2.7.1

git-svn-id: http://svn.automattic.com/wordpress/tags/2.7.1@10539 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/admin-ajax.php

@@ -431,6 +431,9 @@ case 'get-tagcloud' :
 	if ( empty( $tags ) )
 		die( __('No tags found!') );
 
+	if ( is_wp_error($tags) )
+		die($tags->get_error_message());
+
 	foreach ( $tags as $key => $tag ) {
 		$tags[ $key ]->link = '#';
 		$tags[ $key ]->id = $tag->term_id;
@@ -720,7 +723,7 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
 	$do_lock = true;
 
 	$data = '';
-	$message = sprintf( __('Draft Saved at %s.'), date( __('g:i:s a'), current_time( 'timestamp', true ) ) );
+	$message = sprintf( __('Draft Saved at %s.'), date_i18n( __('g:i:s a') ) );
 
 	$supplemental = array();
 

wp-admin/admin.php

@@ -61,7 +61,12 @@ if (isset($plugin_page)) {
 		$page_hook = get_plugin_page_hook($plugin_page, $plugin_page);
 		// backwards compatibility for plugins using add_management_page
 		if ( empty( $page_hook ) && 'edit.php' == $pagenow && '' != get_plugin_page_hook($plugin_page, 'tools.php') ) {
-			wp_redirect('tools.php?page=' . $plugin_page);
+			// There could be plugin specific params on the URL, so we need the whole query string
+			if ( !empty($_SERVER[ 'QUERY_STRING' ]) )
+				$query_string = $_SERVER[ 'QUERY_STRING' ];
+			else
+				$query_string = 'page=' . $plugin_page;
+			wp_redirect( 'tools.php?' . $query_string );
 			exit;
 		}
 	}

wp-admin/css/colors-classic.css

@@ -613,15 +613,15 @@ li.widget-list-control-item h4,
 	background-color: #fff;
 }
 
-.plugins .active {
+.plugins .active,
+.plugins .active th,
+.plugins .active td {
 	background-color: #e7f7d3;
 }
 
-.plugins .togl {
-	border-right-color: #ccc;
-}
-
-#the-comment-list .unapproved {
+#the-comment-list .unapproved,
+#the-comment-list .unapproved th,
+#the-comment-list .unapproved td {
 	background-color: #ffffe0;
 }
 

wp-admin/css/colors-fresh.css

@@ -613,15 +613,15 @@ li.widget-list-control-item h4,
 	background-color: #fff;
 }
 
-.plugins .active {
+.plugins .active,
+.plugins .active th,
+.plugins .active td {
 	background-color: #e7f7d3;
 }
 
-.plugins .togl {
-	border-right-color: #ccc;
-}
-
-#the-comment-list .unapproved {
+#the-comment-list .unapproved,
+#the-comment-list .unapproved th,
+#the-comment-list .unapproved td {
 	background-color: #ffffe0;
 }
 

wp-admin/css/ie.css

@@ -179,6 +179,10 @@ ul#adminmenu {
 }
 /* end Inline Editor */
 
+input {
+	line-height: 1;
+}
+
 * html .row-actions {
 	visibility: visible;
 }
@@ -273,7 +277,8 @@ form#template div {
 	width: 100%;
 }
 
-#ed_toolbar input {
+#ed_toolbar input,
+#ed_reply_toolbar input {
 	overflow: visible;
 	padding: 0 4px;
 }

wp-admin/css/press-this.css

@@ -120,9 +120,7 @@ div.zerosize {
 	font-weight: bold;
 	padding: 7px;
 	margin: 0 0 10px;
-	background-image: url(../images/postbox-bg.gif);
-	background-position: left top;
-	background-repeat: repeat-x;
+	background: #dfdfdf url("../images/gray-grad.png") repeat-x left top;
 	font-size: 12px;
 	font-weight: bold;
 	line-height: 1;

wp-admin/edit-comments.php

@@ -18,8 +18,11 @@ if ( ( isset( $_REQUEST['delete_all_spam'] ) || isset( $_REQUEST['delete_all_spa
 	check_admin_referer('bulk-spam-delete', '_spam_nonce');
 
 	$delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] );
-	$deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" );
-
+	if ( current_user_can('moderate_comments')) {
+		$deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" );
+	} else {
+		$deleted_spam = 0;
+	}
 	$redirect_to = 'edit-comments.php?comment_status=spam&deleted=' . (int) $deleted_spam;
 	if ( $post_id )
 		$redirect_to = add_query_arg( 'p', absint( $post_id ), $redirect_to );
@@ -272,9 +275,11 @@ $page_links = paginate_links( array(
 <?php }
 
 if ( 'spam' == $comment_status ) {
-	wp_nonce_field('bulk-spam-delete', '_spam_nonce'); ?>
-<input type="submit" name="delete_all_spam" value="<?php _e('Delete All Spam'); ?>" class="button-secondary apply" />
-<?php } ?>
+	wp_nonce_field('bulk-spam-delete', '_spam_nonce'); 
+        if ( current_user_can ('moderate_comments')) { ?>
+		<input type="submit" name="delete_all_spam" value="<?php _e('Delete All Spam'); ?>" class="button-secondary apply" />
+<?php	}
+} ?>
 <?php do_action('manage_comments_nav', $comment_status); ?>
 </div>
 
@@ -324,7 +329,7 @@ if ( $page_links )
 <?php if ( empty($comment_status) || 'approved' == $comment_status ): ?>
 <option value="unapprove"><?php _e('Unapprove'); ?></option>
 <?php endif; ?>
-<?php if ( empty($comment_status) || 'moderated' == $comment_status ): ?>
+<?php if ( empty($comment_status) || 'moderated' == $comment_status || 'spam' == $comment_status ): ?>
 <option value="approve"><?php _e('Approve'); ?></option>
 <?php endif; ?>
 <?php if ( 'spam' != $comment_status ): ?>

wp-admin/edit-link-form.php

@@ -118,7 +118,7 @@ function link_categories_meta_box($link) { ?>
 	<p id="link-category-add" class="wp-hidden-child">
 		<label class="hidden" for="newcat"><?php _e( '+ Add New Category' ); ?></label>
 		<input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _e( 'New category name' ); ?>" aria-required="true" />
-		<input type="button" id="category-add-sumbit" class="add:categorychecklist:linkcategorydiv button" value="<?php _e( 'Add' ); ?>" />
+		<input type="button" id="category-add-submit" class="add:categorychecklist:linkcategorydiv button" value="<?php _e( 'Add' ); ?>" />
 		<?php wp_nonce_field( 'add-link-category', '_ajax_nonce', false ); ?>
 		<span id="category-ajax-response"></span>
 	</p>

wp-admin/import/blogger.php

@@ -550,7 +550,7 @@ class Blogger_Import {
 		$post_status  = isset( $entry->draft ) ? 'draft' : 'publish';
 
 		// Clean up content
-		$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+		$post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content);
 		$post_content = str_replace('<br>', '<br />', $post_content);
 		$post_content = str_replace('<hr>', '<hr />', $post_content);
 
@@ -603,7 +603,7 @@ class Blogger_Import {
 		$comment_content = addslashes( $this->no_apos( html_entity_decode( $entry->content ) ) );
 
 		// Clean up content
-		$comment_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $comment_content);
+		$comment_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $comment_content);
 		$comment_content = str_replace('<br>', '<br />', $comment_content);
 		$comment_content = str_replace('<hr>', '<hr />', $comment_content);
 

wp-admin/import/blogware.php

@@ -89,7 +89,7 @@ class BW_Import {
 			}
 
 			// Clean up content
-			$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+			$post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content);
 			$post_content = str_replace('<br>', '<br />', $post_content);
 			$post_content = str_replace('<hr>', '<hr />', $post_content);
 			$post_content = $wpdb->escape($post_content);
@@ -129,7 +129,7 @@ class BW_Import {
 					$comment_content = $this->unhtmlentities($comment_content);
 
 					// Clean up content
-					$comment_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $comment_content);
+					$comment_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $comment_content);
 					$comment_content = str_replace('<br>', '<br />', $comment_content);
 					$comment_content = str_replace('<hr>', '<hr />', $comment_content);
 					$comment_content = $wpdb->escape($comment_content);

wp-admin/import/livejournal.php

@@ -70,7 +70,7 @@ class LJ_Import {
 			$post_content = $this->unhtmlentities($post_content);
 
 			// Clean up content
-			$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+			$post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content);
 			$post_content = str_replace('<br>', '<br />', $post_content);
 			$post_content = str_replace('<hr>', '<hr />', $post_content);
 			$post_content = $wpdb->escape($post_content);
@@ -106,7 +106,7 @@ class LJ_Import {
 					$comment_content = $this->unhtmlentities($comment_content);
 
 					// Clean up content
-					$comment_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $comment_content);
+					$comment_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $comment_content);
 					$comment_content = str_replace('<br>', '<br />', $comment_content);
 					$comment_content = str_replace('<hr>', '<hr />', $comment_content);
 					$comment_content = $wpdb->escape($comment_content);

wp-admin/import/mt.php

@@ -438,8 +438,10 @@ class MT_Import {
 				$ping->comment_author = $blog;
 			} else {
 				// Processing multi-line field, check context.
-
-				$line .= "\n";
+				
+				if( !empty($line) )
+					$line .= "\n";
+					
 				if ( 'body' == $context ) {
 					$post->post_content .= $line;
 				} else if ( 'extended' ==  $context ) {

wp-admin/import/rss.php

@@ -103,7 +103,7 @@ class RSS_Import {
 			}
 
 			// Clean up content
-			$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+			$post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content);
 			$post_content = str_replace('<br>', '<br />', $post_content);
 			$post_content = str_replace('<hr>', '<hr />', $post_content);
 

wp-admin/import/wordpress.php

@@ -381,12 +381,12 @@ class WP_Import {
 		$post_author    = $this->get_tag( $post, 'dc:creator' );
 
 		$post_excerpt = $this->get_tag( $post, 'excerpt:encoded' );
-		$post_excerpt = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_excerpt);
+		$post_excerpt = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_excerpt);
 		$post_excerpt = str_replace('<br>', '<br />', $post_excerpt);
 		$post_excerpt = str_replace('<hr>', '<hr />', $post_excerpt);
 
 		$post_content = $this->get_tag( $post, 'content:encoded' );
-		$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+		$post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content);
 		$post_content = str_replace('<br>', '<br />', $post_content);
 		$post_content = str_replace('<hr>', '<hr />', $post_content);
 

wp-admin/includes/bookmark.php

@@ -142,8 +142,13 @@ function wp_insert_link( $linkdata, $wp_error = false ) {
 	if ( !empty( $link_id ) )
 		$update = true;
 
-	if ( trim( $link_name ) == '' )
-		return 0;
+	if ( trim( $link_name ) == '' ) {
+		if ( trim( $link_url ) != '' ) {
+			$link_name = $link_url;
+		} else {
+			return 0;
+		}
+	}
 
 	if ( trim( $link_url ) == '' )
 		return 0;

wp-admin/includes/dashboard.php

@@ -181,12 +181,13 @@ function wp_dashboard_right_now() {
 
 	// Posts
 	$num = number_format_i18n( $num_posts->publish );
-	if ( current_user_can( 'edit_posts' ) )
-		$text = "<a href='edit.php'>$num</a>";
-	else
-		$text = $num;
-	echo '<td class="first b b-posts">' . $text . '</td>';
-	echo '<td class="t posts">' . __ngettext( 'Post', 'Posts', intval($num_posts->publish) ) . '</td>';
+	$text = __ngettext( 'Post', 'Posts', intval($num_posts->publish) );
+	if ( current_user_can( 'edit_posts' ) ) {
+		$num = "<a href='edit.php'>$num</a>";
+		$text = "<a href='edit.php'>$text</a>";
+	}
+	echo '<td class="first b b-posts">' . $num . '</td>';
+	echo '<td class="t posts">' . $text . '</td>';
 	/* TODO: Show status breakdown on hover
 	if ( $can_edit_pages && !empty($num_pages->publish) ) { // how many pages is not exposed in feeds.  Don't show if !current_user_can
 		$post_type_texts[] = '<a href="edit-pages.php">'.sprintf( __ngettext( '%s page', '%s pages', $num_pages->publish ), number_format_i18n( $num_pages->publish ) ).'</a>';
@@ -206,58 +207,79 @@ function wp_dashboard_right_now() {
 
 	// Total Comments
 	$num = number_format_i18n($num_comm->total_comments);
-	if ( current_user_can( 'moderate_comments' ) )
+	$text = __ngettext( 'Comment', 'Comments', $num_comm->total_comments );
+	if ( current_user_can( 'moderate_comments' ) ) {
 		$num = "<a href='edit-comments.php'>$num</a>";
-	echo '<td class="b b-comments">'.$num.'</td>';
-	echo '<td class="last t comments">' . __ngettext( 'Comment', 'Comments', $num_comm->total_comments ) . '</td>';
+		$text = "<a href='edit-comments.php'>$text</a>";
+	}
+	echo '<td class="b b-comments">' . $num . '</td>';
+	echo '<td class="last t comments">' . $text . '</td>';
 
 	echo '</tr><tr>';
 
 	// Pages
 	$num = number_format_i18n( $num_pages->publish );
-	if ( current_user_can( 'edit_pages' ) )
+	$text = __ngettext( 'Page', 'Pages', $num_pages->publish );
+	if ( current_user_can( 'edit_pages' ) ) {
 		$num = "<a href='edit-pages.php'>$num</a>";
-	echo '<td class="first b b_pages">'.$num.'</td>';
-	echo '<td class="t pages">' . __ngettext( 'Page', 'Pages', $num_pages->publish ) . '</td>';
+		$text = "<a href='edit-pages.php'>$text</a>";
+	}
+	echo '<td class="first b b_pages">' . $num . '</td>';
+	echo '<td class="t pages">' . $text . '</td>';
 
 	// Approved Comments
 	$num = number_format_i18n($num_comm->approved);
-	if ( current_user_can( 'moderate_comments' ) )
+	$text = __ngettext( 'Approved', 'Approved', $num_comm->approved );
+	if ( current_user_can( 'moderate_comments' ) ) {
 		$num = "<a href='edit-comments.php?comment_status=approved'>$num</a>";
-	echo '<td class="b b_approved">'.$num.'</td>';
-	echo '<td class="last t approved">' . __ngettext( 'Approved', 'Approved', $num_comm->approved ) . '</td>';
+		$text = "<a class='approved' href='edit-comments.php?comment_status=approved'>$text</a>";
+	}
+	echo '<td class="b b_approved">' . $num . '</td>';
+	echo '<td class="last t">' . $text . '</td>';
 
 	echo "</tr>\n\t<tr>";
 
 	// Categories
 	$num = number_format_i18n( $num_cats );
-	if ( current_user_can( 'manage_categories' ) )
+	$text = __ngettext( 'Category', 'Categories', $num_cats );
+	if ( current_user_can( 'manage_categories' ) ) {
 		$num = "<a href='categories.php'>$num</a>";
-	echo '<td class="first b b-cats">'.$num.'</td>';
-	echo '<td class="t cats">' . __ngettext( 'Category', 'Categories', $num_cats ) . '</td>';
+		$text = "<a href='categories.php'>$text</a>";
+	}
+	echo '<td class="first b b-cats">' . $num . '</td>';
+	echo '<td class="t cats">' . $text . '</td>';
 
 	// Pending Comments
 	$num = number_format_i18n($num_comm->moderated);
-	if ( current_user_can( 'moderate_comments' ) )
+	$text = __ngettext( 'Pending', 'Pending', $num_comm->moderated );
+	if ( current_user_can( 'moderate_comments' ) ) {
 		$num = "<a href='edit-comments.php?comment_status=moderated'><span class='pending-count'>$num</span></a>";
-	echo '<td class="b b-waiting">'.$num.'</td>';
-	echo '<td class="last t waiting">' . __ngettext( 'Pending', 'Pending', $num_comm->moderated ) . '</td>';
+		$text = "<a class='waiting' href='edit-comments.php?comment_status=moderated'>$text</a>";
+	}
+	echo '<td class="b b-waiting">' . $num . '</td>';
+	echo '<td class="last t">' . $text . '</td>';
 
 	echo "</tr>\n\t<tr>";
 
 	// Tags
 	$num = number_format_i18n( $num_tags );
-	if ( current_user_can( 'manage_categories' ) )
+	$text = __ngettext( 'Tag', 'Tags', $num_tags );
+	if ( current_user_can( 'manage_categories' ) ) {
 		$num = "<a href='edit-tags.php'>$num</a>";
-	echo '<td class="first b b-tags">'.$num.'</td>';
-	echo '<td class="t tags">' . __ngettext( 'Tag', 'Tags', $num_tags ) . '</td>';
+		$text = "<a href='edit-tags.php'>$text</a>";
+	}
+	echo '<td class="first b b-tags">' . $num . '</td>';
+	echo '<td class="t tags">' . $text . '</td>';
 
 	// Spam Comments
 	$num = number_format_i18n($num_comm->spam);
-	if ( current_user_can( 'moderate_comments' ) )
+	$text = __ngettext( 'Spam', 'Spam', $num_comm->spam );
+	if ( current_user_can( 'moderate_comments' ) ) {
 		$num = "<a href='edit-comments.php?comment_status=spam'><span class='spam-count'>$num</span></a>";
-	echo '<td class="b b-spam">'.$num.'</td>';
-	echo '<td class="last t spam">' . __ngettext( 'Spam', 'Spam', $num_comm->spam ) . '</td>';
+		$text = "<a class='spam' href='edit-comments.php?comment_status=spam'>$text</a>";
+	}
+	echo '<td class="b b-spam">' . $num . '</td>';
+	echo '<td class="last t">' . $text . '</td>';
 
 	echo "</tr>";
 	do_action('right_now_table_end');
@@ -281,7 +303,7 @@ function wp_dashboard_right_now() {
 
 	update_right_now_message();
 
-	echo "\n\t".'</div>';
+	echo "\n\t".'<br class="clear" /></div>';
 	do_action( 'rightnow_end' );
 	do_action( 'activity_box_end' );
 }

wp-admin/includes/file.php

@@ -667,8 +667,13 @@ function request_filesystem_credentials($form_post, $type = '', $error = false)
 	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? $_POST['public_key'] : $credentials['public_key']);
 	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? $_POST['private_key'] : $credentials['private_key']);
 
+	//sanitize the hostname, Some people might pass in odd-data:
+	$credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
+
 	if ( strpos($credentials['hostname'], ':') )
 		list( $credentials['hostname'], $credentials['port'] ) = explode(':', $credentials['hostname'], 2);
+	else
+		unset($credentials['port']);
 
 	if ( defined('FTP_SSH') || (isset($_POST['connection_type']) && 'ssh' == $_POST['connection_type']) )
 		$credentials['connection_type'] = 'ssh';
@@ -679,7 +684,10 @@ function request_filesystem_credentials($form_post, $type = '', $error = false)
 
 	if ( ! $error && !empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) ) {
 		$stored_credentials = $credentials;
-		unset($stored_credentials['password'], $stored_credentials['private_key'], $stored_credentials['public_key']);
+		if ( !empty($stored_credentials['port']) ) //save port as part of hostname to simplify above code.
+			$stored_credentials['hostname'] .= ':' . $stored_credentials['port'];
+
+		unset($stored_credentials['password'], $stored_credentials['port'], $stored_credentials['private_key'], $stored_credentials['public_key']);
 		update_option('ftp_credentials', $stored_credentials);
 		return $credentials;
 	}

wp-admin/includes/media.php

@@ -369,6 +369,11 @@ add_action('media_upload_media', 'media_upload_handler');
 function media_upload_form_handler() {
 	check_admin_referer('media-form');
 
+	if ( isset($_POST['send']) ) {
+		$keys = array_keys($_POST['send']);
+		$send_id = (int) array_shift($keys);
+	}
+	
 	if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
 		$post = $_post = get_post($attachment_id, ARRAY_A);
 		if ( isset($attachment['post_content']) )
@@ -379,8 +384,10 @@ function media_upload_form_handler() {
 			$post['post_excerpt'] = $attachment['post_excerpt'];
 		if ( isset($attachment['menu_order']) )
 			$post['menu_order'] = $attachment['menu_order'];
-		if ( isset($attachment['post_parent']) )
-			$post['post_parent'] = $attachment['post_parent'];
+		if ( isset($send_id) && $attachment_id == $send_id ) {
+			if ( isset($attachment['post_parent']) )
+				$post['post_parent'] = $attachment['post_parent'];
+		}
 
 		$post = apply_filters('attachment_fields_to_save', $post, $attachment);
 
@@ -408,9 +415,7 @@ function media_upload_form_handler() {
 		exit;
 	}
 
-	if ( isset($_POST['send']) ) {
-		$keys = array_keys($_POST['send']);
-		$send_id = (int) array_shift($keys);
+	if ( isset($send_id) ) {
 		$attachment = stripslashes_deep( $_POST['attachments'][$send_id] );
 		$html = $attachment['post_title'];
 		if ( !empty($attachment['url']) ) {

wp-admin/includes/plugin.php

@@ -121,7 +121,7 @@ function _get_plugin_data_markup_translate($plugin_data, $markup = true, $transl
 		else
 			$plugin_data['Title'] = $plugin_data['Name'];
 
-		if ( ! empty($plugin_data['AuthorURI']) )
+		if ( ! empty($plugin_data['AuthorURI']) && ! empty($plugin_data['Author']) )
 			$plugin_data['Author'] = '<a href="' . $plugin_data['AuthorURI'] . '" title="' . __( 'Visit author homepage' ) . '">' . $plugin_data['Author'] . '</a>';
 
 		$plugin_data['Description'] = wptexturize( $plugin_data['Description'] );
@@ -862,7 +862,7 @@ function user_can_access_admin_page() {
 
 	$parent = get_admin_page_parent();
 
-	if ( isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
+	if ( !isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
 		return false;
 
 	if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )

wp-admin/includes/post.php

@@ -228,7 +228,7 @@ function bulk_edit_posts( $post_data = null ) {
 	if ( empty($post_data) )
 		$post_data = &$_POST;
 
-	if ( 'page' == $post_data['post_type'] ) {
+	if ( isset($post_data['post_type']) && 'page' == $post_data['post_type'] ) {
 		if ( ! current_user_can( 'edit_pages' ) )
 			wp_die( __('You are not allowed to edit pages.') );
 	} else {
@@ -236,7 +236,7 @@ function bulk_edit_posts( $post_data = null ) {
 			wp_die( __('You are not allowed to edit posts.') );
 	}
 
-	$post_IDs = array_map( intval, (array) $post_data['post'] );
+	$post_IDs = array_map( 'intval', (array) $post_data['post'] );
 
 	$reset = array( 'post_author', 'post_status', 'post_password', 'post_parent', 'page_template', 'comment_status', 'ping_status', 'keep_private', 'tags_input', 'post_category', 'sticky' );
 	foreach ( $reset as $field ) {
@@ -909,6 +909,8 @@ function get_sample_permalink($id, $title=null, $name = null) {
 		$post->post_name = sanitize_title($name? $name : $title, $post->ID);
 	}
 
+	$post->filter = 'sample'; 
+
 	$permalink = get_permalink($post, true);
 
 	// Handle page hierarchy
@@ -926,6 +928,8 @@ function get_sample_permalink($id, $title=null, $name = null) {
 	$post->post_status = $original_status;
 	$post->post_date = $original_date;
 	$post->post_name = $original_name;
+	unset($post->filter);
+
 	return $permalink;
 }
 
@@ -1161,9 +1165,9 @@ function wp_tiny_mce( $teeny = false ) {
 
 			if ( ! empty($mce_external_languages) ) {
 				foreach ( $mce_external_languages as $name => $path ) {
-					if ( is_file($path) && is_readable($path) ) {
+					if ( @is_file($path) && @is_readable($path) ) {
 						include_once($path);
-						$ext_plugins .= $strings;
+						$ext_plugins .= $strings . "\n";
 						$loaded_langs[] = $name;
 					}
 				}
@@ -1184,21 +1188,21 @@ function wp_tiny_mce( $teeny = false ) {
 					if ( function_exists('realpath') )
 						$path = trailingslashit( realpath($path) );
 
-					if ( is_file($path . $mce_locale . '.js') )
-						$strings .= @file_get_contents($path . $mce_locale . '.js');
+					if ( @is_file($path . $mce_locale . '.js') )
+						$strings .= @file_get_contents($path . $mce_locale . '.js') . "\n";
 
-					if ( is_file($path . $mce_locale . '_dlg.js') )
-						$strings .= @file_get_contents($path . $mce_locale . '_dlg.js');
+					if ( @is_file($path . $mce_locale . '_dlg.js') )
+						$strings .= @file_get_contents($path . $mce_locale . '_dlg.js') . "\n";
 
 					if ( 'en' != $mce_locale && empty($strings) ) {
-						if ( is_file($path . 'en.js') ) {
+						if ( @is_file($path . 'en.js') ) {
 							$str1 = @file_get_contents($path . 'en.js');
-							$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 );
+							$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 ) . "\n";
 						}
 
-						if ( is_file($path . 'en_dlg.js') ) {
+						if ( @is_file($path . 'en_dlg.js') ) {
 							$str2 = @file_get_contents($path . 'en_dlg.js');
-							$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 );
+							$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 ) . "\n";
 						}
 					}
 
@@ -1346,4 +1350,4 @@ tinyMCE.init(tinyMCEPreInit.mceInit);
 
 <?php
 }
-?>
+?>

wp-admin/includes/schema.php

@@ -351,7 +351,7 @@ function populate_roles_160() {
 	add_role('subscriber', 'Subscriber|User role');
 
 	// Add caps for Administrator role
-	$role = get_role('administrator');
+	$role =& get_role('administrator');
 	$role->add_cap('switch_themes');
 	$role->add_cap('edit_themes');
 	$role->add_cap('activate_plugins');
@@ -384,7 +384,7 @@ function populate_roles_160() {
 	$role->add_cap('level_0');
 
 	// Add caps for Editor role
-	$role = get_role('editor');
+	$role =& get_role('editor');
 	$role->add_cap('moderate_comments');
 	$role->add_cap('manage_categories');
 	$role->add_cap('manage_links');
@@ -406,7 +406,7 @@ function populate_roles_160() {
 	$role->add_cap('level_0');
 
 	// Add caps for Author role
-	$role = get_role('author');
+	$role =& get_role('author');
 	$role->add_cap('upload_files');
 	$role->add_cap('edit_posts');
 	$role->add_cap('edit_published_posts');
@@ -417,14 +417,14 @@ function populate_roles_160() {
 	$role->add_cap('level_0');
 
 	// Add caps for Contributor role
-	$role = get_role('contributor');
+	$role =& get_role('contributor');
 	$role->add_cap('edit_posts');
 	$role->add_cap('read');
 	$role->add_cap('level_1');
 	$role->add_cap('level_0');
 
 	// Add caps for Subscriber role
-	$role = get_role('subscriber');
+	$role =& get_role('subscriber');
 	$role->add_cap('read');
 	$role->add_cap('level_0');
 }
@@ -437,7 +437,7 @@ function populate_roles_160() {
 function populate_roles_210() {
 	$roles = array('administrator', 'editor');
 	foreach ($roles as $role) {
-		$role = get_role($role);
+		$role =& get_role($role);
 		if ( empty($role) )
 			continue;
 
@@ -458,19 +458,19 @@ function populate_roles_210() {
 		$role->add_cap('read_private_pages');
 	}
 
-	$role = get_role('administrator');
+	$role =& get_role('administrator');
 	if ( ! empty($role) ) {
 		$role->add_cap('delete_users');
 		$role->add_cap('create_users');
 	}
 
-	$role = get_role('author');
+	$role =& get_role('author');
 	if ( ! empty($role) ) {
 		$role->add_cap('delete_posts');
 		$role->add_cap('delete_published_posts');
 	}
 
-	$role = get_role('contributor');
+	$role =& get_role('contributor');
 	if ( ! empty($role) ) {
 		$role->add_cap('delete_posts');
 	}
@@ -482,7 +482,7 @@ function populate_roles_210() {
  * @since 2.3.0
  */
 function populate_roles_230() {
-	$role = get_role( 'administrator' );
+	$role =& get_role( 'administrator' );
 
 	if ( !empty( $role ) ) {
 		$role->add_cap( 'unfiltered_upload' );
@@ -495,7 +495,7 @@ function populate_roles_230() {
  * @since 2.5.0
  */
 function populate_roles_250() {
-	$role = get_role( 'administrator' );
+	$role =& get_role( 'administrator' );
 
 	if ( !empty( $role ) ) {
 		$role->add_cap( 'edit_dashboard' );
@@ -508,7 +508,7 @@ function populate_roles_250() {
  * @since 2.6.0
  */
 function populate_roles_260() {
-	$role = get_role( 'administrator' );
+	$role =& get_role( 'administrator' );
 
 	if ( !empty( $role ) ) {
 		$role->add_cap( 'update_plugins' );
@@ -522,7 +522,7 @@ function populate_roles_260() {
  * @since 2.7.0
  */
 function populate_roles_270() {
-	$role = get_role( 'administrator' );
+	$role =& get_role( 'administrator' );
 
 	if ( !empty( $role ) ) {
 		$role->add_cap( 'install_plugins' );

wp-admin/includes/template.php

@@ -439,8 +439,10 @@ class Walker_Category_Checklist extends Walker {
  * @param unknown_type $selected_cats
  * @param unknown_type $popular_cats
  */
-function wp_category_checklist( $post_id = 0, $descendants_and_self = 0, $selected_cats = false, $popular_cats = false ) {
-	$walker = new Walker_Category_Checklist;
+function wp_category_checklist( $post_id = 0, $descendants_and_self = 0, $selected_cats = false, $popular_cats = false, $walker = null ) {
+	if ( empty($walker) || !is_a($walker, 'Walker') )
+		$walker = new Walker_Category_Checklist;
+
 	$descendants_and_self = (int) $descendants_and_self;
 
 	$args = array();
@@ -2397,7 +2399,7 @@ function touch_time( $edit = 1, $for_post = 1, $tab_index = 0, $multi = 0 ) {
 	global $wp_locale, $post, $comment;
 
 	if ( $for_post )
-		$edit = ( in_array($post->post_status, array('draft', 'pending') ) && (!$post->post_date || '0000-00-00 00:00:00' == $post->post_date ) ) ? false : true;
+		$edit = ( in_array($post->post_status, array('draft', 'pending') ) && (!$post->post_date_gmt || '0000-00-00 00:00:00' == $post->post_date_gmt ) ) ? false : true;
 
 	$tab_index_attribute = '';
 	if ( (int) $tab_index > 0 )

wp-admin/index.php

@@ -41,4 +41,4 @@ $today = current_time('mysql', 1);
 
 </div><!-- wrap -->
 
-<?php require('./admin-footer.php'); ?>
+<?php require(ABSPATH . 'wp-admin/admin-footer.php'); ?>

wp-admin/js/common.js

@@ -1,5 +1,5 @@
 
-wpCookies = {
+var wpCookies = {
 // The following functions are from Cookie.js class in TinyMCE, Moxiecode, used under LGPL.
 
 	each : function(o, cb, s) {

wp-admin/js/editor.js

@@ -1,5 +1,5 @@
 
-switchEditors = {
+var switchEditors = {
 
 	mode : '',
 
@@ -169,4 +169,4 @@ switchEditors = {
 
 		return pee;
 	}
-}
+};

wp-admin/js/link.js

@@ -11,7 +11,7 @@ jQuery(document).ready( function($) {
 
 	// Ajax Cat
 	var newCat = jQuery('#newcat').one( 'focus', function() { jQuery(this).val( '' ).removeClass( 'form-input-tip' ) } );
-	jQuery('#category-add-sumbit').click( function() { newCat.focus(); } );
+	jQuery('#category-add-submit').click( function() { newCat.focus(); } );
 	var noSyncChecks = false; // prophylactic. necessary?
 	var syncChecks = function() {
 		if ( noSyncChecks )

wp-admin/js/plugin-install.js

@@ -29,8 +29,6 @@ jQuery(function($) {
 		$('#TB_ajaxWindowTitle').html('<strong>' + plugininstallL10n.plugin_information + '</strong>&nbsp;' + $(this).attr('title') );
 		return false;
 	});
-
-	$(window).resize( function() { tb_position() } );
 });
 
 /* Plugin install related JS*/

wp-admin/link-manager.php

@@ -168,7 +168,7 @@ if ( $links ) {
 		$link->link_name = attribute_escape($link->link_name);
 		$link->link_category = wp_get_link_cats($link->link_id);
 		$short_url = str_replace('http://', '', $link->link_url);
-		$short_url = str_replace('www.', '', $short_url);
+		$short_url = preg_replace('/^www./i', '', $short_url);
 		if ('/' == substr($short_url, -1))
 			$short_url = substr($short_url, 0, -1);
 		if (strlen($short_url) > 35)

wp-admin/menu-header.php

@@ -74,7 +74,7 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
 		} elseif ( $submenu_as_parent && !empty($submenu[$item[2]]) ) {
 			$submenu[$item[2]] = array_values($submenu[$item[2]]);  // Re-index.
 			$menu_hook = get_plugin_page_hook($submenu[$item[2]][0][2], $item[2]);
-			if ( file_exists(WP_PLUGIN_DIR . "/{$submenu[$item[2]][0][2]}") || !empty($menu_hook)) {
+			if ( ( file_exists(WP_PLUGIN_DIR . "/{$submenu[$item[2]][0][2]}") && ('index.php' != $submenu[$item[2]][0][2]) ) || !empty($menu_hook)) {
 				$admin_is_parent = true;
 				echo "$img$toggle<a href='admin.php?page={$submenu[$item[2]][0][2]}'$class$tabindex>{$item[0]}</a>";
 			} else {
@@ -115,7 +115,7 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
 
 				$menu_hook = get_plugin_page_hook($sub_item[2], $item[2]);
 
-				if ( file_exists(WP_PLUGIN_DIR . "/{$sub_item[2]}") || ! empty($menu_hook) ) {
+				if ( ( file_exists(WP_PLUGIN_DIR . "/{$sub_item[2]}") && ('index.php' != $sub_item[2]) ) || ! empty($menu_hook) ) {
 					// If admin.php is the current page or if the parent exists as a file in the plugins or admin dir
 					$parent_exists = (!$admin_is_parent && file_exists(WP_PLUGIN_DIR . "/{$item[2]}") && !is_dir(WP_PLUGIN_DIR . "/{$item[2]}") ) || file_exists($item[2]);
 					if ( $parent_exists )

wp-admin/menu.php

@@ -83,7 +83,7 @@ if ( current_user_can('edit_users') ) {
 	$submenu['profile.php'][5] = array(__('Your Profile'), 'read', 'profile.php');
 }
 
-$menu[55] = array( __('Tools'), 'manage_options', 'tools.php', '', 'menu-top', 'menu-tools', 'div' );
+$menu[55] = array( __('Tools'), 'read', 'tools.php', '', 'menu-top', 'menu-tools', 'div' );
 	$submenu['tools.php'][5] = array( __('Tools'), 'read', 'tools.php' );
 	$submenu['tools.php'][10] = array( __('Import'), 'import', 'import.php' );
 	$submenu['tools.php'][15] = array( __('Export'), 'import', 'export.php' );

wp-admin/theme-editor.php

@@ -96,7 +96,7 @@ default:
 <?php endif;
 
 $description = get_file_description($file);
-$desc_header = ( $description != $file_show ) ? "$description</strong> (%s)" : "%s";
+$desc_header = ( $description != $file_show ) ? "<strong>$description</strong> (%s)" : "%s";
 ?>
 <div class="wrap">
 <?php screen_icon(); ?>
@@ -120,7 +120,7 @@ $desc_header = ( $description != $file_show ) ? "$description</strong> (%s)" : "
 </div>
 <div class="tablenav">
 <div class="alignleft">
-<big><strong><?php echo sprintf($desc_header, $file_show); ?></big>
+<big><?php echo sprintf($desc_header, $file_show); ?></big>
 </div>
 <br class="clear" />
 </div>

wp-admin/update-core.php

@@ -134,7 +134,11 @@ function core_upgrade_preamble() {
 function do_core_upgrade( $reinstall = false ) {
 	global $wp_filesystem;
 
-	$url = wp_nonce_url('update-core.php?action=do-core-upgrade', 'upgrade-core');
+	if ( $reinstall )
+		$url = 'update-core.php?action=do-core-reinstall';
+	else
+		$url = 'update-core.php?action=do-core-upgrade';
+	$url = wp_nonce_url($url, 'upgrade-core');
 	if ( false === ($credentials = request_filesystem_credentials($url)) )
 		return;
 

wp-admin/wp-admin.css

@@ -15,8 +15,8 @@ p, ul, ol, blockquote { font-size: 12px; }
 	padding: 0;
 }
 
-.plugins .togl {
-	width: 150px;
+.plugins .action-links { 
+	white-space: nowrap;
 }
 
 .import-system {
@@ -435,7 +435,8 @@ textarea.all-options, input.all-options {
 	padding: 2px 4px 0;
 }
 
-#ed_toolbar input {
+#ed_toolbar input,
+#ed_reply_toolbar input {
 	margin: 3px 1px 4px;
 	line-height: 18px;
 	display: inline-block;
@@ -450,6 +451,10 @@ textarea.all-options, input.all-options {
 	border-radius: 3px;
 }
 
+#ed_reply_toolbar input {
+	margin: 1px 2px 1px 1px;
+}
+
 #quicktags #ed_link,
 #ed_reply_toolbar #ed_reply_link {
 	text-decoration: underline;
@@ -1643,6 +1648,7 @@ input#link_url {
 }
 
 #edit-slug-box {
+	height: 1em;
 	margin-top: 8px;
 	padding: 0 7px;
 }
@@ -1854,6 +1860,31 @@ ul.categorychecklist li {
 	line-height: 19px;
 }
 
+#category-adder h4 {
+	margin-top: 4px;
+	margin-bottom: 0px;
+}
+
+#categorydiv .ui-tabs-panel {
+	border-width: 3px;
+	border-style: solid; 
+}
+
+ul#category-tabs {
+	margin-top: 12px;
+}
+
+ul#category-tabs li {
+	padding: 5px 8px;
+	-moz-border-radius: 3px 3px 0 0;
+	-webkit-border-top-left-radius: 3px;
+	-webkit-border-top-right-radius: 3px;
+	-khtml-border-top-left-radius: 3px;
+	-khtml-border-top-right-radius: 3px;
+	border-top-left-radius: 3px;
+	border-top-right-radius: 3px;
+}
+
 /* positioning etc. */
 
 form#tags-filter {
@@ -2252,19 +2283,7 @@ fieldset {
 	padding: 2px 3px;
 }
 
-#replyrow #ed_reply_toolbar input {
-	margin: 1px 2px 1px 1px;
-	min-width: 24px;
-	padding: 3px 4px;
-	font-size: 11px;
-	-moz-border-radius: 3px;
-	-khtml-border-radius: 3px;
-	-webkit-border-radius: 3px;
-	border-radius: 3px;
-}
-
 /* show/hide settings */
-
 #screen-meta {
 	position: relative;
 	clear: both;

wp-config-sample.php

@@ -37,7 +37,7 @@ define('DB_COLLATE', '');
  * Authentication Unique Keys.
  *
  * Change these to different unique phrases!
- * You can generate these using the {@link http://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}
+ * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}
  *
  * @since 2.6.0
  */

wp-includes/bookmark-template.php

@@ -26,7 +26,7 @@
  *		of the bookmark.
  * 'show_images' - Default is 1 (integer). Whether to show link image if
  *		available.
- * 'show_name' - Default is 1 (integer). Whether to show link name if
+ * 'show_name' - Default is 0 (integer). Whether to show link name if
  *		available.
  * 'before' - Default is '<li>' (string). The html or text to prepend to each
  *		bookmarks.

wp-includes/canonical.php

@@ -119,7 +119,7 @@ function redirect_canonical($requested_url=null, $do_redirect=true) {
 		} elseif ( is_year() && !empty($_GET['year']) ) {
 			if ( $redirect_url = get_year_link(get_query_var('year')) )
 				$redirect['query'] = remove_query_arg('year', $redirect['query']);
-		} elseif ( is_category() && !empty($_GET['cat']) ) {
+		} elseif ( is_category() && !empty($_GET['cat']) && preg_match( '|^[0-9]+$|', $_GET['cat'] ) ) {
 			if ( $redirect_url = get_category_link(get_query_var('cat')) )
 				$redirect['query'] = remove_query_arg('cat', $redirect['query']);
 		} elseif ( is_author() && !empty($_GET['author']) ) {
@@ -136,7 +136,7 @@ function redirect_canonical($requested_url=null, $do_redirect=true) {
 			while ( preg_match( '#/page/[0-9]+?(/+)?$#', $paged_redirect['path'] ) || preg_match( '#/(comments/?)?(feed|rss|rdf|atom|rss2)(/+)?$#', $paged_redirect['path'] ) || preg_match( '#/comment-page-[0-9]+(/+)?$#', $paged_redirect['path'] ) ) {
 				// Strip off paging and feed
 				$paged_redirect['path'] = preg_replace('#/page/[0-9]+?(/+)?$#', '/', $paged_redirect['path']); // strip off any existing paging
-				$paged_redirect['path'] = preg_replace('#/(comments/?)?(feed|rss2?|rdf|atom)(/+)?$#', '/', $paged_redirect['path']); // strip off feed endings
+				$paged_redirect['path'] = preg_replace('#/(comments/?)?(feed|rss2?|rdf|atom)(/+|$)#', '/', $paged_redirect['path']); // strip off feed endings
 				$paged_redirect['path'] = preg_replace('#/comment-page-[0-9]+?(/+)?$#', '/', $paged_redirect['path']); // strip off any existing comment paging
 			}
 

wp-includes/capabilities.php

@@ -533,7 +533,7 @@ class WP_User {
 		//Build $allcaps from role caps, overlay user's $caps
 		$this->allcaps = array();
 		foreach ( (array) $this->roles as $role ) {
-			$role = $wp_roles->get_role( $role );
+			$role =& $wp_roles->get_role( $role );
 			$this->allcaps = array_merge( $this->allcaps, $role->capabilities );
 		}
 		$this->allcaps = array_merge( $this->allcaps, $this->caps );

wp-includes/category-template.php

@@ -397,12 +397,14 @@ function wp_dropdown_categories( $args = '' ) {
 
 		if ( $show_option_all ) {
 			$show_option_all = apply_filters( 'list_cats', $show_option_all );
-			$output .= "\t<option value='0'>$show_option_all</option>\n";
+			$selected = ( '0' === strval($r['selected']) ) ? " selected='selected'" : '';
+			$output .= "\t<option value='0'$selected>$show_option_all</option>\n";
 		}
 
 		if ( $show_option_none ) {
 			$show_option_none = apply_filters( 'list_cats', $show_option_none );
-			$output .= "\t<option value='-1'>$show_option_none</option>\n";
+			$selected = ( '-1' === strval($r['selected']) ) ? " selected='selected'" : '';
+			$output .= "\t<option value='-1'$selected>$show_option_none</option>\n";
 		}
 
 		if ( $hierarchical )
@@ -443,6 +445,7 @@ function wp_dropdown_categories( $args = '' ) {
  *     'feed_image' - See {@link get_categories()}.
  *     'child_of' (int) default is 0 - See {@link get_categories()}.
  *     'exclude' (string) - See {@link get_categories()}.
+ *     'exclude_tree' (string) - See {@link get_categories()}.
  *     'echo' (bool|int) default is 1 - Whether to display or retrieve content.
  *     'current_category' (int) - See {@link get_categories()}.
  *     'hierarchical' (bool) - See {@link get_categories()}.
@@ -461,7 +464,7 @@ function wp_list_categories( $args = '' ) {
 		'style' => 'list', 'show_count' => 0,
 		'hide_empty' => 1, 'use_desc_for_title' => 1,
 		'child_of' => 0, 'feed' => '', 'feed_type' => '',
-		'feed_image' => '', 'exclude' => '', 'current_category' => 0,
+		'feed_image' => '', 'exclude' => '', 'exclude_tree' => '', 'current_category' => 0,
 		'hierarchical' => true, 'title_li' => __( 'Categories' ),
 		'echo' => 1, 'depth' => 0
 	);
@@ -476,6 +479,11 @@ function wp_list_categories( $args = '' ) {
 		$r['include_last_update_time'] = $r['show_date'];
 	}
 
+	if ( true == $r['hierarchical'] ) {
+		$r['exclude_tree'] = $r['exclude'];
+		$r['exclude'] = '';
+	}
+
 	extract( $r );
 
 	$categories = get_categories( $r );
@@ -536,9 +544,8 @@ function wp_list_categories( $args = '' ) {
  * The 'number' argument is how many tags to return. By default, the limit will
  * be to return the top 45 tags in the tag cloud list.
  *
-* The 'topic_count_text_callback' argument is a function, which, given the count
+ * The 'topic_count_text_callback' argument is a function, which, given the count
  * of the posts  with that tag, returns a text for the tooltip of the tag link.
- * @see default_topic_count_text
  *
  * The 'exclude' and 'include' arguments are used for the {@link get_tags()}
  * function. Only one should be used, because only one will be used and the
@@ -613,8 +620,6 @@ function default_topic_count_text( $count ) {
  *
  * The 'topic_count_text_callback' argument is a function, which given the count
  * of the posts  with that tag returns a text for the tooltip of the tag link.
- * @see default_topic_count_text
- *
  *
  * @todo Complete functionality.
  * @since 2.3.0
@@ -649,7 +654,7 @@ function wp_generate_tag_cloud( $tags, $args = '' ) {
 	if ( 'name' == $orderby )
 		uasort( $tags, create_function('$a, $b', 'return strnatcasecmp($a->name, $b->name);') );
 	else
-		uasort( $tags, create_function('$a, $b', 'return ($a->count < $b->count);') );
+		uasort( $tags, create_function('$a, $b', 'return ($a->count > $b->count);') );
 
 	if ( 'DESC' == $order )
 		$tags = array_reverse( $tags, true );
@@ -720,8 +725,13 @@ function wp_generate_tag_cloud( $tags, $args = '' ) {
  * @see Walker_Category::walk() for parameters and return description.
  */
 function walk_category_tree() {
-	$walker = new Walker_Category;
 	$args = func_get_args();
+	// the user's options are the third parameter
+	if ( empty($args[2]['walker']) || !is_a($args[2]['walker'], 'Walker') )
+		$walker = new Walker_Category;
+	else
+		$walker = $args[2]['walker'];
+
 	return call_user_func_array(array( &$walker, 'walk' ), $args );
 }
 
@@ -733,8 +743,13 @@ function walk_category_tree() {
  * @see Walker_CategoryDropdown::walk() for parameters and return description.
  */
 function walk_category_dropdown_tree() {
-	$walker = new Walker_CategoryDropdown;
 	$args = func_get_args();
+	// the user's options are the third parameter
+	if ( empty($args[2]['walker']) || !is_a($args[2]['walker'], 'Walker') )
+		$walker = new Walker_CategoryDropdown;
+	else
+		$walker = $args[2]['walker'];
+
 	return call_user_func_array(array( &$walker, 'walk' ), $args );
 }
 

wp-includes/class-phpmailer.php

@@ -1409,7 +1409,7 @@ class PHPMailer {
    */
   function EncodeQ ($str, $position = 'text') {
     /* There should not be any EOL in the string */
-    $encoded = preg_replace("[\r\n]", '', $str);
+    $encoded = preg_replace("/[\r\n]/", '', $str);
 
     switch (strtolower($position)) {
       case 'phrase':

wp-includes/comment-template.php

@@ -833,8 +833,8 @@ function comments_template( $file = '/comments.php', $separate_comments = false
 	}
 
 	$overridden_cpage = FALSE;
-	if ( '' == get_query_var('cpage') && get_option('page_comments') && 'newest' == get_option('default_comments_page') ) {
-		set_query_var( 'cpage', get_comment_pages_count() );
+	if ( '' == get_query_var('cpage') && get_option('page_comments') ) {
+		set_query_var( 'cpage', 'newest' == get_option('default_comments_page') ? get_comment_pages_count() : 1 );
 		$overridden_cpage = TRUE;
 	}
 
@@ -986,7 +986,7 @@ function get_comment_reply_link($args = array(), $comment = null, $post = null)
 	if ( get_option('comment_registration') && !$user_ID )
 		$link = '<a rel="nofollow" href="' . site_url('wp-login.php?redirect_to=' . get_permalink()) . '">' . $login_text . '</a>';
 	else
-		$link = "<a rel='nofollow' href='" . wp_specialchars( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>";
+		$link = "<a rel='nofollow' class='comment-reply-link' href='" . wp_specialchars( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>";
 	return apply_filters('comment_reply_link', $before . $link . $after, $args, $comment, $post);
 }
 
@@ -1037,7 +1037,7 @@ function get_post_reply_link($args = array(), $post = null) {
 	if ( get_option('comment_registration') && !$user_ID ) {
 		$link = '<a rel="nofollow" href="' . site_url('wp-login.php?redirect_to=' . get_permalink()) . '">' . $login_text . '</a>';
 	} else {
-		$link = "<a rel='nofollow' href='" . get_permalink($post->ID) . "#$respond_id' onclick='return addComment.moveForm(\"$add_below-$post->ID\", \"0\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>";
+		$link = "<a rel='nofollow' class='comment-reply-link' href='" . get_permalink($post->ID) . "#$respond_id' onclick='return addComment.moveForm(\"$add_below-$post->ID\", \"0\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>";
 	}
 	return apply_filters('post_comments_link', $before . $link . $after, $post);
 }

wp-includes/comment.php

@@ -45,7 +45,7 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
 	if ( 1 == get_option('comment_moderation') )
 		return false; // If moderation is set to manual
 
-	if ( get_option('comment_max_links') && preg_match_all("|(href\t*?=\t*?['\"]?)?(https?:)?//|i", apply_filters('comment_text', $comment), $out) >= get_option('comment_max_links') )
+	if ( get_option('comment_max_links') && preg_match_all("/<[Aa][^>]*[Hh][Rr][Ee][Ff]=['\"]([^\"'>]+)[^>]*>/", apply_filters('comment_text',$comment), $out) >= get_option('comment_max_links') )
 		return false; // Check # of external links
 
 	$mod_keys = trim(get_option('moderation_keys'));
@@ -592,7 +592,7 @@ function get_page_of_comment( $comment_ID, $args = array() ) {
 	$comtypewhere = ( 'all' != $args['type'] && isset($allowedtypes[$args['type']]) ) ? " AND comment_type = '" . $allowedtypes[$args['type']] . "'" : '';
 
 	// Count comments older than this one
-	$oldercoms = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = 0 AND comment_date_gmt < '%s'" . $comtypewhere, $comment->comment_post_ID, $comment->comment_date_gmt ) );
+	$oldercoms = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = 0 AND comment_approved = '1' AND comment_date_gmt < '%s'" . $comtypewhere, $comment->comment_post_ID, $comment->comment_date_gmt ) );
 
 	// No older comments? Then it's page #1.
 	if ( 0 == $oldercoms )
@@ -1580,7 +1580,7 @@ function update_comment_cache($comments) {
  * @return object
  */
 function _close_comments_for_old_posts( $posts ) {
-	if ( empty($posts) || !is_single() || !get_option('close_comments_for_old_posts') )
+	if ( empty($posts) || !is_singular() || !get_option('close_comments_for_old_posts') )
 		return $posts;
 
 	$days_old = (int) get_option('close_comments_days_old');

wp-includes/compat.php

@@ -96,4 +96,23 @@ function _mb_strcut( $str, $start, $length=null, $encoding=null ) {
 	return implode( '', $chars );
 }
 
+if ( !function_exists( 'htmlspecialchars_decode' ) ) {
+	// Added in PHP 5.1.0
+	// Error checks from PEAR::PHP_Compat
+	function htmlspecialchars_decode( $str, $quote_style = ENT_COMPAT )
+	{
+		if ( !is_scalar( $string ) ) {
+			trigger_error( 'htmlspecialchars_decode() expects parameter 1 to be string, ' . gettype( $string ) . ' given', E_USER_WARNING );
+			return;
+		}
+
+		if ( !is_int( $quote_style ) && $quote_style !== null ) {
+			trigger_error( 'htmlspecialchars_decode() expects parameter 2 to be integer, ' . gettype( $quote_style ) . ' given', E_USER_WARNING );
+			return;
+		}
+
+		return wp_specialchars_decode( $str, $quote_style );
+	}
+}
+
 ?>

wp-includes/cron.php

@@ -16,8 +16,8 @@
  * @link http://codex.wordpress.org/Function_Reference/wp_schedule_single_event
  *
  * @param int $timestamp Timestamp for when to run the event.
- * @param callback $hook Function or method to call, when cron is run.
- * @param array $args Optional. Arguments to pass to the hook function.
+ * @param string $hook Action hook to execute when cron is run.
+ * @param array $args Optional. Arguments to pass to the hook's callback function.
  */
 function wp_schedule_single_event( $timestamp, $hook, $args = array()) {
 	// don't schedule a duplicate if there's already an identical event due in the next 10 minutes
@@ -43,8 +43,8 @@ function wp_schedule_single_event( $timestamp, $hook, $args = array()) {
  *
  * @param int $timestamp Timestamp for when to run the event.
  * @param string $recurrence How often the event should recur.
- * @param callback $hook Function or method to call, when cron is run.
- * @param array $args Optional. Arguments to pass to the hook function.
+ * @param string $hook Action hook to execute when cron is run.
+ * @param array $args Optional. Arguments to pass to the hook's callback function.
  * @return bool|null False on failure, null when complete with scheduling event.
  */
 function wp_schedule_event( $timestamp, $recurrence, $hook, $args = array()) {
@@ -65,8 +65,8 @@ function wp_schedule_event( $timestamp, $recurrence, $hook, $args = array()) {
  *
  * @param int $timestamp Timestamp for when to run the event.
  * @param string $recurrence How often the event should recur.
- * @param callback $hook Function or method to call, when cron is run.
- * @param array $args Optional. Arguments to pass to the hook function.
+ * @param string $hook Action hook to execute when cron is run.
+ * @param array $args Optional. Arguments to pass to the hook's callback function.
  * @return bool|null False on failure. Null when event is rescheduled.
  */
 function wp_reschedule_event( $timestamp, $recurrence, $hook, $args = array()) {
@@ -100,8 +100,11 @@ function wp_reschedule_event( $timestamp, $recurrence, $hook, $args = array()) {
  * @since 2.1.0
  *
  * @param int $timestamp Timestamp for when to run the event.
- * @param callback $hook Function or method to call, when cron is run.
- * @param array $args Optional. Arguments to pass to the hook function.
+ * @param string $hook Action hook, the execution of which will be unscheduled.
+ * @param array $args Arguments to pass to the hook's callback function.
+ * Although not passed to a callback function, these arguments are used
+ * to uniquely identify the scheduled event, so they should be the same
+ * as those used when originally scheduling the event.
  */
 function wp_unschedule_event( $timestamp, $hook, $args = array() ) {
 	$crons = _get_cron_array();
@@ -119,7 +122,7 @@ function wp_unschedule_event( $timestamp, $hook, $args = array() ) {
  *
  * @since 2.1.0
  *
- * @param callback $hook Function or method to call, when cron is run.
+ * @param string $hook Action hook, the execution of which will be unscheduled.
  * @param mixed $args,... Optional. Event arguments.
  */
 function wp_clear_scheduled_hook( $hook ) {
@@ -134,8 +137,8 @@ function wp_clear_scheduled_hook( $hook ) {
  *
  * @since 2.1.0
  *
- * @param callback $hook Function or method to call, when cron is run.
- * @param array $args Optional. Arguments to pass to the hook function.
+ * @param string $hook Action hook to execute when cron is run.
+ * @param array $args Optional. Arguments to pass to the hook's callback function.
  * @return bool|int The UNIX timestamp of the next time the scheduled event will occur.
  */
 function wp_next_scheduled( $hook, $args = array() ) {
@@ -280,8 +283,8 @@ function wp_get_schedules() {
  *
  * @since 2.1.0
  *
- * @param callback $hook Function or method to call, when cron is run.
- * @param array $args Optional. Arguments to pass to the hook function.
+ * @param string $hook Action hook to execute when cron is run.
+ * @param array $args Optional. Arguments to pass to the hook's callback function.
  * @return string|bool False, if no schedule. Schedule on success.
  */
 function wp_get_schedule($hook, $args = array()) {

wp-includes/feed-atom-comments.php

@@ -11,6 +11,7 @@ echo '<?xml version="1.0" encoding="' . get_option('blog_charset') . '" ?' . '>'
 <feed
 	xmlns="http://www.w3.org/2005/Atom"
 	xml:lang="<?php echo get_option('rss_language'); ?>"
+	xmlns:thr="http://purl.org/syndication/thread/1.0"
 	<?php do_action('atom_ns'); ?>
 >
 	<title type="text"><?php
@@ -63,7 +64,7 @@ if ( have_comments() ) : while ( have_comments() ) : the_comment();
 
 		</author>
 
-		<id><?php comment_link(); ?></id>
+		<id><?php comment_guid(); ?></id>
 		<updated><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></updated>
 		<published><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_comment_time('Y-m-d H:i:s', true), false); ?></published>
 <?php if ( post_password_required($comment_post) ) : ?>
@@ -78,7 +79,7 @@ if ( have_comments() ) : while ( have_comments() ) : the_comment();
 	$parent_comment = get_comment($comment->comment_parent);
 	// The rel attribute below and the id tag above should be GUIDs, but WP doesn't create them for comments (unlike posts). Either way, its more important that they both use the same system
 ?>
-		<thr:in-reply-to ref="<?php echo get_comment_link($parent_comment) ?>" href="<?php echo get_comment_link($parent_comment) ?>" type="<?php bloginfo_rss('html_type'); ?>" />
+		<thr:in-reply-to ref="<?php comment_guid($parent_comment) ?>" href="<?php echo get_comment_link($parent_comment) ?>" type="<?php bloginfo_rss('html_type'); ?>" />
 <?php endif;
 	do_action('comment_atom_entry', $comment->comment_ID, $comment_post->ID);
 ?>

wp-includes/feed.php

@@ -223,9 +223,11 @@ function the_permalink_rss() {
  * @package WordPress
  * @subpackage Feed
  * @since unknown
+ *
+ * @param int|object $comment_id Optional comment object or id. Defaults to global comment object.
  */
-function comment_guid() {
-	echo get_comment_guid();
+function comment_guid($comment_id = null) {
+	echo get_comment_guid($comment_id);
 }
 
 /**
@@ -235,10 +237,11 @@ function comment_guid() {
  * @subpackage Feed
  * @since unknown
  *
+ * @param int|object $comment_id Optional comment object or id. Defaults to global comment object.
  * @return bool|string false on failure or guid for comment on success.
  */
-function get_comment_guid() {
-	global $comment;
+function get_comment_guid($comment_id = null) {
+	$comment = get_comment($comment_id);
 
 	if ( !is_object($comment) )
 		return false;
@@ -252,7 +255,7 @@ function get_comment_guid() {
  * @since 1.5.0
  */
 function comment_link() {
-	echo get_comment_link();
+	echo clean_url( get_comment_link() );
 }
 
 /**

wp-includes/formatting.php

@@ -186,34 +186,192 @@ function seems_utf8($Str) { # by bmorel at ssi dot fr
 /**
  * Converts a number of special characters into their HTML entities.
  *
- * Differs from htmlspecialchars as existing HTML entities will not be encoded.
- * Specifically changes: & to &#038;, < to &lt; and > to &gt;.
+ * Specifically deals with: &, <, >, ", and '.
  *
- * $quotes can be set to 'single' to encode ' to &#039;, 'double' to encode " to
- * &quot;, or '1' to do both. Default is 0 where no quotes are encoded.
+ * $quote_style can be set to ENT_COMPAT to encode " to
+ * &quot;, or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded.
  *
  * @since 1.2.2
  *
- * @param string $text The text which is to be encoded.
- * @param mixed $quotes Optional. Converts single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default 0.
+ * @param string $string The text which is to be encoded.
+ * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
+ * @param string $charset Optional. The character encoding of the string. Default is false.
+ * @param boolean $double_encode Optional. Whether or not to encode existing html entities. Default is false.
  * @return string The encoded text with HTML entities.
  */
-function wp_specialchars( $text, $quotes = 0 ) {
-	// Like htmlspecialchars except don't double-encode HTML entities
-	$text = str_replace('&&', '&#038;&', $text);
-	$text = str_replace('&&', '&#038;&', $text);
-	$text = preg_replace('/&(?:$|([^#])(?![a-z1-4]{1,8};))/', '&#038;$1', $text);
-	$text = str_replace('<', '&lt;', $text);
-	$text = str_replace('>', '&gt;', $text);
-	if ( 'double' === $quotes ) {
-		$text = str_replace('"', '&quot;', $text);
-	} elseif ( 'single' === $quotes ) {
-		$text = str_replace("'", '&#039;', $text);
-	} elseif ( $quotes ) {
-		$text = str_replace('"', '&quot;', $text);
-		$text = str_replace("'", '&#039;', $text);
+function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false )
+{
+	$string = (string) $string;
+
+	if ( 0 === strlen( $string ) ) {
+		return '';
 	}
-	return $text;
+
+	// Don't bother if there are no specialchars - saves some processing
+	if ( !preg_match( '/[&<>"\']/', $string ) ) {
+		return $string;
+	}
+
+	// Account for the previous behaviour of the function when the $quote_style is not an accepted value
+	if ( empty( $quote_style ) ) {
+		$quote_style = ENT_NOQUOTES;
+	} elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) {
+		$quote_style = ENT_QUOTES;
+	}
+
+	// Store the site charset as a static to avoid multiple calls to wp_load_alloptions()
+	if ( !$charset ) {
+		static $_charset;
+		if ( !isset( $_charset ) ) {
+			$alloptions = wp_load_alloptions();
+			$_charset = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : '';
+		}
+		$charset = $_charset;
+	}
+	if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) {
+		$charset = 'UTF-8';
+	}
+
+	$_quote_style = $quote_style;
+
+	if ( $quote_style === 'double' ) {
+		$quote_style = ENT_COMPAT;
+		$_quote_style = ENT_COMPAT;
+	} elseif ( $quote_style === 'single' ) {
+		$quote_style = ENT_NOQUOTES;
+	}
+
+	// Handle double encoding ourselves
+	if ( !$double_encode ) {
+		$string = wp_specialchars_decode( $string, $_quote_style );
+		$string = preg_replace( '/&(#?x?[0-9]+|[a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string );
+	}
+
+	$string = @htmlspecialchars( $string, $quote_style, $charset );
+
+	// Handle double encoding ourselves
+	if ( !$double_encode ) {
+		$string = str_replace( array( '|wp_entity|', '|/wp_entity|' ), array( '&', ';' ), $string );
+	}
+
+	// Backwards compatibility
+	if ( 'single' === $_quote_style ) {
+		$string = str_replace( "'", '&#039;', $string );
+	}
+
+	return $string;
+}
+
+/**
+ * Converts a number of HTML entities into their special characters.
+ *
+ * Specifically deals with: &, <, >, ", and '.
+ *
+ * $quote_style can be set to ENT_COMPAT to decode " entities,
+ * or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded.
+ *
+ * @since 2.8
+ *
+ * @param string $string The text which is to be decoded.
+ * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
+ * @return string The decoded text without HTML entities.
+ */
+function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES )
+{
+	$string = (string) $string;
+
+	if ( 0 === strlen( $string ) ) {
+		return '';
+	}
+
+	// Don't bother if there are no entities - saves a lot of processing
+	if ( strpos( $string, '&' ) === false ) {
+		return $string;
+	}
+
+	// Match the previous behaviour of wp_specialchars() when the $quote_style is not an accepted value
+	if ( empty( $quote_style ) ) {
+		$quote_style = ENT_NOQUOTES;
+	} elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) {
+		$quote_style = ENT_QUOTES;
+	}
+
+	// More complete than get_html_translation_table( HTML_SPECIALCHARS )
+	$single = array( '&#039;'  => '\'', '&#x27;' => '\'' );
+	$single_preg = array( '/&#0*39;/'  => '&#039;', '/&#x0*27;/i' => '&#x27;' );
+	$double = array( '&quot;' => '"', '&#034;'  => '"', '&#x22;' => '"' );
+	$double_preg = array( '/&#0*34;/'  => '&#034;', '/&#x0*22;/i' => '&#x22;' );
+	$others = array( '&lt;'   => '<', '&#060;'  => '<', '&gt;'   => '>', '&#062;'  => '>', '&amp;'  => '&', '&#038;'  => '&', '&#x26;' => '&' );
+	$others_preg = array( '/&#0*60;/'  => '&#060;', '/&#0*62;/'  => '&#062;', '/&#0*38;/'  => '&#038;', '/&#x0*26;/i' => '&#x26;' );
+
+	if ( $quote_style === ENT_QUOTES ) {
+		$translation = array_merge( $single, $double, $others );
+		$translation_preg = array_merge( $single_preg, $double_preg, $others_preg );
+	} elseif ( $quote_style === ENT_COMPAT || $quote_style === 'double' ) {
+		$translation = array_merge( $double, $others );
+		$translation_preg = array_merge( $double_preg, $others_preg );
+	} elseif ( $quote_style === 'single' ) {
+		$translation = array_merge( $single, $others );
+		$translation_preg = array_merge( $single_preg, $others_preg );
+	} elseif ( $quote_style === ENT_NOQUOTES ) {
+		$translation = $others;
+		$translation_preg = $others_preg;
+	}
+
+	// Remove zero padding on numeric entities
+	$string = preg_replace( array_keys( $translation_preg ), array_values( $translation_preg ), $string );
+
+	// Replace characters according to translation table
+	return strtr( $string, $translation );
+}
+
+/**
+ * Checks for invalid UTF8 in a string.
+ *
+ * @since 2.8
+ *
+ * @param string $string The text which is to be checked.
+ * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false.
+ * @return string The checked text.
+ */
+function wp_check_invalid_utf8( $string, $strip = false )
+{
+	$string = (string) $string;
+
+	if ( 0 === strlen( $string ) ) {
+		return '';
+	}
+
+	// Store the site charset as a static to avoid multiple calls to get_option()
+	static $is_utf8;
+	if ( !isset( $is_utf8 ) ) {
+		$is_utf8 = in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) );
+	}
+	if ( !$is_utf8 ) {
+		return $string;
+	}
+
+	// Check for support for utf8 in the installed PCRE library once and store the result in a static
+	static $utf8_pcre;
+	if ( !isset( $utf8_pcre ) ) {
+		$utf8_pcre = @preg_match( '/^./u', 'a' );
+	}
+	// We can't demand utf8 in the PCRE installation, so just return the string in those cases
+	if ( !$utf8_pcre ) {
+		return $string;
+	}
+
+	// preg_match fails when it encounters invalid UTF8 in $string
+	if ( 1 === @preg_match( '/^./us', $string ) ) {
+		return $string;
+	}
+
+	// Attempt to strip the bad chars if requested (not recommended)
+	if ( $strip && function_exists( 'iconv' ) ) {
+		return iconv( 'utf-8', 'utf-8', $string );
+	}
+
+	return '';
 }
 
 /**
@@ -1147,8 +1305,7 @@ function wp_iso_descrambler($string) {
 		return $string;
 	} else {
 		$subject = str_replace('_', ' ', $matches[2]);
-		/** @todo use preg_replace_callback() */
-		$subject = preg_replace('#\=([0-9a-f]{2})#ei', "chr(hexdec(strtolower('$1')))", $subject);
+		$subject = preg_replace_callback('#\=([0-9a-f]{2})#i', create_function('$match', 'return chr(hexdec(strtolower($match[1])));'), $subject);
 		return $subject;
 	}
 }
@@ -1157,10 +1314,11 @@ function wp_iso_descrambler($string) {
  * Returns a date in the GMT equivalent.
  *
  * Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the
- * value of gmt_offset.
+ * value of the 'gmt_offset' option.
  *
  * @since 1.2.0
  *
+ * @uses get_option() to retrieve the the value of 'gmt_offset'.
  * @param string $string The date to be converted.
  * @return string GMT version of the date provided.
  */
@@ -1742,10 +1900,11 @@ function htmlentities2($myHTML) {
  * @return string Escaped text.
  */
 function js_escape($text) {
-	$safe_text = wp_specialchars($text, 'double');
-	$safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text));
-	$safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
-	return apply_filters('js_escape', $safe_text, $text);
+	$safe_text = wp_check_invalid_utf8( $text );
+	$safe_text = wp_specialchars( $safe_text, ENT_COMPAT );
+	$safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
+	$safe_text = preg_replace( "/\r?\n/", "\\n", addslashes( $safe_text ) );
+	return apply_filters( 'js_escape', $safe_text, $text );
 }
 
 /**
@@ -1756,9 +1915,10 @@ function js_escape($text) {
  * @param string $text
  * @return string
  */
-function attribute_escape($text) {
-	$safe_text = wp_specialchars($text, true);
-	return apply_filters('attribute_escape', $safe_text, $text);
+function attribute_escape( $text ) {
+	$safe_text = wp_check_invalid_utf8( $text );
+	$safe_text = wp_specialchars( $safe_text, ENT_QUOTES );
+	return apply_filters( 'attribute_escape', $safe_text, $text );
 }
 
 /**
@@ -1770,7 +1930,7 @@ function attribute_escape($text) {
  * @return string
  */
 function tag_escape($tag_name) {
-	$safe_tag = strtolower( preg_replace('[^a-zA-Z_:]', '', $tag_name) );
+	$safe_tag = strtolower( preg_replace('/[^a-zA-Z_:]/', '', $tag_name) );
 	return apply_filters('tag_escape', $safe_tag, $tag_name);
 }
 

wp-includes/functions.php

@@ -79,13 +79,13 @@ function mysql2date( $dateformatstring, $mysqlstring, $translate = true ) {
  * The 'mysql' type will return the time in the format for MySQL DATETIME field.
  * The 'timestamp' type will return the current timestamp.
  *
- * If the $gmt is set to either '1' or 'true', then both types will use the
- * GMT offset in the WordPress option to add the GMT offset to the time.
+ * If $gmt is set to either '1' or 'true', then both types will use GMT time.
+ * if $gmt is false, the output is adjusted with the GMT offset in the WordPress option.
  *
  * @since 1.0.0
  *
  * @param string $type Either 'mysql' or 'timestamp'.
- * @param int|bool $gmt Optional. Whether to use $gmt offset. Default is false.
+ * @param int|bool $gmt Optional. Whether to use GMT timezone. Default is false.
  * @return int|string String if $type is 'gmt', int if $type is 'timestamp'.
  */
 function current_time( $type, $gmt = 0 ) {
@@ -2804,7 +2804,15 @@ function validate_file( $file, $allowed_files = '' ) {
  * @return bool True if SSL, false if not used.
  */
 function is_ssl() {
-	return ( isset($_SERVER['HTTPS']) && 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false;
+	if ( isset($_SERVER['HTTPS']) ) {
+		if ( 'on' == strtolower($_SERVER['HTTPS']) )
+			return true;
+		if ( '1' == $_SERVER['HTTPS'] )
+			return true;
+	} elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
+		return true;
+	}
+	return false;
 }
 
 /**
@@ -2897,8 +2905,12 @@ function wp_suspend_cache_invalidation($suspend = true) {
  * @param object $object The object to clone
  * @return object The cloned object
  */
-function wp_clone($object) {
-	return version_compare(phpversion(), '5.0') < 0 ? $object : clone($object);
+function wp_clone( $object ) {
+	static $can_clone;
+	if ( !isset( $can_clone ) ) {
+		$can_clone = version_compare( phpversion(), '5.0', '>=' );
+	}
+	return $can_clone ? clone( $object ) : $object;
 }
 
 

wp-includes/general-template.php

@@ -1592,7 +1592,7 @@ function language_attributes($doctype = 'html') {
 		$attributes[] = "dir=\"$dir\"";
 
 	if ( $lang = get_bloginfo('language') ) {
-		if ( get_option('html_type') == 'text/html' || $doctype == 'xhtml' )
+		if ( get_option('html_type') == 'text/html' || $doctype == 'html' )
 			$attributes[] = "lang=\"$lang\"";
 
 		if ( get_option('html_type') != 'text/html' || $doctype == 'xhtml' )

wp-includes/http.php

@@ -242,6 +242,9 @@ class WP_Http {
 		}
 
 		if ( is_null($r['body']) ) {
+			// Some servers fail when sending content without the content-length
+			// header being set.
+			$r['headers']['Content-Length'] = 0;
 			$transports = WP_Http::_getTransport($r);
 		} else {
 			if ( is_array( $r['body'] ) || is_object( $r['body'] ) ) {
@@ -390,7 +393,7 @@ class WP_Http {
 	 * @static
 	 *
 	 * @param string $body Body content
-	 * @return bool|string|WP_Error False if not chunked encoded. WP_Error on failure. Chunked decoded body on success.
+	 * @return string Chunked decoded body on success or raw body on failure.
 	 */
 	function chunkTransferDecode($body) {
 		$body = str_replace(array("\r\n", "\r"), "\n", $body);
@@ -401,15 +404,12 @@ class WP_Http {
 		$parsedBody = '';
 		//$parsedHeaders = array(); Unsupported
 
-		$done = false;
-
-		do {
+		while ( true ) {
 			$hasChunk = (bool) preg_match( '/^([0-9a-f]+)(\s|\n)+/mi', $body, $match );
 
 			if ( $hasChunk ) {
-				if ( empty($match[1]) ) {
-					return new WP_Error('http_chunked_decode', __('Does not appear to be chunked encoded or body is malformed.') );
-				}
+				if ( empty($match[1]) )
+					return $body;
 
 				$length = hexdec( $match[1] );
 				$chunkLength = strlen( $match[0] );
@@ -419,15 +419,12 @@ class WP_Http {
 
 				$body = ltrim(str_replace(array($match[0], $strBody), '', $body), "\n");
 
-				if( "0" == trim($body) ) {
-					$done = true;
+				if( "0" == trim($body) )
 					return $parsedBody; // Ignore footer headers.
-					break;
-				}
 			} else {
-				return new WP_Error('http_chunked_decode', __('Does not appear to be chunked encoded or body is malformed.') );
+				return $body;
 			}
-		} while ( false === $done );
+		}
 	}
 }
 
@@ -644,7 +641,7 @@ class WP_Http_Fopen {
 		if ( false === $arrURL )
 			return new WP_Error('http_request_failed', sprintf(__('Malformed URL: %s'), $url));
 
-		if ( 'http' != $arrURL['scheme'] || 'https' != $arrURL['scheme'] )
+		if ( 'http' != $arrURL['scheme'] && 'https' != $arrURL['scheme'] )
 			$url = str_replace($arrURL['scheme'], 'http', $url);
 
 		if ( !defined('WP_DEBUG') || ( defined('WP_DEBUG') && false === WP_DEBUG ) )
@@ -750,7 +747,7 @@ class WP_Http_Streams {
 		if ( false === $arrURL )
 			return new WP_Error('http_request_failed', sprintf(__('Malformed URL: %s'), $url));
 
-		if ( 'http' != $arrURL['scheme'] || 'https' != $arrURL['scheme'] )
+		if ( 'http' != $arrURL['scheme'] && 'https' != $arrURL['scheme'] )
 			$url = str_replace($arrURL['scheme'], 'http', $url);
 
 		// Convert Header array to string.
@@ -777,7 +774,7 @@ class WP_Http_Streams {
 
 		$context = stream_context_create($arrContext);
 
-		if ( !defined('WP_DEBUG') || ( defined('WP_DEBUG') && false === WP_DEBUG ) )
+		if ( ! defined('WP_DEBUG') || ( defined('WP_DEBUG') && false === WP_DEBUG ) )
 			$handle = @fopen($url, 'r', false, $context);
 		else
 			$handle = fopen($url, 'r', false, $context);
@@ -982,13 +979,16 @@ class WP_Http_Curl {
 			unset($r['headers']['user-agent']);
 		}
 
-		// If timeout is a float less than 1, round it up to 1.
+		// cURL extension will sometimes fail when the timeout is less than 1 as
+		// it may round down to 0, which gives it unlimited timeout.
 		if ( $r['timeout'] > 0 && $r['timeout'] < 1 )
 			$r['timeout'] = 1;
 
 		$handle = curl_init();
 		curl_setopt( $handle, CURLOPT_URL, $url);
 
+		// The cURL extension requires that the option be set for the HEAD to
+		// work properly.
 		if ( 'HEAD' === $r['method'] ) {
 			curl_setopt( $handle, CURLOPT_NOBODY, true );
 		}
@@ -1007,6 +1007,7 @@ class WP_Http_Curl {
 		curl_setopt( $handle, CURLOPT_TIMEOUT, $r['timeout'] );
 		curl_setopt( $handle, CURLOPT_MAXREDIRS, $r['redirection'] );
 
+		// The option doesn't work with safe mode or when open_basedir is set.
 		if ( !ini_get('safe_mode') && !ini_get('open_basedir') )
 			curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, true );
 
@@ -1062,7 +1063,7 @@ class WP_Http_Curl {
 	 * @return boolean False means this class can not be used, true means it can.
 	 */
 	function test() {
-		if ( function_exists('curl_init') )
+		if ( function_exists('curl_init') && function_exists('curl_exec') )
 			return true;
 
 		return false;

wp-includes/js/autosave.js

@@ -114,11 +114,11 @@ function autosave_loading() {
 }
 
 function autosave_enable_buttons() {
-	jQuery("#submitpost :button:disabled, #submitpost :submit:disabled").attr('disabled', '');
+	jQuery(".submitbox :button:disabled, .submitbox :submit:disabled").attr('disabled', '');
 }
 
 function autosave_disable_buttons() {
-	jQuery("#submitpost :button:enabled, #submitpost :submit:enabled").attr('disabled', 'disabled');
+	jQuery(".submitbox :button:enabled, .submitbox :submit:enabled").attr('disabled', 'disabled');
 	setTimeout(autosave_enable_buttons, 5000); // Re-enable 5 sec later.  Just gives autosave a head start to avoid collisions.
 }
 

wp-includes/js/thickbox/thickbox.css

@@ -33,6 +33,7 @@
 .TB_overlayMacFFBGHack {background: url(macFFBgHack.png) repeat;}
 .TB_overlayBG {
 	background-color:#000;
+	-ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=75)";
 	filter:alpha(opacity=75);
 	-moz-opacity: 0.75;
 	opacity: 0.75;

wp-includes/js/thickbox/thickbox.js

@@ -281,8 +281,9 @@ function tb_remove() {
 }
 
 function tb_position() {
+var isIE6 = typeof document.body.style.maxHeight === "undefined";
 jQuery("#TB_window").css({marginLeft: '-' + parseInt((TB_WIDTH / 2),10) + 'px', width: TB_WIDTH + 'px'});
-	if ( !(jQuery.browser.msie && jQuery.browser.version < 7)) { // take away IE6
+	if ( ! isIE6 ) { // take away IE6
 		jQuery("#TB_window").css({marginTop: '-' + parseInt((TB_HEIGHT / 2),10) + 'px'});
 	}
 }

wp-includes/js/wp-ajax-response.js

@@ -1,4 +1,4 @@
-wpAjax = jQuery.extend( {
+var wpAjax = jQuery.extend( {
 	unserialize: function( s ) {
 		var r = {}; if ( !s ) { return r; }
 		var q = s.split('?'); if ( q[1] ) { s = q[1]; }

wp-includes/kses.php

@@ -394,8 +394,11 @@ function wp_kses_version() {
  * @return string Content with fixed HTML tags
  */
 function wp_kses_split($string, $allowed_html, $allowed_protocols) {
-	return preg_replace('%((<!--.*?(-->|$))|(<[^>]*(>|$)|>))%e',
-	"wp_kses_split2('\\1', \$allowed_html, ".'$allowed_protocols)', $string);
+	global $pass_allowed_html, $pass_allowed_protocols;
+	$pass_allowed_html = $allowed_html;
+	$pass_allowed_protocols = $allowed_protocols;
+	return preg_replace_callback('%((<!--.*?(-->|$))|(<[^>]*(>|$)|>))%',
+		create_function('$match', 'global $pass_allowed_html, $pass_allowed_protocols; return wp_kses_split2($match[1], $pass_allowed_html, $pass_allowed_protocols);'), $string);
 }
 
 /**
@@ -999,8 +1002,8 @@ function valid_unicode($i) {
  * @return string Content after decoded entities
  */
 function wp_kses_decode_entities($string) {
-	$string = preg_replace('/&#([0-9]+);/e', 'chr("\\1")', $string);
-	$string = preg_replace('/&#[Xx]([0-9A-Fa-f]+);/e', 'chr(hexdec("\\1"))', $string);
+	$string = preg_replace_callback('/&#([0-9]+);/', create_function('$match', 'return chr($match[1]);'), $string);
+	$string = preg_replace_callback('/&#[Xx]([0-9A-Fa-f]+);/', create_function('$match', 'return chr(hexdec($match[1]));'), $string);
 
 	return $string;
 }

wp-includes/link-template.php

@@ -92,7 +92,10 @@ function get_permalink($id = 0, $leavename = false) {
 		$leavename? '' : '%pagename%',
 	);
 
-	$post = &get_post($id);
+	if ( is_object($id) && isset($id->filter) && 'sample' == $id->filter )
+		$post = $id;
+	else
+		$post = &get_post($id);
 
 	if ( empty($post->ID) ) return false;
 
@@ -722,7 +725,7 @@ function edit_post_link( $link = 'Edit This', $before = '', $after = '' ) {
 			return;
 	}
 
-	$link = '<a href="' . get_edit_post_link( $post->ID ) . '" title="' . attribute_escape( __( 'Edit post' ) ) . '">' . $link . '</a>';
+	$link = '<a class="post-edit-link" href="' . get_edit_post_link( $post->ID ) . '" title="' . attribute_escape( __( 'Edit post' ) ) . '">' . $link . '</a>';
 	echo $before . apply_filters( 'edit_post_link', $link, $post->ID ) . $after;
 }
 
@@ -772,7 +775,7 @@ function edit_comment_link( $link = 'Edit This', $before = '', $after = '' ) {
 			return;
 	}
 
-	$link = '<a href="' . get_edit_comment_link( $comment->comment_ID ) . '" title="' . __( 'Edit comment' ) . '">' . $link . '</a>';
+	$link = '<a class="comment-edit-link" href="' . get_edit_comment_link( $comment->comment_ID ) . '" title="' . __( 'Edit comment' ) . '">' . $link . '</a>';
 	echo $before . apply_filters( 'edit_comment_link', $link, $comment->comment_ID ) . $after;
 }
 
@@ -1242,14 +1245,15 @@ function get_comments_pagenum_link( $pagenum = 1, $max_page = 0 ) {
 }
 
 /**
- * Display link to next comments pages.
+ * Return the link to next comments pages.
  *
- * @since 2.7.0
+ * @since 2.7.1
  *
  * @param string $label Optional. Label for link text.
  * @param int $max_page Optional. Max page.
+ * @return string|null
  */
-function next_comments_link($label='', $max_page = 0) {
+function get_next_comments_link( $label = '', $max_page = 0 ) {
 	global $wp_query;
 
 	if ( !is_singular() )
@@ -1257,9 +1261,6 @@ function next_comments_link($label='', $max_page = 0) {
 
 	$page = get_query_var('cpage');
 
-	if ( !$page )
-		$page = 1;
-
 	$nextpage = intval($page) + 1;
 
 	if ( empty($max_page) )
@@ -1274,9 +1275,44 @@ function next_comments_link($label='', $max_page = 0) {
 	if ( empty($label) )
 		$label = __('Newer Comments &raquo;');
 
-	echo '<a href="' . clean_url( get_comments_pagenum_link( $nextpage, $max_page ) );
-	$attr = apply_filters( 'next_comments_link_attributes', '' );
-	echo "\" $attr>". preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>';
+	return '<a href="' . clean_url( get_comments_pagenum_link( $nextpage, $max_page ) ) . '" ' . apply_filters( 'next_comments_link_attributes', '' ) . '>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>';
+}
+
+/**
+ * Display the link to next comments pages.
+ *
+ * @since 2.7.0
+ *
+ * @param string $label Optional. Label for link text.
+ * @param int $max_page Optional. Max page.
+ */
+function next_comments_link( $label = '', $max_page = 0 ) {
+	echo get_next_comments_link( $label, $max_page );
+}
+
+/**
+ * Return the previous comments page link.
+ *
+ * @since 2.7.1
+ *
+ * @param string $label Optional. Label for comments link text.
+ * @return string|null
+ */
+function get_previous_comments_link( $label = '' ) {
+	if ( !is_singular() )
+		return;
+
+	$page = get_query_var('cpage');
+
+	if ( intval($page) <= 1 )
+		return;
+
+	$prevpage = intval($page) - 1;
+
+	if ( empty($label) )
+		$label = __('&laquo; Older Comments');
+
+	return '<a href="' . clean_url( get_comments_pagenum_link( $prevpage ) ) . '" ' . apply_filters( 'previous_comments_link_attributes', '' ) . '>' . preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>';
 }
 
 /**
@@ -1286,27 +1322,8 @@ function next_comments_link($label='', $max_page = 0) {
  *
  * @param string $label Optional. Label for comments link text.
  */
-function previous_comments_link($label='') {
-
-	if ( !is_singular() )
-		return;
-
-	$page = get_query_var('cpage');
-
-	if ( !$page )
-		$page = 1;
-
-	if ( $page <= 1 )
-		return;
-
-	$prevpage = intval($page) - 1;
-
-	if ( empty($label) )
-		$label = __('&laquo; Older Comments');
-
-	echo '<a href="' . clean_url(get_comments_pagenum_link($prevpage));
-	$attr = apply_filters( 'previous_comments_link_attributes', '' );
-	echo "\" $attr>". preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>';
+function previous_comments_link( $label = '' ) {
+	echo get_previous_comments_link( $label );
 }
 
 /**
@@ -1337,7 +1354,7 @@ function paginate_comments_links($args = array()) {
 		'add_fragment' => '#comments'
 	);
 	if ( $wp_rewrite->using_permalinks() )
-		$defaults['base'] = user_trailingslashit(get_permalink() . 'comment-page-%#%', 'commentpaged');
+		$defaults['base'] = user_trailingslashit(trailingslashit(get_permalink()) . 'comment-page-%#%', 'commentpaged');
 
 	$args = wp_parse_args( $args, $defaults );
 	$page_links = paginate_links( $args );

wp-includes/pluggable.php

@@ -1210,7 +1210,7 @@ if ( !function_exists('wp_salt') ) :
  * Below is an example of how the SECRET_KEY constant is defined with a value.
  * You must not copy the below example and paste into your wp-config.php. If you
  * need an example, then you can have a
- * {@link http://api.wordpress.org/secret-key/1.0/ secret key created} for you.
+ * {@link https://api.wordpress.org/secret-key/1.1/ secret key created} for you.
  *
  * <code>
  * define('SECRET_KEY', 'mAry1HadA15|\/|b17w55w1t3asSn09w');
@@ -1221,7 +1221,7 @@ if ( !function_exists('wp_salt') ) :
  * salt string is not weak.
  *
  * @since 2.5
- * @link http://api.wordpress.org/secret-key/1.0/ Create a Secret Key for wp-config.php
+ * @link https://api.wordpress.org/secret-key/1.1/ Create a Secret Key for wp-config.php
  *
  * @return string Salt value from either 'SECRET_KEY' or 'secret' option
  */
@@ -1394,6 +1394,8 @@ if ( !function_exists('wp_generate_password') ) :
  *
  * @since 2.5
  *
+ * @param int $length The length of password to generate
+ * @param bool $special_chars Whether to include standard special characters 
  * @return string The random password
  **/
 function wp_generate_password($length = 12, $special_chars = true) {
@@ -1527,21 +1529,26 @@ function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) {
 			$default = $avatar_default;
 	}
 
+ 	if ( is_ssl() )
+		$host = 'https://secure.gravatar.com'; 
+	else
+		$host = 'http://www.gravatar.com';
+
 	if ( 'mystery' == $default )
-		$default = "http://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com')
+		$default = "$host/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com')
 	elseif ( 'blank' == $default )
 		$default = includes_url('images/blank.gif');
 	elseif ( !empty($email) && 'gravatar_default' == $default )
 		$default = '';
 	elseif ( 'gravatar_default' == $default )
-		$default = "http://www.gravatar.com/avatar/s={$size}";
+		$default = "$host/avatar/s={$size}";
 	elseif ( empty($email) )
-		$default = "http://www.gravatar.com/avatar/?d=$default&amp;s={$size}";
+		$default = "$host/avatar/?d=$default&amp;s={$size}";
 	elseif ( strpos($default, 'http://') === 0 )
 		$default = add_query_arg( 's', $size, $default );
 
 	if ( !empty($email) ) {
-		$out = 'http://www.gravatar.com/avatar/';
+		$out = "$host/avatar/";
 		$out .= md5( strtolower( $email ) );
 		$out .= '?s='.$size;
 		$out .= '&amp;d=' . urlencode( $default );

wp-includes/post-template.php

@@ -223,7 +223,7 @@ function get_the_content($more_link_text = null, $stripteaser = 0, $more_file =
 
 	}
 	if ( $preview ) // preview fix for javascript bug with foreign languages
-		$output =	preg_replace('/\%u([0-9A-F]{4,4})/e',	"'&#'.base_convert('\\1',16,10).';'", $output);
+		$output =	preg_replace_callback('/\%u([0-9A-F]{4})/', create_function('$match', 'return "&#" . base_convert($match[1], 16, 10) . ";";'), $output);
 
 	return $output;
 }
@@ -607,7 +607,7 @@ function wp_list_pages($args = '') {
 	$current_page = 0;
 
 	// sanitize, mostly to keep spaces out
-	$r['exclude'] = preg_replace('[^0-9,]', '', $r['exclude']);
+	$r['exclude'] = preg_replace('/[^0-9,]/', '', $r['exclude']);
 
 	// Allow plugins to filter an array of excluded pages
 	$r['exclude'] = implode(',', apply_filters('wp_list_pages_excludes', explode(',', $r['exclude'])));
@@ -680,7 +680,7 @@ function wp_page_menu( $args = array() ) {
 		$class = '';
 		if ( is_front_page() && !is_paged() )
 			$class = 'class="current_page_item"';
-		$menu .= '<li ' . $class . '><a href="' . get_option('home') . '">' . $link_before . $text . $link_after . '</a></li>';
+		$menu .= '<li ' . $class . '><a href="' . get_option('home') . '">' . $args['link_before'] . $text . $args['link_after'] . '</a></li>';
 		// If the front page is a page, add it to the exclude list
 		if (get_option('show_on_front') == 'page') {
 			if ( !empty( $list_args['exclude'] ) ) {
@@ -1048,7 +1048,7 @@ function wp_post_revision_title( $revision, $link = true ) {
 	$autosavef = __( '%s [Autosave]' );
 	$currentf  = __( '%s [Current Revision]' );
 
-	$date = date_i18n( $datef, strtotime( $revision->post_modified_gmt . ' +0000' ) );
+	$date = date_i18n( $datef, strtotime( $revision->post_modified ) );
 	if ( $link && current_user_can( 'edit_post', $revision->ID ) && $link = get_edit_post_link( $revision->ID ) )
 		$date = "<a href='$link'>$date</a>";
 

wp-includes/post.php

@@ -215,11 +215,13 @@ function &get_post(&$post, $output = OBJECT, $filter = 'raw') {
 			$_post = & $GLOBALS['post'];
 		else
 			return $null;
-	} elseif ( is_object($post) ) {
+	} elseif ( is_object($post) && empty($post->filter) ) {
 		_get_post_ancestors($post);
 		wp_cache_add($post->ID, $post, 'posts');
 		$_post = &$post;
 	} else {
+		if ( is_object($post) )
+			$post = $post->ID;
 		$post = (int) $post;
 		if ( ! $_post = wp_cache_get($post, 'posts') ) {
 			$_post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post));
@@ -739,7 +741,7 @@ function get_post_custom_keys( $post_id = 0 ) {
 function get_post_custom_values( $key = '', $post_id = 0 ) {
 	$custom = get_post_custom($post_id);
 
-	return $custom[$key];
+	return isset($custom[$key]) ? $custom[$key] : null;
 }
 
 /**
@@ -792,12 +794,15 @@ function sanitize_post($post, $context = 'display') {
 			$post->ID = 0;
 		foreach ( array_keys(get_object_vars($post)) as $field )
 			$post->$field = sanitize_post_field($field, $post->$field, $post->ID, $context);
+		$post->filter = $context;
 	} else {
 		if ( !isset($post['ID']) )
 			$post['ID'] = 0;
 		foreach ( array_keys($post) as $field )
 			$post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context);
+		$post['filter'] = $context;
 	}
+
 	return $post;
 }
 
@@ -2535,6 +2540,10 @@ function wp_get_attachment_url( $post_id = 0 ) {
 		if ( ($uploads = wp_upload_dir()) && false === $uploads['error'] ) { //Get upload directory
 			if ( 0 === strpos($file, $uploads['basedir']) ) //Check that the upload base exists in the file location
 				$url = str_replace($uploads['basedir'], $uploads['baseurl'], $file); //replace file location with url location
+			elseif ( false !== strpos($file, 'wp-content/uploads') )
+				$url = $uploads['baseurl'] . substr( $file, strpos($file, 'wp-content/uploads') + 18 );
+			else
+				$url = $uploads['baseurl'] . "/$file"; //Its a newly uploaded file, therefor $file is relative to the basedir.
 		}
 	}
 

wp-includes/script-loader.php

@@ -103,7 +103,7 @@ function wp_default_scripts( &$scripts ) {
 	$scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array('jquery'), '20');
 	$scripts->add( 'jquery-hotkeys', '/wp-includes/js/jquery/jquery.hotkeys.js', array('jquery'), '0.0.2' );
 	$scripts->add( 'jquery-table-hotkeys', '/wp-includes/js/jquery/jquery.table-hotkeys.js', array('jquery', 'jquery-hotkeys'), '20081128' );
-	$scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array('jquery'), '3.1-20080430');
+	$scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array('jquery'), '3.1-20090123');
 	$scripts->add( 'swfupload', '/wp-includes/js/swfupload/swfupload.js', false, '2.2.0-20081031');
 	$scripts->add( 'swfupload-degrade', '/wp-includes/js/swfupload/plugins/swfupload.graceful_degradation.js', array('swfupload'), '2.2.0-20081031');
 	$scripts->add( 'swfupload-swfobject', '/wp-includes/js/swfupload/plugins/swfupload.swfobject.js', array('swfupload'), '2.2.0-20081031');

wp-includes/taxonomy.php

@@ -534,6 +534,10 @@ function get_term_to_edit( $id, $taxonomy ) {
  * of term ids to exclude from the return array.  If 'include' is non-empty,
  * 'exclude' is ignored.
  *
+ * exclude_tree - A comma- or space-delimited string of term ids to exclude
+ * from the return array, along with all of their descendant terms according to 
+ * the primary taxonomy.  If 'include' is non-empty, 'exclude_tree' is ignored.
+ *
  * include - Default is an empty string.  A comma- or space-delimited string
  * of term ids to include in the return array.
  *
@@ -604,7 +608,7 @@ function &get_terms($taxonomies, $args = '') {
 	$in_taxonomies = "'" . implode("', '", $taxonomies) . "'";
 
 	$defaults = array('orderby' => 'name', 'order' => 'ASC',
-		'hide_empty' => true, 'exclude' => '', 'include' => '',
+		'hide_empty' => true, 'exclude' => '', 'exclude_tree' => '', 'include' => '',
 		'number' => '', 'fields' => 'all', 'slug' => '', 'parent' => '',
 		'hierarchical' => true, 'child_of' => 0, 'get' => '', 'name__like' => '',
 		'pad_counts' => false, 'offset' => '', 'search' => '');
@@ -668,6 +672,7 @@ function &get_terms($taxonomies, $args = '') {
 	$inclusions = '';
 	if ( !empty($include) ) {
 		$exclude = '';
+		$exclude_tree = '';
 		$interms = preg_split('/[\s,]+/',$include);
 		if ( count($interms) ) {
 			foreach ( (array) $interms as $interm ) {
@@ -684,11 +689,25 @@ function &get_terms($taxonomies, $args = '') {
 	$where .= $inclusions;
 
 	$exclusions = '';
+	if ( ! empty( $exclude_tree ) ) {
+		$excluded_trunks = preg_split('/[\s,]+/',$exclude_tree);
+		foreach( (array) $excluded_trunks as $extrunk ) {
+			$excluded_children = (array) get_terms($taxonomies[0], array('child_of' => intval($extrunk), 'fields' => 'ids'));	
+			$excluded_children[] = $extrunk;
+			foreach( (array) $excluded_children as $exterm ) {
+				if ( empty($exclusions) )
+					$exclusions = ' AND ( t.term_id <> ' . intval($exterm) . ' ';
+				else
+					$exclusions .= ' AND t.term_id <> ' . intval($exterm) . ' ';
+
+			}
+		}
+	}
 	if ( !empty($exclude) ) {
 		$exterms = preg_split('/[\s,]+/',$exclude);
 		if ( count($exterms) ) {
 			foreach ( (array) $exterms as $exterm ) {
-				if (empty($exclusions))
+				if ( empty($exclusions) )
 					$exclusions = ' AND ( t.term_id <> ' . intval($exterm) . ' ';
 				else
 					$exclusions .= ' AND t.term_id <> ' . intval($exterm) . ' ';
@@ -717,14 +736,15 @@ function &get_terms($taxonomies, $args = '') {
 	if ( $hide_empty && !$hierarchical )
 		$where .= ' AND tt.count > 0';
 
-	if ( !empty($number) ) {
+	// don't limit the query results when we have to descend the family tree 
+	if ( ! empty($number) && ! $hierarchical && empty( $child_of ) && '' == $parent ) {
 		if( $offset )
-			$number = 'LIMIT ' . $offset . ',' . $number;
+			$limit = 'LIMIT ' . $offset . ',' . $number;
 		else
-			$number = 'LIMIT ' . $number;
+			$limit = 'LIMIT ' . $number;
 
 	} else
-		$number = '';
+		$limit = '';
 
 	if ( !empty($search) ) {
 		$search = like_escape($search);
@@ -739,13 +759,11 @@ function &get_terms($taxonomies, $args = '') {
 	else if ( 'names' == $fields )
 		$select_this = 't.term_id, tt.parent, tt.count, t.name';
 
-	$query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ($in_taxonomies) $where ORDER BY $orderby $order $number";
+	$query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ($in_taxonomies) $where ORDER BY $orderby $order $limit";
 
+	$terms = $wpdb->get_results($query);
 	if ( 'all' == $fields ) {
-		$terms = $wpdb->get_results($query);
 		update_term_cache($terms);
-	} else if ( ('ids' == $fields) || ('names' == $fields) ) {
-		$terms = $wpdb->get_results($query);
 	}
 
 	if ( empty($terms) ) {
@@ -793,6 +811,10 @@ function &get_terms($taxonomies, $args = '') {
 		$terms = $_terms;
 	}
 
+	if ( 0 < $number && intval(@count($terms)) > $number ) {
+		$terms = array_slice($terms, $offset, $number);
+	}
+
 	wp_cache_add( $cache_key, $terms, 'terms' );
 
 	$terms = apply_filters('get_terms', $terms, $taxonomies, $args);

wp-includes/theme.php

@@ -849,7 +849,7 @@ function preview_theme() {
 	if ( !current_user_can( 'switch_themes' ) )
 		return;
 
-	$_GET['template'] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET['template']);
+	$_GET['template'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['template']);
 
 	if ( validate_file($_GET['template']) )
 		return;
@@ -857,7 +857,7 @@ function preview_theme() {
 	add_filter('template', create_function('', "return '{$_GET['template']}';") );
 
 	if ( isset($_GET['stylesheet']) ) {
-		$_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET['stylesheet']);
+		$_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['stylesheet']);
 		if ( validate_file($_GET['stylesheet']) )
 			return;
 		add_filter('stylesheet', create_function('', "return '{$_GET['stylesheet']}';") );

wp-includes/version.php

@@ -8,7 +8,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '2.7-RC2-10171';
+$wp_version = '2.7.1';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

wp-includes/widgets.php

@@ -548,7 +548,7 @@ function is_dynamic_sidebar() {
 function wp_get_sidebars_widgets($update = true) {
 	global $wp_registered_widgets, $wp_registered_sidebars;
 
-	$sidebars_widgets = get_option('sidebars_widgets');
+	$sidebars_widgets = get_option('sidebars_widgets', array());
 	$_sidebars_widgets = array();
 
 	if ( !isset($sidebars_widgets['array_version']) )
@@ -618,7 +618,8 @@ function wp_get_sidebars_widgets($update = true) {
 				update_option('sidebars_widgets', $sidebars_widgets);
 	}
 
-	unset($sidebars_widgets['array_version']);
+	if ( isset($sidebars_widgets['array_version']) )
+		unset($sidebars_widgets['array_version']);
 
 	$sidebars_widgets = apply_filters('sidebars_widgets', $sidebars_widgets);
 	return $sidebars_widgets;
@@ -1398,7 +1399,7 @@ function wp_widget_recent_comments($args) {
 			<?php echo $before_title . $title . $after_title; ?>
 			<ul id="recentcomments"><?php
 			if ( $comments ) : foreach ( (array) $comments as $comment) :
-			echo  '<li class="recentcomments">' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="'. get_comment_link($comment->comment_ID) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
+			echo  '<li class="recentcomments">' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="' . clean_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
 			endforeach; endif;?></ul>
 		<?php echo $after_widget; ?>
 <?php
@@ -2092,7 +2093,7 @@ function widget_many_register() {
 }
 
 // This is important
-add_action( 'widgets_init', 'widget_many_register' )
+add_action( 'widgets_init', 'widget_many_register' );
 
 */
 

wp-settings.php

@@ -15,6 +15,8 @@ if ( !defined('WP_MEMORY_LIMIT') )
 if ( function_exists('memory_get_usage') && ( (int) @ini_get('memory_limit') < abs(intval(WP_MEMORY_LIMIT)) ) )
 	@ini_set('memory_limit', WP_MEMORY_LIMIT);
 
+set_magic_quotes_runtime(0);
+@ini_set('magic_quotes_sybase', 0);
 
 /**
  * Turn register globals off.
@@ -199,7 +201,13 @@ timer_start();
 if (defined('WP_DEBUG') and WP_DEBUG == true) {
 	error_reporting(E_ALL);
 } else {
-	error_reporting(E_ALL ^ E_NOTICE ^ E_USER_NOTICE);
+	// Unicode Extension is in PHP 6.0 only or do version check when this changes.
+	if ( function_exists('unicode_decode') ) 
+		error_reporting( E_ALL ^ E_DEPRECATED ^ E_NOTICE ^ E_USER_NOTICE ^ E_STRICT );
+	else if ( defined( 'E_DEPRECATED' ) ) // Introduced in PHP 5.3
+		error_reporting( E_ALL ^ E_DEPRECATED ^ E_NOTICE ^ E_USER_NOTICE );
+	else
+		error_reporting(E_ALL ^ E_NOTICE ^ E_USER_NOTICE);
 }
 
 // For an advanced caching plugin to use, static because you would only want one

xmlrpc.php

@@ -1258,8 +1258,6 @@ class wp_xmlrpc_server extends IXR_Server {
 		} else {
 			$logged_in = true;
 			set_current_user( 0, $username );
-			if ( !current_user_can( 'moderate_comments' ) )
-				return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) );
 		}
 
 		if ( is_numeric($post) )
@@ -1285,12 +1283,15 @@ class wp_xmlrpc_server extends IXR_Server {
 			$comment['comment_author'] = '';
 			if ( isset($content_struct['author']) )
 				$comment['comment_author'] = $content_struct['author'];
+
 			$comment['comment_author_email'] = '';
-			if ( isset($content_struct['author']) )
+			if ( isset($content_struct['author_email']) )
 				$comment['comment_author_email'] = $content_struct['author_email'];
+
 			$comment['comment_author_url'] = '';
-			if ( isset($content_struct['author']) )
+			if ( isset($content_struct['author_url']) )
 				$comment['comment_author_url'] = $content_struct['author_url'];
+
 			$comment['user_ID'] = 0;
 
 			if ( get_option('require_name_email') ) {
@@ -2761,7 +2762,8 @@ class wp_xmlrpc_server extends IXR_Server {
 			foreach ( $cats as $cat ) {
 				$struct['categoryId'] = $cat->term_id;
 				$struct['parentId'] = $cat->parent;
-				$struct['description'] = $cat->description;
+				$struct['description'] = $cat->name;
+				$struct['categoryDescription'] = $cat->description;
 				$struct['categoryName'] = $cat->name;
 				$struct['htmlUrl'] = wp_specialchars(get_category_link($cat->term_id));
 				$struct['rssUrl'] = wp_specialchars(get_category_feed_link($cat->term_id, 'rss2'));