}
+.clearlooks2 .mceFocus .mceClose:hover {right:6px; background:url(img/buttons.gif) -87px -32px}
+.clearlooks2 .mceFocus .mceClose:hover {right:6px; background:url(img/buttons.gif) -87px -32px}
+.clearlooks2 .mceFocus .mceMin:hover {right:68px; background:url(img/buttons.gif) 0 -32px}
+.clearlooks2 .mceFocus .mceMed:hover {right:37px; background:url(img/buttons.gif) -29px -32px}
+.clearlooks2 .mceFocus .mceMax:hover {right:37px; background:url(img/buttons.gif) -58px -32px}
 
 /* Resize */
-.clearlooks2 .mceResize {top:auto; left:auto; display:none; width:5px; height:5px; background:url(img/horizontal.gif) no-repeat 0 -75px;}
-.clearlooks2 .mceResizable .mceResize {display:block;}
-.clearlooks2 .mceResizable .mceMin, .clearlooks2 .mceMax {display:none;}
-.clearlooks2 .mceMinimizable .mceMin {display:block;}
-.clearlooks2 .mceMaximizable .mceMax {display:block;}
-.clearlooks2 .mceMaximized .mceMed {display:block;}
-.clearlooks2 .mceMaximized .mceMax {display:none;}
-.clearlooks2 a.mceResizeN {top:0; left:0; width:100%; cursor:n-resize;}
-.clearlooks2 a.mceResizeNW {top:0; left:0; cursor:nw-resize;}
+.clearlooks2 .mceResize {top:auto; left:auto; display:none; width:5px; height:5px; background:url(img/horizontal.gif) no-repeat 0 -75px}
+.clearlooks2 .mceResizable .mceResize {display:block}
+.clearlooks2 .mceResizable .mceMin, .clearlooks2 .mceMax {display:none}
+.clearlooks2 .mceMinimizable .mceMin {display:block}
+.clearlooks2 .mceMaximizable .mceMax {display:block}
+.clearlooks2 .mceMaximized .mceMed {display:block}
+.clearlooks2 .mceMaximized .mceMax {display:none}
+.clearlooks2 a.mceResizeN {top:0; left:0; width:100%; cursor:n-resize}
+.clearlooks2 a.mceResizeNW {top:0; left:0; cursor:nw-resize}
 .clearlooks2 a.mceResizeNE {top:0; right:0; cursor:ne-resize}
-.clearlooks2 a.mceResizeW {top:0; left:0; height:100%; cursor:w-resize;}
-.clearlooks2 a.mceResizeE {top:0; right:0; height:100%; cursor:e-resize;}
+.clearlooks2 a.mceResizeW {top:0; left:0; height:100%; cursor:w-resize}
+.clearlooks2 a.mceResizeE {top:0; right:0; height:100%; cursor:e-resize}
 .clearlooks2 a.mceResizeS {bottom:0; left:0; width:100%; cursor:s-resize}
-.clearlooks2 a.mceResizeSW {bottom:0; left:0; cursor:sw-resize;}
-.clearlooks2 a.mceResizeSE {bottom:0; right:0; cursor:se-resize;}
+.clearlooks2 a.mceResizeSW {bottom:0; left:0; cursor:sw-resize}
+.clearlooks2 a.mceResizeSE {bottom:0; right:0; cursor:se-resize}
 
 /* Alert/Confirm */
-.clearlooks2 .mceButton {font-weight:bold; bottom:10px; width:80px; height:30px; background:url(img/button.gif); line-height:30px; vertical-align:middle; text-align:center; outline:0;}
-.clearlooks2 .mceMiddle .mceIcon {left:15px; top:35px; width:32px; height:32px;}
-.clearlooks2 .mceAlert .mceMiddle span, .clearlooks2 .mceConfirm .mceMiddle span {background:transparent;left:60px; top:35px; width:320px; height:50px; font-weight:bold; overflow:auto; white-space:normal;}
-.clearlooks2 a:hover {font-weight:bold;}
-.clearlooks2 .mceAlert .mceMiddle, .clearlooks2 .mceConfirm .mceMiddle {background:#E4F2FD;}
-.clearlooks2 .mceAlert .mceOk {left:50%; top:auto; margin-left: -40px;}
-.clearlooks2 .mceAlert .mceIcon {background:url(img/alert.gif);}
-.clearlooks2 .mceConfirm .mceOk {left:50%; top:auto; margin-left: -90px;}
-.clearlooks2 .mceConfirm .mceCancel {left:50%; top:auto;}
-.clearlooks2 .mceConfirm .mceIcon {background:url(img/confirm.gif);}
+.clearlooks2 .mceButton {font-weight:bold; bottom:10px; width:80px; height:30px; background:url(img/button.gif); line-height:30px; vertical-align:middle; text-align:center; outline:0}
+.clearlooks2 .mceMiddle .mceIcon {left:15px; top:35px; width:32px; height:32px}
+.clearlooks2 .mceAlert .mceMiddle span, .clearlooks2 .mceConfirm .mceMiddle span {background:transparent;left:60px; top:35px; width:320px; height:50px; font-weight:bold; overflow:auto; white-space:normal}
+.clearlooks2 a:hover {font-weight:bold}
+.clearlooks2 .mceAlert .mceMiddle, .clearlooks2 .mceConfirm .mceMiddle {background:#E4F2FD}
+.clearlooks2 .mceAlert .mceOk {left:50%; top:auto; margin-left: -40px}
+.clearlooks2 .mceAlert .mceIcon {background:url(img/alert.gif)}
+.clearlooks2 .mceConfirm .mceOk {left:50%; top:auto; margin-left: -90px}
+.clearlooks2 .mceConfirm .mceCancel {left:50%; top:auto}
+.clearlooks2 .mceConfirm .mceIcon {background:url(img/confirm.gif)}

wp-includes/js/tinymce/plugins/inlinepopups/template.htm

@@ -2,7 +2,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>Template for dialogs</title>
-<link rel="stylesheet" type="text/css" href="skins/clearlooks2/window.css" />
+<link rel="stylesheet" type="text/css" href="skins/clearlooks2/window.css?v=307" />
 </head>
 <body>
 

wp-includes/js/tinymce/plugins/media/media.htm

@@ -2,13 +2,13 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#media_dlg.title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/media.js"></script>
-	<script type="text/javascript" src="../../utils/mctabs.js"></script>
-	<script type="text/javascript" src="../../utils/validate.js"></script>
-	<script type="text/javascript" src="../../utils/form_utils.js"></script>
-	<script type="text/javascript" src="../../utils/editable_selects.js"></script>
-	<link href="css/media.css" rel="stylesheet" type="text/css" />
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/media.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/mctabs.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/validate.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/form_utils.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/editable_selects.js?v=307"></script>
+	<link href="css/media.css?v=307" rel="stylesheet" type="text/css" />
 	<base target="_self" />
 </head>
 <body style="display: none">

wp-includes/js/tinymce/plugins/paste/blank.htm

@@ -2,7 +2,7 @@
 <head>
 <title>blank_page</title>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<link href="css/blank.css" rel="stylesheet" type="text/css" />
+<link href="css/blank.css?v=307" rel="stylesheet" type="text/css" />
 <base target="_self" />
 <script type="text/javascript">
 function init() {

wp-includes/js/tinymce/plugins/paste/pastetext.htm

@@ -2,8 +2,8 @@
 <head>
 	<title>{#paste.paste_text_desc}</title>
 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/pastetext.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/pastetext.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body onresize="resizeInputs();" style="display:none; overflow:hidden;">

wp-includes/js/tinymce/plugins/paste/pasteword.htm

@@ -2,9 +2,9 @@
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
 	<title>{#paste.paste_word_desc}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/pasteword.js"></script>
-	<link href="css/pasteword.css" rel="stylesheet" type="text/css" />
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/pasteword.js?v=307"></script>
+	<link href="css/pasteword.css?v=307" rel="stylesheet" type="text/css" />
 	<base target="_self" />
 </head>
 <body onresize="resizeInputs();" style="display:none; overflow:hidden;">

wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js

@@ -11,8 +11,8 @@
 	tinymce.create('tinymce.plugins.WordPress', {
 		init : function(ed, url) {
 			var t = this, tbId = ed.getParam('wordpress_adv_toolbar', 'toolbar2');
-            var moreHTML = '<img src="' + url + '/img/trans.gif" class="mceWPmore mceItemNoResize" title="'+ed.getLang('wordpress.wp_more_alt')+'" />';
-            var nextpageHTML = '<img src="' + url + '/img/trans.gif" class="mceWPnextpage mceItemNoResize" title="'+ed.getLang('wordpress.wp_page_alt')+'" />';
+			var moreHTML = '<img src="' + url + '/img/trans.gif" class="mceWPmore mceItemNoResize" title="'+ed.getLang('wordpress.wp_more_alt')+'" />';
+			var nextpageHTML = '<img src="' + url + '/img/trans.gif" class="mceWPnextpage mceItemNoResize" title="'+ed.getLang('wordpress.wp_page_alt')+'" />';
 
 			if ( tinymce.util.Cookie.get('kitchenSink') == '1' )
 				ed.settings.wordpress_adv_hidden = 0;
@@ -42,13 +42,13 @@
 						inline : 1
 					});
 				});
-			
+
 			ed.addCommand('WP_Adv', function() {
 				var id = ed.controlManager.get(tbId).id, cm = ed.controlManager, cook = tinymce.util.Cookie, date;
 
 				date = new Date();
-        		date.setTime(date.getTime()+(10*365*24*60*60*1000));
-				
+				date.setTime(date.getTime()+(10*365*24*60*60*1000));
+
 				if (DOM.isHidden(id)) {
 					cm.setActive('wp_adv', 1);
 					DOM.show(id);
@@ -89,27 +89,52 @@
 				cmd : 'WP_Adv'
 			});
 
-			// Add class "alignleft" or "alignright" when selecting align for images.
+			// Add class "alignleft", "alignright" and "aligncenter" when selecting align for images.
+			ed.onExecCommand.add(function( editor, cmd ) {
+				var node, bl, dom = editor.dom;
+
+				if ( 'JustifyCenter' == cmd ) {
+					if ( ( node = editor.selection.getNode() ) && node.nodeName == 'IMG' ) {
+						if ( ! dom.hasClass( node, "aligncenter" ) && ( bl = editor.forceBlocks.getParentBlock(node) ) && bl.childNodes.length == 1 )
+							dom.setStyle(bl, 'text-align', '');
+					}
+					editor.execCommand('mceRepaint');
+				}
+			});
+
 			ed.onBeforeExecCommand.add(function( editor, cmd ) {
-				var node, dir, xdir;
-	
+				var node, dir, xdir, bl, dom = editor.dom;
+
 				if ( ( cmd.indexOf('Justify') != -1 ) && ( node = editor.selection.getNode() ) ) {
-					if ( node.nodeName !== 'IMG' ) return;
+					if ( 'JustifyFull' == cmd || node.nodeName !== 'IMG' ) return;
 					dir = cmd.substring(7).toLowerCase();
-					if ( 'JustifyCenter' == cmd || editor.queryCommandState( cmd ) ) {
-						editor.dom.removeClass( node, "alignleft" );
-						editor.dom.removeClass( node, "alignright" );
+
+					if (  editor.queryCommandState( cmd ) ) {
+						dom.removeClass( node, "alignleft" );
+						dom.removeClass( node, "alignright" );
+						dom.removeClass( node, "aligncenter" );
+					} else if ( 'JustifyCenter' == cmd ) {
+						dom.removeClass( node, "alignleft" );
+						dom.removeClass( node, "alignright" );
+
+						if ( dom.hasClass( node, "aligncenter" ) ) {
+							dom.removeClass( node, "aligncenter" );
+							if ( ( bl = editor.forceBlocks.getParentBlock(node) ) && bl.childNodes.length == 1 && tinymce.isGecko )
+								editor.selection.select(bl.firstChild);
+						} else dom.addClass( node, "aligncenter" );
+
 					} else {
 						xdir = ( dir == 'left' ) ? 'right' : 'left';
-						editor.dom.removeClass( node, "align"+xdir );
-						editor.dom.addClass( node, "align"+dir );
+						dom.removeClass( node, "aligncenter" );
+						dom.removeClass( node, "align"+xdir );
+						dom.addClass( node, "align"+dir );
 					}
 				}
 			});
-			
+
 			// Add listeners to handle more break
 			t._handleMoreBreak(ed, url);
-			
+
 			// Add custom shortcuts
 			ed.addShortcut('alt+shift+c', ed.getLang('justifycenter_desc'), 'JustifyCenter');
 			ed.addShortcut('alt+shift+r', ed.getLang('justifyright_desc'), 'JustifyRight');
@@ -157,7 +182,7 @@
 
 		_handleMoreBreak : function(ed, url) {
 			var moreHTML = '<img src="' + url + '/img/trans.gif" alt="$1" class="mceWPmore mceItemNoResize" title="'+ed.getLang('wordpress.wp_more_alt')+'" />';
-            var nextpageHTML = '<img src="' + url + '/img/trans.gif" class="mceWPnextpage mceItemNoResize" title="'+ed.getLang('wordpress.wp_page_alt')+'" />';
+			var nextpageHTML = '<img src="' + url + '/img/trans.gif" class="mceWPnextpage mceItemNoResize" title="'+ed.getLang('wordpress.wp_page_alt')+'" />';
 
 			// Load plugin specific CSS into editor
 			ed.onInit.add(function() {
@@ -169,12 +194,12 @@
 				if (ed.theme.onResolveName) {
 					ed.theme.onResolveName.add(function(th, o) {
 						if (o.node.nodeName == 'IMG') {
-                            if ( ed.dom.hasClass(o.node, 'mceWPmore') )
-                                o.name = 'wpmore';
-                            if ( ed.dom.hasClass(o.node, 'mceWPnextpage') )
-                                o.name = 'wppage';
-                        }
-							
+							if ( ed.dom.hasClass(o.node, 'mceWPmore') )
+								o.name = 'wpmore';
+							if ( ed.dom.hasClass(o.node, 'mceWPnextpage') )
+								o.name = 'wppage';
+						}
+
 					});
 				}
 			});
@@ -190,15 +215,13 @@
 				if (o.get)
 					o.content = o.content.replace(/<img[^>]+>/g, function(im) {
 						if (im.indexOf('class="mceWPmore') !== -1) {
-                            var m;
-                            var moretext = (m = im.match(/alt="(.*?)"/)) ? m[1] : '';
-
-                            im = '<!--more'+moretext+'-->';
-                        }
-                        if (im.indexOf('class="mceWPnextpage') !== -1)
+							var m, moretext = (m = im.match(/alt="(.*?)"/)) ? m[1] : '';
+							im = '<!--more'+moretext+'-->';
+						}
+						if (im.indexOf('class="mceWPnextpage') !== -1)
 							im = '<!--nextpage-->';
-						
-                        return im;
+
+						return im;
 					});
 			});
 
@@ -212,4 +235,4 @@
 
 	// Register plugin
 	tinymce.PluginManager.add('wordpress', tinymce.plugins.WordPress);
-})();
+})();

wp-includes/js/tinymce/themes/advanced/about.htm

@@ -2,9 +2,9 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#advanced_dlg.about_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="../../utils/mctabs.js"></script>
-	<script type="text/javascript" src="js/about.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/mctabs.js?v=307"></script>
+	<script type="text/javascript" src="js/about.js?v=307"></script>
 </head>
 <body id="about" style="display: none">
 		<div class="tabs">

wp-includes/js/tinymce/themes/advanced/anchor.htm

@@ -2,8 +2,8 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#advanced_dlg.anchor_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/anchor.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/anchor.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body style="display: none">

wp-includes/js/tinymce/themes/advanced/charmap.htm

@@ -3,8 +3,8 @@
 <head>
 	<title>{#advanced_dlg.charmap_title}</title>
 	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/charmap.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/charmap.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body id="charmap" style="display:none">

wp-includes/js/tinymce/themes/advanced/color_picker.htm

@@ -2,9 +2,9 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#advanced_dlg.colorpicker_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="../../utils/mctabs.js"></script>
-	<script type="text/javascript" src="js/color_picker.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/mctabs.js?v=307"></script>
+	<script type="text/javascript" src="js/color_picker.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body id="colorpicker" style="display: none">

wp-includes/js/tinymce/themes/advanced/image.htm

@@ -2,10 +2,10 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#advanced_dlg.image_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="../../utils/mctabs.js"></script>
-	<script type="text/javascript" src="../../utils/form_utils.js"></script>
-	<script type="text/javascript" src="js/image.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/mctabs.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/form_utils.js?v=307"></script>
+	<script type="text/javascript" src="js/image.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body id="image" style="display: none">

wp-includes/js/tinymce/themes/advanced/js/image.js

@@ -108,7 +108,7 @@ var ImageDialog = {
 			// Handle align
 			v = getSelectValue(f, 'align');
 			cls = f.class_name.value || '';
-			cls = cls ? cls.replace(/alignright\s*|alignleft\s*/g, '') : '';
+			cls = cls ? cls.replace(/alignright\s*|alignleft\s*|aligncenter\s*/g, '') : '';
 			cls = cls ? cls.replace(/^\s*(.+?)\s*$/, '$1') : '';
 			if (v) {
 				if (v == 'left' || v == 'right') {

wp-includes/js/tinymce/themes/advanced/js/link.js

@@ -34,10 +34,10 @@ var LinkDialog = {
 		var f = document.forms[0], ed = tinyMCEPopup.editor, e, b;
 
 		tinyMCEPopup.restoreSelection();
+		e = ed.dom.getParent(ed.selection.getNode(), 'A');
 
 		// Remove element if there is no href
 		if (!f.href.value) {
-			e = ed.dom.getParent(ed.selection.getNode(), 'A');
 			if (e) {
 				tinyMCEPopup.execCommand("mceBeginUndoLevel");
 				b = ed.selection.getBookmark();
@@ -49,13 +49,42 @@ var LinkDialog = {
 			}
 		}
 
-		ed.execCommand('mceInsertLink', false, {
-			href : f.href.value,
-			title : f.linktitle.value,
-			target : f.target_list ? f.target_list.options[f.target_list.selectedIndex].value : null,
-			'class' : f.class_list ? f.class_list.options[f.class_list.selectedIndex].value : null
-		});
+		tinyMCEPopup.execCommand("mceBeginUndoLevel");
 
+		// Create new anchor elements
+		if (e == null) {
+			tinyMCEPopup.execCommand("CreateLink", false, "#mce_temp_url#", {skip_undo : 1});
+
+			tinymce.each(ed.dom.select("a"), function(n) {
+				if (ed.dom.getAttrib(n, 'href') == '#mce_temp_url#') {
+					e = n;
+
+					ed.dom.setAttribs(e, {
+						href : f.href.value,
+						title : f.linktitle.value,
+						target : f.target_list ? f.target_list.options[f.target_list.selectedIndex].value : null,
+						'class' : f.class_list ? f.class_list.options[f.class_list.selectedIndex].value : null
+					});
+				}
+			});
+		} else {
+			ed.dom.setAttribs(e, {
+				href : f.href.value,
+				title : f.linktitle.value,
+				target : f.target_list ? f.target_list.options[f.target_list.selectedIndex].value : null,
+				'class' : f.class_list ? f.class_list.options[f.class_list.selectedIndex].value : null
+			});
+		}
+
+		// Don't move caret if selection was image
+		if (e.childNodes.length != 1 || e.firstChild.nodeName != 'IMG') {
+			ed.focus();
+			ed.selection.select(e);
+			ed.selection.collapse(0);
+			tinyMCEPopup.storeSelection();
+		}
+
+		tinyMCEPopup.execCommand("mceEndUndoLevel");
 		tinyMCEPopup.close();
 	},
 

wp-includes/js/tinymce/themes/advanced/link.htm

@@ -2,11 +2,11 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>{#advanced_dlg.link_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="../../utils/mctabs.js"></script>
-	<script type="text/javascript" src="../../utils/form_utils.js"></script>
-	<script type="text/javascript" src="../../utils/validate.js"></script>
-	<script type="text/javascript" src="js/link.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/mctabs.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/form_utils.js?v=307"></script>
+	<script type="text/javascript" src="../../utils/validate.js?v=307"></script>
+	<script type="text/javascript" src="js/link.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body id="link" style="display: none">
@@ -25,7 +25,7 @@
             <td nowrap="nowrap"><label for="href">{#advanced_dlg.link_url}</label></td>
             <td><table border="0" cellspacing="0" cellpadding="0"> 
 				  <tr> 
-					<td><input id="href" name="href" type="text" class="mceFocus" value="http://" style="width: 200px" /></td> 
+					<td><input id="href" name="href" type="text" class="mceFocus" value="http://" style="width: 200px" onfocus="try{this.select();}catch(e){}" /></td> 
 					<td id="hrefbrowsercontainer">&nbsp;</td>
 				  </tr> 
 				</table></td>

wp-includes/js/tinymce/themes/advanced/skins/default/content.css

@@ -11,6 +11,8 @@ h6 {font-size: .75em}
 a.mceItemAnchor {width:12px; line-height:6px; overflow:hidden; padding-left:12px; background:url(img/items.gif) no-repeat bottom left;}
 img.mceItemAnchor {width:12px; height:12px; background:url(img/items.gif) no-repeat;}
 img {border:0;}
+table {cursor:default}
+table td, table th {cursor:text}
 
 /* IE */
 * html body {

wp-includes/js/tinymce/themes/advanced/skins/default/ui.css

@@ -34,15 +34,20 @@
 .defaultSkin td.mceRight table {margin:0 0 0 auto;}
 
 /* Button */
-.defaultSkin .mceButton {display:block; border:1px solid #F0F0EE; width:20px; height:20px; margin-right:1px;}
+.defaultSkin .mceButton {display:block; border:1px solid #F0F0EE; width:20px; height:20px; margin-right:1px}
 .defaultSkin a.mceButtonEnabled:hover {border:1px solid #0A246A; background-color:#B2BBD0}
 .defaultSkin a.mceButtonActive, .defaultSkin a.mceButtonSelected {border:1px solid #0A246A; background-color:#C2CBE0}
 .defaultSkin .mceButtonDisabled .mceIcon {opacity:0.3; filter:alpha(opacity=30)}
+.defaultSkin .mceButtonLabeled {width:auto}
+.defaultSkin .mceButtonLabeled span.mceIcon {float:left}
+.defaultSkin span.mceButtonLabel {display:block; font-size:10px; padding:4px 6px 0 22px; font-family:Tahoma,Verdana,Arial,Helvetica}
+.defaultSkin .mceButtonDisabled .mceButtonLabel {color:#888}
 
 /* Separator */
 .defaultSkin .mceSeparator {display:block; background:url(../../img/icons.gif) -180px 0; width:2px; height:20px; margin:2px 2px 0 4px}
 
 /* ListBox */
+.defaultSkin .mceListBox {direction:ltr}
 .defaultSkin .mceListBox, .defaultSkin .mceListBox a {display:block}
 .defaultSkin .mceListBox .mceText {padding-left:4px; width:70px; text-align:left; border:1px solid #CCC; border-right:0; background:#FFF; font-family:Tahoma,Verdana,Arial,Helvetica; font-size:11px; height:20px; line-height:20px; overflow:hidden}
 .defaultSkin .mceListBox .mceOpen {width:9px; height:20px; background:url(../../img/icons.gif) -741px 0; margin-right:2px; border:1px solid #CCC;}
@@ -55,7 +60,7 @@
 .defaultSkin select.mceNativeListBox {font-family:'MS Sans Serif',sans-serif,Verdana,Arial; font-size:7pt; background:#F0F0EE; border:1px solid gray; margin-right:2px;}
 
 /* SplitButton */
-.defaultSkin .mceSplitButton {width:32px; height:20px}
+.defaultSkin .mceSplitButton {width:32px; height:20px; direction:ltr}
 .defaultSkin .mceSplitButton a, .defaultSkin .mceSplitButton span {height:20px; display:block}
 .defaultSkin .mceSplitButton a.mceAction {width:20px; border:1px solid #F0F0EE; border-right:0;}
 .defaultSkin .mceSplitButton span.mceAction {width:20px; background:url(../../img/icons.gif) 20px 20px;}
@@ -153,8 +158,8 @@
 .defaultSkin span.mce_blockquote {background-position:-220px 0}
 .defaultSkin .mce_forecolor span.mceAction {background-position:-720px 0}
 .defaultSkin .mce_backcolor span.mceAction {background-position:-760px 0}
-.defaultSkin .mce_forecolorpicker {background-position:-720px 0}
-.defaultSkin .mce_backcolorpicker {background-position:-760px 0}
+.defaultSkin span.mce_forecolorpicker {background-position:-720px 0}
+.defaultSkin span.mce_backcolorpicker {background-position:-760px 0}
 
 /* Plugins */
 .defaultSkin span.mce_advhr {background-position:-0px -20px}

wp-includes/js/tinymce/themes/advanced/skins/o2k7/content.css

@@ -11,6 +11,8 @@ h6 {font-size: .75em}
 a.mceItemAnchor {width:12px; line-height:6px; overflow:hidden; padding-left:12px; background:url(../default/img/items.gif) no-repeat bottom left;}
 img.mceItemAnchor {width:12px; height:12px; background:url(../default/img/items.gif) no-repeat;}
 img {border:0;}
+table {cursor:default}
+table td, table th {cursor:text}
 
 /* IE */
 * html body {

wp-includes/js/tinymce/themes/advanced/skins/o2k7/ui.css

@@ -41,6 +41,10 @@
 .o2k7Skin a.mceButtonEnabled:hover {background-color:#B2BBD0; background-position:0 -22px}
 .o2k7Skin a.mceButtonActive, .o2k7Skin a.mceButtonSelected {background-position:0 -44px}
 .o2k7Skin .mceButtonDisabled .mceIcon {opacity:0.3; filter:alpha(opacity=30)}
+.o2k7Skin .mceButtonLabeled {width:auto}
+.o2k7Skin .mceButtonLabeled span.mceIcon {float:left}
+.o2k7Skin span.mceButtonLabel {display:block; font-size:10px; padding:4px 6px 0 22px; font-family:Tahoma,Verdana,Arial,Helvetica}
+.o2k7Skin .mceButtonDisabled .mceButtonLabel {color:#888}
 
 /* Separator */
 .o2k7Skin .mceSeparator {display:block; background:url(img/button_bg.png) -22px 0; width:5px; height:22px}
@@ -77,8 +81,8 @@
 .o2k7Skin .mceColorSplitMenu a.mceMoreColors {width:100%; height:auto; text-align:center; font-family:Tahoma,Verdana,Arial,Helvetica; font-size:11px; line-height:20px; border:1px solid #FFF}
 .o2k7Skin .mceColorSplitMenu a.mceMoreColors:hover {border:1px solid #0A246A; background-color:#B6BDD2}
 .o2k7Skin a.mceMoreColors:hover {border:1px solid #0A246A}
-.o2k7Skin .mceColorPreview {margin-left:2px; width:16px; height:4px; overflow:hidden; background:#9a9b9a}
-.o2k7Skin .mce_forecolor span.mceAction, .o2k7Skin .mce_backcolor span.mceAction {height:15px}
+.o2k7Skin .mceColorPreview {margin-left:2px; width:16px; height:4px; overflow:hidden; background:#9a9b9a;overflow:hidden}
+.o2k7Skin .mce_forecolor span.mceAction, .o2k7Skin .mce_backcolor span.mceAction {height:15px;overflow:hidden}
 
 /* Menu */
 .o2k7Skin .mceMenu {position:absolute; left:0; top:0; z-index:1000; border:1px solid #ABC6DD}
@@ -154,8 +158,8 @@
 .o2k7Skin span.mce_blockquote {background-position:-220px 0}
 .o2k7Skin .mce_forecolor span.mceAction {background-position:-720px 0}
 .o2k7Skin .mce_backcolor span.mceAction {background-position:-760px 0}
-.o2k7Skin .mce_forecolorpicker {background-position:-720px 0}
-.o2k7Skin .mce_backcolorpicker {background-position:-760px 0}
+.o2k7Skin span.mce_forecolorpicker {background-position:-720px 0}
+.o2k7Skin span.mce_backcolorpicker {background-position:-760px 0}
 
 /* Plugins */
 .o2k7Skin span.mce_advhr {background-position:-0px -20px}

wp-includes/js/tinymce/themes/advanced/source_editor.htm

@@ -2,8 +2,8 @@
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
 	<title>{#advanced_dlg.code_title}</title>
-	<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
-	<script type="text/javascript" src="js/source_editor.js"></script>
+	<script type="text/javascript" src="../../tiny_mce_popup.js?v=307"></script>
+	<script type="text/javascript" src="js/source_editor.js?v=307"></script>
 	<base target="_self" />
 </head>
 <body onresize="resizeInputs();" style="display:none; overflow:hidden;">

wp-includes/js/tinymce/tiny_mce_config.php

@@ -8,11 +8,16 @@
  *
  * This file compresses the TinyMCE JavaScript using GZip.
  **/
-  
+
+// Discard any buffers
+while ( @ob_end_clean() );
+
 @ require('../../../wp-config.php');
 
 function getFileContents($path) {
-	$path = realpath($path);
+
+	if ( function_exists('realpath') )
+		$path = realpath($path);
 
 	if ( ! $path || ! @is_file($path) )
 		return '';
@@ -49,11 +54,11 @@ function putFileContents( $path, $content ) {
 $https = ( isset($_SERVER['HTTPS']) && 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false;
 	
 $baseurl = get_option('siteurl') . '/wp-includes/js/tinymce';
-if ( $https ) str_replace('http://', 'https://', $baseurl);
+if ( $https ) $baseurl = str_replace('http://', 'https://', $baseurl);
 
 $mce_css = $baseurl . '/wordpress.css';
 $mce_css = apply_filters('mce_css', $mce_css);
-if ( $https ) str_replace('http://', 'https://', $mce_css);
+if ( $https ) $mce_css = str_replace('http://', 'https://', $mce_css);
 
 $mce_locale = ( '' == get_locale() ) ? 'en' : strtolower( substr(get_locale(), 0, 2) ); // only ISO 639-1
 
@@ -104,7 +109,7 @@ if ( ! empty($mce_external_plugins) ) {
 
 	foreach ( $mce_external_plugins as $name => $url ) {
 		
-		if ( $https ) str_replace('http://', 'https://', $url);
+		if ( $https ) $url = str_replace('http://', 'https://', $url);
 		
 		$plugins[] = '-' . $name;
 
@@ -150,6 +155,7 @@ $initArray = array (
 	'dialog_type' => 'modal',
 	'relative_urls' => false,
 	'remove_script_host' => false,
+	'convert_urls' => false,
 	'apply_source_formatting' => false,
 	'remove_linebreaks' => true,
 	'paste_convert_middot_lists' => true,
@@ -220,7 +226,7 @@ if ( $compress && isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) {
 // Setup cache info
 if ( $disk_cache ) {
 
-	$cacheKey = apply_filters('tiny_mce_version', '20080327');
+	$cacheKey = apply_filters('tiny_mce_version', '20080414');
 
 	foreach ( $initArray as $v )
 		$cacheKey .= $v;
@@ -256,8 +262,6 @@ if ( $disk_cache && is_file($cache_file) && is_readable($cache_file) ) {
 	if ( '.gz' == $cache_ext )
 		header( 'Content-Encoding: gzip' );
 
-	header( 'Content-Length: ' . strlen($content) );
-
 	echo $content;
 	exit;
 }
@@ -301,7 +305,6 @@ if ( '.gz' == $cache_ext ) {
 }
 
 // Stream to client
-header( 'Content-Length: ' . strlen($content) );
 echo $content;
 
 // Write file
@@ -326,4 +329,4 @@ if ( '' != $cacheKey && is_dir($cache_path) && is_readable($cache_path) ) {
 	putFileContents( $cache_file, $content );
 }
 
-?>
+?>

wp-includes/js/tinymce/tiny_mce_popup.js

@@ -101,7 +101,7 @@ tinyMCEPopup = {
 			u += '/langs/' + this.editor.settings.language + '_dlg.js';
 
 			if (!tinymce.ScriptLoader.isDone(u)) {
-				document.write('<script type="text/javascript" src="' + u + '"></script>');
+				document.write('<script type="text/javascript" src="' + tinymce._addVer(u) + '"></script>');
 				tinymce.ScriptLoader.markDone(u);
 			}
 		}
@@ -219,7 +219,7 @@ tinyMCEPopup = {
 			});
 		}
 
-		document.onkeydown = tinyMCEPopup._closeWinKeyHandler;
+		document.onkeyup = tinyMCEPopup._closeWinKeyHandler;
 	},
 
 	_accessHandler : function(e) {

wp-includes/js/tinymce/wordpress.css

@@ -1,5 +1,19 @@
 /* This file contains the CSS data for the editable area(iframe) of TinyMCE */
 
+.aligncenter {
+	display: block;
+	margin-left: auto;
+	margin-right: auto;
+}
+
+.alignleft {
+	float: left;
+}
+
+.alignright {
+	float: right;
+}
+
 body.mceContentBody {
 	background: #fff;
 	color: #000;

wp-includes/js/wp-lists.js

@@ -313,11 +313,11 @@ var wpList = {
 				var addEl = this;
 				var c = wpList.parseClass(this,'add')[2] || addEl.id;
 				if ( !c ) { return; }
-				var forms = []; var ins = [];
+				var forms = []; var ins = []; // this is all really inefficient
 				$('#' + c + ' :input').focus( function() { currentFormEl = this; } ).blur( function() { currentFormEl = false; } ).each( function() {
 					ins.push(this);
-					$.merge(forms,$(this).parents('form'));
-					forms = $.unique(forms);
+					var f = $(this).parents('form:first').get(0);
+					if ( $.inArray(f,forms) < 0 ) { forms.push(f); }
 				} );
 				$(forms).submit( function() {
 					if ( 0 <= $.inArray(currentFormEl,ins) ) {

wp-includes/link-template.php

@@ -80,13 +80,13 @@ function get_permalink($id = 0, $leavename=false) {
 			$category = $cats[0]->slug;
 			if ( $parent=$cats[0]->parent )
 				$category = get_category_parents($parent, FALSE, '/', TRUE) . $category;
-		}
 
-		// show default category in permalinks, without
-		// having to assign it explicitly
-		if ( empty($category) ) {
-			$default_category = get_category( get_option( 'default_category' ) );
-			$category = is_wp_error( $default_category)? '' : $default_category->slug; 
+			// show default category in permalinks, without
+			// having to assign it explicitly
+			if ( empty($category) ) {
+				$default_category = get_category( get_option( 'default_category' ) );
+				$category = is_wp_error( $default_category ) ? '' : $default_category->slug; 
+			}
 		}
 
 		$author = '';
@@ -179,12 +179,12 @@ function get_attachment_link($id = false) {
 			$parentlink = _get_page_link( $object->post_parent ); // Ignores page_on_front
 		else
 			$parentlink = get_permalink( $object->post_parent );
-		if ( ctype_digit($object->post_name) || false !== strpos(get_option('permalink_structure'), '%category%') )
+		if ( is_numeric($object->post_name) || false !== strpos(get_option('permalink_structure'), '%category%') )
 			$name = 'attachment/' . $object->post_name; // <permalink>/<int>/ is paged so we use the explicit attachment marker
 		else
 			$name = $object->post_name;
 		if (strpos($parentlink, '?') === false)
-			$link = trailingslashit($parentlink) . $name . '/';
+			$link = user_trailingslashit( trailingslashit($parentlink) . $name );
 	}
 
 	if (! $link ) {
@@ -402,7 +402,7 @@ function get_tag_feed_link($tag_id, $feed = '') {
 			$feed_link = 'feed';
 		else
 			$feed_link = "feed/$feed";
-		$link = $link . user_trailingslashit($feed_link, 'feed');
+		$link = trailingslashit($link) . user_trailingslashit($feed_link, 'feed');
 	}
 
 	$link = apply_filters('tag_feed_link', $link, $feed);
@@ -554,7 +554,7 @@ function get_adjacent_post($in_same_cat = false, $excluded_categories = '', $pre
 			}
 
 			if ( !empty($excluded_categories) ) {
-				$posts_in_ex_cats_sql = " AND tt.term_id NOT IN (" . implode($excluded_categories, ',') . ')';
+				$posts_in_ex_cats_sql = " AND tt.taxonomy = 'category' AND tt.term_id NOT IN (" . implode($excluded_categories, ',') . ')';
 			}
 		}
 	}
@@ -599,7 +599,8 @@ function adjacent_post_link($format, $link, $in_same_cat = false, $excluded_cate
 
 	$format = str_replace('%link', $link, $format);
 
-	echo $format;
+	$adjacent = $previous ? 'previous' : 'next';
+	echo apply_filters( "{$adjacent}_post_link", $format, $link );
 }
 
 function get_pagenum_link($pagenum = 1) {

wp-includes/media.php

@@ -90,15 +90,34 @@ function image_downsize($id, $size = 'medium') {
 
 }
 
-// return an <img src /> tag for the given image attachment, scaling it down if requested
+/**
+ * An <img src /> tag for an image attachment, scaling it down if requested.
+ *
+ * {@internal Missing Long Description}}
+ *
+ * @uses apply_filters() The 'get_image_tag_class' filter is the IMG element
+ *		class attribute.
+ * @uses apply_filters() The 'get_image_tag' filter is the full IMG element with
+ *		all attributes.
+ *
+ * @param int $id Attachment ID.
+ * @param string $alt Image Description for the alt attribute.
+ * @param string $title Image Description for the title attribute.
+ * @param string $align Part of the class name for aligning the image.
+ * @param string $size Optional. Default is 'medium'.
+ * @return string HTML IMG element for given image attachment
+ */
 function get_image_tag($id, $alt, $title, $align, $size='medium') {
 
 	list( $img_src, $width, $height ) = image_downsize($id, $size);
 	$hwstring = image_hwstring($width, $height);
 
-	$html = '<img src="'.attribute_escape($img_src).'" alt="'.attribute_escape($alt).'" title="'.attribute_escape($title).'" '.$hwstring.'class="align'.attribute_escape($align).' size-'.attribute_escape($size).' wp-image-'.$id.'" />';
+	$class = 'align'.attribute_escape($align).' size-'.attribute_escape($size).' wp-image-'.$id;
+	$class = apply_filters('get_image_tag_class', $class, $id, $align, $size);
 
-	$html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url );
+	$html = '<img src="'.attribute_escape($img_src).'" alt="'.attribute_escape($alt).'" title="'.attribute_escape($title).'" '.$hwstring.'class="'.$class.'" />';
+
+	$html = apply_filters( 'get_image_tag', $html, $id, $alt, $title, $align, $size );
 
 	return $html;
 }
@@ -243,6 +262,7 @@ function image_make_intermediate_size($file, $width, $height, $crop=false) {
 	if ( $width || $height ) {
 		$resized_file = image_resize($file, $width, $height, $crop);
 		if ( !is_wp_error($resized_file) && $resized_file && $info = getimagesize($resized_file) ) {
+			$resized_file = apply_filters('image_make_intermediate_size', $resized_file);
 			return array(
 				'file' => basename( $resized_file ),
 				'width' => $info[0],
@@ -324,7 +344,7 @@ function wp_get_attachment_image($attachment_id, $size='thumbnail', $icon = fals
 		$hwstring = image_hwstring($width, $height);
 		if ( is_array($size) )
 			$size = join('x', $size);
-		$html = '<img src="'.attribute_escape($src).'" '.$hwstring.'class="attachment-'.attribute_escape($size).'" />';
+		$html = '<img src="'.attribute_escape($src).'" '.$hwstring.'class="attachment-'.attribute_escape($size).'" alt="" />';
 	}
 	
 	return $html;
@@ -339,7 +359,14 @@ function gallery_shortcode($attr) {
 	$output = apply_filters('post_gallery', '', $attr);
 	if ( $output != '' )
 		return $output;
-		
+
+	// We're trusting author input, so let's at least make sure it looks like a valid orderby statement
+	if ( isset( $attr['orderby'] ) ) {
+		$attr['orderby'] = sanitize_sql_orderby( $attr['orderby'] );
+		if ( !$attr['orderby'] )
+			unset( $attr['orderby'] );
+	}
+
 	extract(shortcode_atts(array(
 		'orderby'    => 'menu_order ASC, ID ASC',
 		'id'         => $post->ID,
@@ -351,8 +378,7 @@ function gallery_shortcode($attr) {
 	), $attr));
 
 	$id = intval($id);
-	$orderby = addslashes($orderby);
-	$attachments = get_children("post_parent=$id&post_type=attachment&post_mime_type=image&orderby=\"{$orderby}\"");
+	$attachments = get_children("post_parent=$id&post_type=attachment&post_mime_type=image&orderby={$orderby}");
 
 	if ( empty($attachments) )
 		return '';
@@ -409,7 +435,7 @@ function gallery_shortcode($attr) {
 	}
 
 	$output .= "
-			<br style='clear: both;' >
+			<br style='clear: both;' />
 		</div>\n";
 
 	return $output;
@@ -426,7 +452,7 @@ function next_image_link() {
 function adjacent_image_link($prev = true) {
 	global $post;
 	$post = get_post($post);
-	$attachments = array_values(get_children("post_parent=$post->post_parent&post_type=attachment&post_mime_type=image&orderby=\"menu_order ASC, ID ASC\""));
+	$attachments = array_values(get_children("post_parent=$post->post_parent&post_type=attachment&post_mime_type=image&orderby=menu_order ASC, ID ASC"));
 
 	foreach ( $attachments as $k => $attachment )
 		if ( $attachment->ID == $post->ID )

wp-includes/pluggable.php

@@ -474,7 +474,11 @@ function wp_validate_auth_cookie($cookie = '') {
 		$cookie = $_COOKIE[AUTH_COOKIE];
 	}
 
-	list($username, $expiration, $hmac) = explode('|', $cookie);
+	$cookie_elements = explode('|', $cookie);
+	if ( count($cookie_elements) != 3 )
+		return false;
+
+	list($username, $expiration, $hmac) = $cookie_elements;
 
 	$expired = $expiration;
 
@@ -482,11 +486,12 @@ function wp_validate_auth_cookie($cookie = '') {
 	if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )
 		$expired += 3600;
 
+	// Quick check to see if an honest cookie has expired
 	if ( $expired < time() )
 		return false;
 
-	$key = wp_hash($username . $expiration);
-	$hash = hash_hmac('md5', $username . $expiration, $key);
+	$key = wp_hash($username . '|' . $expiration);
+	$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
 
 	if ( $hmac != $hash )
 		return false;
@@ -514,8 +519,8 @@ if ( !function_exists('wp_generate_auth_cookie') ) :
 function wp_generate_auth_cookie($user_id, $expiration) {
 	$user = get_userdata($user_id);
 
-	$key = wp_hash($user->user_login . $expiration);
-	$hash = hash_hmac('md5', $user->user_login . $expiration, $key);
+	$key = wp_hash($user->user_login . '|' . $expiration);
+	$hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
 
 	$cookie = $user->user_login . '|' . $expiration . '|' . $hash;
 
@@ -1071,11 +1076,7 @@ if ( !function_exists('wp_hash') ) :
 function wp_hash($data) {
 	$salt = wp_salt();
 
-	if ( function_exists('hash_hmac') ) {
-		return hash_hmac('md5', $data, $salt);
-	} else {
-		return md5($data . $salt);
-	}
+	return hash_hmac('md5', $data, $salt);
 }
 endif;
 
@@ -1167,12 +1168,14 @@ if ( !function_exists('wp_generate_password') ) :
  *
  * @return string The random password
  **/
-function wp_generate_password() {
-	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-	$length = 7;
+function wp_generate_password($length = 12, $special_chars = true) {
+	$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+	if ( $special_chars )
+		$chars .= '!@#$%^&*()';
+
 	$password = '';
 	for ( $i = 0; $i < $length; $i++ )
-		$password .= substr($chars, mt_rand(0, 61), 1);
+		$password .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
 	return $password;
 }
 endif;
@@ -1329,7 +1332,7 @@ if ( !function_exists('wp_login') ) :
  * global for why there was a failure can utilize it later.
  *
  * @since 1.2.2
- * @deprecated Use wp_signin()
+ * @deprecated Use wp_signon()
  * @global string $error Error when false is returned
  *
  * @param string $username User's username

wp-includes/post-template.php

@@ -373,7 +373,8 @@ function the_attachment_link($id = 0, $fullsize = false, $deprecated = false, $p
 
 // get an attachment page link using an image or icon if possible
 function wp_get_attachment_link($id = 0, $size = 'thumbnail', $permalink = false, $icon = false) {
-	$_post = & get_post( intval($id) );
+	$id = intval($id);
+	$_post = & get_post( $id );
 
 	if ( ('attachment' != $_post->post_type) || !$url = wp_get_attachment_url($_post->ID) )
 		return __('Missing Attachment');

wp-includes/post.php

@@ -165,20 +165,18 @@ function &get_post(&$post, $output = OBJECT, $filter = 'raw') {
 		else
 			return $null;
 	} elseif ( is_object($post) ) {
+		_get_post_ancestors($post);
 		wp_cache_add($post->ID, $post, 'posts');
 		$_post = &$post;
 	} else {
 		$post = (int) $post;
 		if ( ! $_post = wp_cache_get($post, 'posts') ) {
 			$_post = & $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post));
+			_get_post_ancestors($_post);
 			wp_cache_add($_post->ID, $_post, 'posts');
 		}
 	}
 
-	// Populate the ancestors field.
-	// Not cached since we don't clear cache for ancestors when a post changes.
-	_get_post_ancestors($_post);
-
 	$_post = sanitize_post($_post, $filter);
 
 	if ( $output == OBJECT ) {
@@ -201,12 +199,11 @@ function &get_post(&$post, $output = OBJECT, $filter = 'raw') {
  * @subpackage Post
  * @since 2.5
  *
- * @param string $field {@internal Missing Description}}
- * @param int|object &$post post ID or post object
+ * @param int|object $post post ID or post object
  * @return array of ancestor IDs
  */
 function get_post_ancestors($post) {
-	$post = get_post();
+	$post = get_post($post);
 
 	if ( !empty($post->ancestors) )
 		return $post->ancestors;
@@ -403,7 +400,7 @@ function set_post_type( $post_id = 0, $post_type = 'post' ) {
  * @param array $args {@internal Missing Description}}
  * @return array {@internal Missing Description}}
  */
-function get_posts($args) {
+function get_posts($args = null) {
 	global $wpdb;
 
 	$defaults = array(
@@ -460,6 +457,10 @@ function get_posts($args) {
 	if (!empty($exclusions))
 		$exclusions .= ')';
 
+	// orderby
+	if ( preg_match( '/.+ +(ASC|DESC)/i', $orderby ) )
+		$order = ''; // orderby has its own order, so we'll use that
+
 	$query  = "SELECT DISTINCT * FROM $wpdb->posts ";
 	$query .= empty( $category ) ? '' : ", $wpdb->term_relationships, $wpdb->term_taxonomy  ";
 	$query .= empty( $meta_key ) ? '' : ", $wpdb->postmeta ";
@@ -824,12 +825,21 @@ function wp_count_posts( $type = 'post', $perm = '' ) {
 
 	$user = wp_get_current_user();
 
+	$cache_key = $type;
+
 	$query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s";
 	if ( 'readable' == $perm && is_user_logged_in() ) {
-		if ( !current_user_can("read_private_{$type}s") )
+		if ( !current_user_can("read_private_{$type}s") ) {
+			$cache_key .= '_' . $perm . '_' . $user->ID;
 			$query .= " AND (post_status != 'private' OR ( post_author = '$user->ID' AND post_status = 'private' ))";
+		}
 	}
 	$query .= ' GROUP BY post_status';
+
+	$count = wp_cache_get($cache_key, 'counts');
+	if ( false !== $count )
+		return $count;
+
 	$count = $wpdb->get_results( $wpdb->prepare( $query, $type ), ARRAY_A );
 
 	$stats = array( );
@@ -837,9 +847,13 @@ function wp_count_posts( $type = 'post', $perm = '' ) {
 		$stats[$row['post_status']] = $row['num_posts'];
 	}
 
-	return (object) $stats;
+	$stats = (object) $stats;
+	wp_cache_set($cache_key, $stats, 'counts');
+
+	return $stats;
 }
 
+
 /**
  * wp_count_attachments() - Count number of attachments
  *
@@ -1149,7 +1163,7 @@ function wp_get_single_post($postid = 0, $mode = OBJECT) {
  * @param array $postarr post contents
  * @return int post ID or 0 on error
  */
-function wp_insert_post($postarr = array()) {
+function wp_insert_post($postarr = array(), $wp_error = false) {
 	global $wpdb, $wp_rewrite, $user_ID;
 
 	$defaults = array('post_status' => 'draft', 'post_type' => 'post', 'post_author' => $user_ID,
@@ -1172,8 +1186,12 @@ function wp_insert_post($postarr = array()) {
 		$previous_status = 'new';
 	}
 
-	if ( ('' == $post_content) && ('' == $post_title) && ('' == $post_excerpt) )
-		return 0;
+	if ( ('' == $post_content) && ('' == $post_title) && ('' == $post_excerpt) ) {
+		if ( $wp_error )
+			return new WP_Error('empty_content', __('Content, title, and excerpt are empty.'));
+		else
+			return 0;
+	}
 
 	// Make sure we set a valid category
 	if (0 == count($post_category) || !is_array($post_category)) {
@@ -1270,8 +1288,7 @@ function wp_insert_post($postarr = array()) {
 			$suffix = 2;
 			do {
 				$alt_post_name = substr($post_name, 0, 200-(strlen($suffix)+1)). "-$suffix";
-				// expected_slashed ($alt_post_name, $post_name, $post_type)
-				$post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_type = '$post_type' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent));
+				$post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_type, $post_ID, $post_parent));
 				$suffix++;
 			} while ($post_name_check);
 			$post_name = $alt_post_name;
@@ -1285,10 +1302,20 @@ function wp_insert_post($postarr = array()) {
 
 	if ($update) {
 		do_action( 'pre_post_update', $post_ID );
-		$wpdb->update( $wpdb->posts, $data, $where );
+		if ( false === $wpdb->update( $wpdb->posts, $data, $where ) ) {
+			if ( $wp_error )
+				return new WP_Error('db_update_error', __('Could not update post in the database'), $wpdb->last_error);
+			else
+				return 0;
+		}
 	} else {
 		$data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update
-		$wpdb->insert( $wpdb->posts, $data );
+		if ( false === $wpdb->insert( $wpdb->posts, $data ) ) {
+			if ( $wp_error )
+				return new WP_Error('db_insert_error', __('Could not insert post into the database'), $wpdb->last_error);
+			else
+				return 0;	
+		}
 		$post_ID = (int) $wpdb->insert_id;
 
 		// use the newly generated $post_ID
@@ -1305,19 +1332,29 @@ function wp_insert_post($postarr = array()) {
 
 	$current_guid = get_post_field( 'guid', $post_ID );
 
-	if ( 'page' == $post_type ) {
+	if ( 'page' == $post_type )
 		clean_page_cache($post_ID);
-	} else {
+	else
 		clean_post_cache($post_ID);
-	}
 
 	// Set GUID
 	if ( !$update && '' == $current_guid )
 		$wpdb->update( $wpdb->posts, array( 'guid' => get_permalink( $post_ID ) ), $where );
 
 	$post = get_post($post_ID);
-	if ( !empty($page_template) )
+
+	if ( !empty($page_template) && 'page' == $post_type ) {
 		$post->page_template = $page_template;
+		$page_templates = get_page_templates();
+		if ( 'default' != $page_template && !in_array($page_template, $page_templates) ) {
+			if ( $wp_error )
+				return new WP_Error('invalid_page_template', __('The page template is invalid.'));
+			else
+				return 0;
+		}
+		if ( ! update_post_meta($post_ID, '_wp_page_template',  $page_template) )
+			add_post_meta($post_ID, '_wp_page_template',  $page_template, true);
+	}
 
 	wp_transition_post_status($post_status, $previous_status, $post);
 
@@ -2408,7 +2445,7 @@ function wp_mime_type_icon( $mime = 0 ) {
 			$dirs = apply_filters( 'icon_dirs', array($icon_dir => $icon_dir_uri) );
 			$icon_files = array();
 			while ( $dirs ) {
-				$dir = array_shift(array_keys($dirs));
+				$dir = array_shift($keys = array_keys($dirs));
 				$uri = array_shift($dirs);
 				if ( $dh = opendir($dir) ) {
 					while ( false !== $file = readdir($dh) ) {
@@ -2668,6 +2705,9 @@ function update_post_cache(&$posts) {
  * @param int $id The Post ID in the cache to clean
  */
 function clean_post_cache($id) {
+	global $wpdb;
+	$id = (int) $id;
+
 	wp_cache_delete($id, 'posts');
 	wp_cache_delete($id, 'post_meta');
 
@@ -2676,6 +2716,11 @@ function clean_post_cache($id) {
 	wp_cache_delete( 'wp_get_archives', 'general' );
 
 	do_action('clean_post_cache', $id);
+
+	if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) ) {
+		foreach( $children as $cid )
+			clean_post_cache( $cid );
+	}
 }
 
 /**
@@ -2920,10 +2965,6 @@ function _publish_post_hook($post_id) {
  */
 function _save_post_hook($post_id, $post) {
 	if ( $post->post_type == 'page' ) {
-		if ( !empty($post->page_template) )
-			if ( ! update_post_meta($post_id, '_wp_page_template',  $post->page_template))
-				add_post_meta($post_id, '_wp_page_template',  $post->page_template, true);
-
 		clean_page_cache($post_id);
 		global $wp_rewrite;
 		$wp_rewrite->flush_rules();
@@ -2937,22 +2978,22 @@ function _save_post_hook($post_id, $post) {
 //
 
 function _get_post_ancestors(&$_post) {
-    global $wpdb;
+	global $wpdb;
 
-    if ( !empty($_post->ancestors) )
-    	return;
+	if ( isset($_post->ancestors) )
+		return;
 
-    $_post->ancestors = array();
+	$_post->ancestors = array();
 
-    if ( empty($_post->post_parent) || $_post->ID == $_post->post_parent )
-    	return;
+	if ( empty($_post->post_parent) || $_post->ID == $_post->post_parent )
+		return;
 
-    $id = $_post->ancestors[] = $_post->post_parent;
-    while ( $ancestor = $wpdb->get_var("SELECT `post_parent` FROM $wpdb->posts WHERE ID= '{$id}' LIMIT 1") ) {
-    	if ( $id == $ancestor )
-    		break;
-    	$id = $_post->ancestors[] = $ancestor;
-    }
+	$id = $_post->ancestors[] = $_post->post_parent;
+	while ( $ancestor = $wpdb->get_var( $wpdb->prepare("SELECT `post_parent` FROM $wpdb->posts WHERE ID = %d LIMIT 1", $id) ) ) {
+		if ( $id == $ancestor )
+			break;
+		$id = $_post->ancestors[] = $ancestor;
+	}
 }
 
 ?>

wp-includes/query.php

@@ -519,6 +519,7 @@ class WP_Query {
 		$qv['day'] = (int) $qv['day'];
 		$qv['w'] = (int) $qv['w'];
 		$qv['m'] =  (int) $qv['m'];
+		$qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers
 		if ( '' !== $qv['hour'] ) $qv['hour'] = (int) $qv['hour'];
 		if ( '' !== $qv['minute'] ) $qv['minute'] = (int) $qv['minute'];
 		if ( '' !== $qv['second'] ) $qv['second'] = (int) $qv['second'];
@@ -919,7 +920,8 @@ class WP_Query {
 					$reqpage = 0;
 			}
 
-			if  ( ('page' != get_option('show_on_front') ) || ( $reqpage != get_option('page_for_posts') ) ) {
+			$page_for_posts = get_option('page_for_posts');
+			if  ( ('page' != get_option('show_on_front') ) ||  empty($page_for_posts) || ( $reqpage != $page_for_posts ) ) {
 				$q['pagename'] = str_replace('%2F', '/', urlencode(urldecode($q['pagename'])));
 				$page_paths = '/' . trim($q['pagename'], '/');
 				$q['pagename'] = sanitize_title(basename($page_paths));
@@ -1249,6 +1251,7 @@ class WP_Query {
 				$orderby = $orderby_array[$i];
 				switch ($orderby) {
 					case 'menu_order':
+						break;
 					case 'ID':
 						$orderby = "$wpdb->posts.ID";
 						break;