--- wp-pass.php
+++ wp-pass.php
@@ -7,5 +7,5 @@
 // 10 days
 setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
 
-wp_redirect($_SERVER['HTTP_REFERER']);
+wp_redirect(wp_get_referer());
 ?>
\ No newline at end of file
--- wp-login.php
+++ wp-login.php
@@ -27,7 +27,7 @@
 
 	$redirect_to = 'wp-login.php';
 	if ( isset($_REQUEST['redirect_to']) )
-		$redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_REQUEST['redirect_to']);
+		$redirect_to = $_REQUEST['redirect_to'];
 			
 	wp_redirect($redirect_to);
 	exit();
@@ -170,7 +170,6 @@
 		$redirect_to = 'wp-admin/';
 	else
 		$redirect_to = $_REQUEST['redirect_to'];
-	$redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $redirect_to);
 
 	if( $_POST ) {
 		$user_login = $_POST['log'];
@@ -205,6 +204,8 @@
 			if ( $using_cookie )			
 				$error = __('Your session has expired.');
 		}
+	} else if ( $user_login || $user_pass ) {
+		$error = __('<strong>Error</strong>: The password field is empty.');
 	}
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -237,7 +238,7 @@
   <?php _e('Remember me'); ?></label></p>
 <p class="submit">
 	<input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> &raquo;" tabindex="4" />
-	<input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?>" />
 </p>
 </form>
 <ul>
--- wp-includes/class-snoopy.php
+++ wp-includes/class-snoopy.php
@@ -78,7 +78,7 @@
 	var $error			=	"";					// error messages sent here
 	var	$response_code	=	"";					// response code returned from server
 	var	$headers		=	array();			// headers returned from server sent here
-	var	$maxlength		=	500000;				// max return data length (body)
+	var	$maxlength		=	8192;				// max return data length (body)
 	var $read_timeout	=	0;					// timeout on read operations, in seconds
 												// supported only since PHP 4 Beta 4
 												// set to 0 to disallow timeouts
@@ -720,13 +720,13 @@
 							chr(176),
 							chr(39),
 							chr(128),
-							"ä",
-							"ö",
-							"ü",
-							"Ä",
-							"Ö",
-							"Ü",
-							"ß",
+							"ä",
+							"ö",
+							"ü",
+							"Ä",
+							"Ö",
+							"Ü",
+							"ß",
 						);
 					
 		$text = preg_replace($search,$replace,$document);
@@ -1238,7 +1238,9 @@
 						if (!is_readable($file_name)) continue;
 
 						$fp = fopen($file_name, "r");
-						$file_content = fread($fp, filesize($file_name));
+						while (!feof($fp)) {
+							$file_content = fread($fp, filesize($file_name));
+						}
 						fclose($fp);
 						$base_name = basename($file_name);
 
--- wp-includes/default-filters.php
+++ wp-includes/default-filters.php
@@ -44,6 +44,7 @@
 
 add_filter('comment_text', 'convert_chars');
 add_filter('comment_text', 'make_clickable');
+add_filter('comment_text', 'force_balance_tags', 25);
 add_filter('comment_text', 'wpautop', 30);
 add_filter('comment_text', 'convert_smilies', 20);
 
@@ -73,10 +74,8 @@
 add_filter('pre_user_nickname', 'trim');
 add_filter('pre_user_nickname', 'wp_filter_kses');
 add_filter('pre_user_nickname', 'wp_specialchars', 30);
-add_filter('pre_user_description', 'strip_tags');
 add_filter('pre_user_description', 'trim');
 add_filter('pre_user_description', 'wp_filter_kses');
-add_filter('pre_user_description', 'wp_specialchars', 30);
 add_filter('pre_user_url', 'strip_tags');
 add_filter('pre_user_url', 'trim');
 add_filter('pre_user_url', 'clean_url');
@@ -106,11 +105,12 @@
 // RSS filters
 add_filter('the_title_rss', 'strip_tags');
 add_filter('the_title_rss', 'ent2ncr', 8);
+add_filter('the_title_rss', 'wp_specialchars');
 add_filter('the_content_rss', 'ent2ncr', 8);
 add_filter('the_excerpt_rss', 'convert_chars');
 add_filter('the_excerpt_rss', 'ent2ncr', 8);
 add_filter('comment_author_rss', 'ent2ncr', 8);
-add_filter('comment_text_rss', 'htmlspecialchars');
+add_filter('comment_text_rss', 'wp_specialchars');
 add_filter('comment_text_rss', 'ent2ncr', 8);
 add_filter('bloginfo_rss', 'ent2ncr', 8);
 add_filter('the_author', 'ent2ncr', 8);
@@ -118,5 +118,6 @@
 // Actions
 add_action('publish_post', 'generic_ping');
 add_action('wp_head', 'rsd_link');
+add_action('sanitize_comment_cookies', 'sanitize_comment_cookies');
 
-?>
\ No newline at end of file
+?>
--- wp-includes/template-functions-general.php
+++ wp-includes/template-functions-general.php
@@ -399,9 +399,11 @@
 function get_calendar($daylength = 1) {
 	global $wpdb, $m, $monthnum, $year, $timedifference, $month, $month_abbrev, $weekday, $weekday_initial, $weekday_abbrev, $posts;
 
-	// Quick check. If we have no posts at all, abort!
+	$now = current_time('mysql');
+
+	// Quick check. If we have no posts yet published, abort!
 	if ( !$posts ) {
-		$gotsome = $wpdb->get_var("SELECT ID from $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date DESC LIMIT 1");
+		$gotsome = $wpdb->get_var("SELECT ID from $wpdb->posts WHERE post_status = 'publish' AND post_date < '$now' ORDER BY post_date DESC LIMIT 1");
 		if ( !$gotsome )
 			return;
 	}
@@ -447,6 +449,7 @@
 	$next = $wpdb->get_row("SELECT	DISTINCT MONTH(post_date) AS month, YEAR(post_date) AS year
 		FROM $wpdb->posts
 		WHERE post_date >	'$thisyear-$thismonth-01'
+		AND post_date < '$now'
 		AND MONTH( post_date ) != MONTH( '$thisyear-$thismonth-01' )
 		AND post_status = 'publish' 
 			ORDER	BY post_date ASC
--- wp-includes/wp-db.php
+++ wp-includes/wp-db.php
@@ -93,12 +93,14 @@
 		$EZSQL_ERROR[] = 
 		array ('query' => $this->last_query, 'error_str' => $str);
 
+		$str = htmlspecialchars($str, ENT_QUOTES);
+		$query = htmlspecialchars($this->last_query, ENT_QUOTES);
 		// Is error output turned on or not..
 		if ( $this->show_errors ) {
 			// If there is an error then take note of it
 			print "<div id='error'>
 			<p class='wpdberror'><strong>WordPress database error:</strong> [$str]<br />
-			<code>$this->last_query</code></p>
+			<code>$query</code></p>
 			</div>";
 		} else {
 			return false;	
--- wp-includes/functions-formatting.php
+++ wp-includes/functions-formatting.php
@@ -98,12 +98,16 @@
 
 function wp_specialchars( $text, $quotes = 0 ) {
 	// Like htmlspecialchars except don't double-encode HTML entities
-	$text = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&#038;$1', $text);-
+	$text = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&#038;$1', $text);
 	$text = str_replace('<', '&lt;', $text);
 	$text = str_replace('>', '&gt;', $text);
-	if ( $quotes ) {
+	if ( 'double' === $quotes ) {
 		$text = str_replace('"', '&quot;', $text);
+	} elseif ( 'single' === $quotes ) {
 		$text = str_replace("'", '&#039;', $text);
+	} elseif ( $quotes ) {
+		$text = str_replace('"', '&quot;', $text);
+		$text = str_replace("'", '&#039;', $text);
 	}
 	return $text;
 }
@@ -141,6 +145,9 @@
 }
 
 function remove_accents($string) {
+	if ( !preg_match('/[\x80-\xff]/', $string) )
+		return $string;
+
 	if (seems_utf8($string)) {
 		$chars = array(
 		// Decompositions for Latin-1 Supplement
@@ -501,6 +508,9 @@
 	return $newtext;
 }
 
+function force_balance_tags($text) {
+	return balanceTags($text, 0, true);
+}
 
 function format_to_edit($content, $richedit = false) {
 	$content = apply_filters('format_to_edit', $content);
@@ -517,10 +527,11 @@
 
 function zeroise($number,$threshold) { // function to add leading zeros when necessary
 	return sprintf('%0'.$threshold.'s', $number);
-	}
+}
 
 
 function backslashit($string) {
+	$string = preg_replace('/^([0-9])/', '\\\\\\\\\1', $string);
 	$string = preg_replace('/([a-z])/i', '\\\\\1', $string);
 	return $string;
 }
@@ -570,10 +581,11 @@
 }
 
 function make_clickable($ret) {
-	$ret = ' ' . $ret . ' ';
-	$ret = preg_replace("#([\s>])(https?)://([^\s<>{}()]+[^\s.,<>{}()])#i", "$1<a href='$2://$3' rel='nofollow'>$2://$3</a>", $ret);
-	$ret = preg_replace("#(\s)www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^ <>{}()\n\r]*[^., <>{}()\n\r]?)?)#i", "$1<a href='http://www.$2.$3$4' rel='nofollow'>www.$2.$3$4</a>", $ret);
-	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([a-z0-9\-_.]+)\.([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3.$4\">$2@$3.$4</a>", $ret);
+	$ret = ' ' . $ret;
+	$ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='$2' rel='nofollow'>$2</a>", $ret);
+	$ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='http://$2' rel='nofollow'>$2</a>", $ret);
+	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3\">$2@$3</a>", $ret);
+	$ret = substr($ret, 1);
 	$ret = trim($ret);
 	return $ret;
 }
@@ -1018,6 +1030,7 @@
 // Escape single quotes, specialchar double quotes, and fix line endings.
 function js_escape($text) {
 	$text = wp_specialchars($text, 'double');
-	return preg_replace("/\r?\n/", "\\n", addslashes($text));	
+	$text = str_replace('&#039;', "'", $text);
+	return preg_replace("/\r?\n/", "\\n", addslashes($text));
 }
 ?>
--- wp-includes/gettext.php
+++ wp-includes/gettext.php
@@ -61,15 +61,12 @@
    * @return Integer from the Stream
    */
   function readint() {
-      $stream = $this->STREAM->read(4);
       if ($this->BYTEORDER == 0) {
         // low endian
-        $unpacked = unpack('V',$stream);
-        return array_shift($unpacked);
+        return array_shift(unpack('V', $this->STREAM->read(4)));
       } else {
         // big endian
-        $unpacked = unpack('N',$stream);
-        return array_shift($unpacked);
+        return array_shift(unpack('N', $this->STREAM->read(4)));
       }
     }
 
@@ -97,7 +94,7 @@
    */
   function gettext_reader($Reader, $enable_cache = true) {
     // If there isn't a StreamReader, turn on short circuit mode.
-    if (! $Reader) {
+    if (! $Reader || isset($Reader->error) ) {
       $this->short_circuit = true;
       return;
     }
@@ -105,16 +102,16 @@
     // Caching can be turned off
     $this->enable_cache = $enable_cache;
 
-    // $MAGIC1 = (int)0x950412de; //bug in PHP 5
+    // $MAGIC1 = (int)0x950412de; //bug in PHP 5.0.2, see https://savannah.nongnu.org/bugs/?func=detailitem&item_id=10565
     $MAGIC1 = (int) - 1794895138;
     // $MAGIC2 = (int)0xde120495; //bug
     $MAGIC2 = (int) - 569244523;
 
     $this->STREAM = $Reader;
     $magic = $this->readint();
-    if ($magic == $MAGIC1) {
+    if ($magic == ($MAGIC1 & 0xFFFFFFFF)) { // to make sure it works for 64-bit platforms
       $this->BYTEORDER = 0;
-    } elseif ($magic == $MAGIC2) {
+    } elseif ($magic == ($MAGIC2 & 0xFFFFFFFF)) {
       $this->BYTEORDER = 1;
     } else {
       $this->error = 1; // not MO file
@@ -282,7 +279,7 @@
       } else {
         $header = $this->get_translation_string(0);
       }
-      if (eregi("plural-forms: (.*)\n", $header, $regs))
+      if (eregi("plural-forms: ([^\n]*)\n", $header, $regs))
         $expr = $regs[1];
       else
         $expr = "nplurals=2; plural=n == 1 ? 0 : 1;";
@@ -308,7 +305,7 @@
     $plural = 0;
 
     eval("$string");
-    if ($plural >= $total) $plural = 0;
+    if ($plural >= $total) $plural = $total - 1;
     return $plural;
   }
 
--- wp-includes/version.php
+++ wp-includes/version.php
@@ -2,7 +2,7 @@
 
 // This just holds the version number, in a separate file so we can bump it without cluttering the SVN
 
-$wp_version = '2.0.3';
+$wp_version = '2.0.4';
 $wp_db_version = 3440;
 
 ?>
--- wp-includes/functions-post.php
+++ wp-includes/functions-post.php
@@ -684,7 +684,7 @@
 function wp_proxy_check($ipnum) {
 	if ( get_option('open_proxy_check') && isset($ipnum) ) {
 		$rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) );
-		$lookup = $rev_ip . '.opm.blitzed.org.';
+		$lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
 		if ( $lookup != gethostbyname( $lookup ) )
 			return true;
 	}
@@ -917,8 +917,12 @@
 
 function wp_upload_bits($name, $type, $bits) {
 	if ( empty($name) )
-		return array('error' => "Empty filename");
+		return array('error' => __("Empty filename"));
 
+	$wp_filetype = wp_check_filetype($name);
+	if ( !$wp_filetype['ext'] )
+		return array('error' => __("Invalid file type"));
+
 	$upload = wp_upload_dir();
 	
 	if ( $upload['error'] !== false )
@@ -963,4 +967,59 @@
 	return array('file' => $new_file, 'url' => $url, 'error' => false);
 }
 
+function wp_check_filetype($filename, $mimes = null) {
+	// Accepted MIME types are set here as PCRE unless provided.
+	$mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array (
+		'jpg|jpeg|jpe' => 'image/jpeg',
+		'gif' => 'image/gif',
+		'png' => 'image/png',
+		'bmp' => 'image/bmp',
+		'tif|tiff' => 'image/tiff',
+		'ico' => 'image/x-icon',
+		'asf|asx|wax|wmv|wmx' => 'video/asf',
+		'avi' => 'video/avi',
+		'mov|qt' => 'video/quicktime',
+		'mpeg|mpg|mpe' => 'video/mpeg',
+		'txt|c|cc|h' => 'text/plain',
+		'rtx' => 'text/richtext',
+		'css' => 'text/css',
+		'htm|html' => 'text/html',
+		'mp3|mp4' => 'audio/mpeg',
+		'ra|ram' => 'audio/x-realaudio',
+		'wav' => 'audio/wav',
+		'ogg' => 'audio/ogg',
+		'mid|midi' => 'audio/midi',
+		'wma' => 'audio/wma',
+		'rtf' => 'application/rtf',
+		'js' => 'application/javascript',
+		'pdf' => 'application/pdf',
+		'doc' => 'application/msword',
+		'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
+		'wri' => 'application/vnd.ms-write',
+		'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
+		'mdb' => 'application/vnd.ms-access',
+		'mpp' => 'application/vnd.ms-project',
+		'swf' => 'application/x-shockwave-flash',
+		'class' => 'application/java',
+		'tar' => 'application/x-tar',
+		'zip' => 'application/zip',
+		'gz|gzip' => 'application/x-gzip',
+		'exe' => 'application/x-msdownload'
+	));
+
+	$type = false;
+	$ext = false;
+
+	foreach ($mimes as $ext_preg => $mime_match) {
+		$ext_preg = '!\.(' . $ext_preg . ')$!i';
+		if ( preg_match($ext_preg, $filename, $ext_matches) ) {
+			$type = $mime_match;
+			$ext = $ext_matches[1];
+			break;
+		}
+	}
+
+	return compact('ext', 'type');
+}
+
 ?>
--- wp-includes/classes.php
+++ wp-includes/classes.php
@@ -305,6 +305,7 @@
 		if (isset($q['page'])) {
 			$q['page'] = trim($q['page'], '/');
 			$q['page'] = (int) $q['page'];
+			$q['page'] = abs($q['page']);
 		}
 	
 		$add_hours = intval(get_settings('gmt_offset'));
@@ -617,15 +618,21 @@
 
 		// Paging
 		if (empty($q['nopaging']) && ! $this->is_single && ! $this->is_page) {
-			$page = $q['paged'];
+			$page = abs(intval($q['paged']));
 			if (empty($page)) {
 				$page = 1;
 			}
 
 			if (($q['what_to_show'] == 'posts')) {
-				$pgstrt = '';
-				$pgstrt = (intval($page) -1) * $q['posts_per_page'] . ', ';
-				$limits = 'LIMIT '.$pgstrt.$q['posts_per_page'];
+				$q['offset'] = abs(intval($q['offset']));
+				if ( empty($q['offset']) ) {
+					$pgstrt = '';
+					$pgstrt = (intval($page) -1) * $q['posts_per_page'] . ', ';
+					$limits = 'LIMIT '.$pgstrt.$q['posts_per_page'];
+				} else { // we're ignoring $page and using 'offset'
+					$pgstrt = $q['offset'] . ', ';
+					$limits = 'LIMIT ' . $pgstrt . $q['posts_per_page'];
+				}
 			} elseif ($q['what_to_show'] == 'days') {
 				$startrow = $q['posts_per_page'] * (intval($page)-1);
 				$start_date = $wpdb->get_var("SELECT max(post_date) FROM $wpdb->posts $join WHERE (1=1) $where GROUP BY year(post_date), month(post_date), dayofmonth(post_date) ORDER BY post_date DESC LIMIT $startrow,1");
@@ -1609,6 +1616,7 @@
 			nocache_headers();
 		if ( !empty($this->query_vars['error']) && '404' == $this->query_vars['error'] ) {
 			status_header( 404 );
+			@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
 		} else if ( empty($this->query_vars['feed']) ) {
 			@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
 		} else {
--- wp-includes/kses.php
+++ wp-includes/kses.php
@@ -1,8 +1,8 @@
 <?php
 
 // Added wp_ prefix to avoid conflicts with existing kses users
-# kses 0.2.1 - HTML/XHTML filter that only allows some elements and attributes
-# Copyright (C) 2002, 2003  Ulf Harnhammar
+# kses 0.2.2 - HTML/XHTML filter that only allows some elements and attributes
+# Copyright (C) 2002, 2003, 2005  Ulf Harnhammar
 # *** CONTACT INFORMATION ***
 #
 # E-mail:      metaur at users dot sourceforge dot net
@@ -113,7 +113,7 @@
 	$elem = $matches[2];
 	$attrlist = $matches[3];
 
-	if (!@ is_array($allowed_html[strtolower($elem)]))
+	if (!@isset($allowed_html[strtolower($elem)]))
 		return '';
 	# They are using a not allowed HTML element
 
@@ -366,6 +366,7 @@
 ###############################################################################
 {
 	$string = wp_kses_no_null($string);
+	$string = preg_replace('/\xad+/', '', $string); # deals with Opera "feature"
 	$string2 = $string.'a';
 
 	while ($string != $string2) {
@@ -378,7 +379,7 @@
 
 function wp_kses_no_null($string)
 ###############################################################################
-# This function removes any NULL or chr(173) characters in $string.
+# This function removes any NULL characters in $string.
 ###############################################################################
 {
 	$string = preg_replace('/\0+/', '', $string);
@@ -454,6 +455,8 @@
 	$string2 = wp_kses_decode_entities($string);
 	$string2 = preg_replace('/\s/', '', $string2);
 	$string2 = wp_kses_no_null($string2);
+	$string2 = preg_replace('/\xad+/', '', $string2);
+	# deals with Opera "feature"
 	$string2 = strtolower($string2);
 
 	$allowed = false;
--- wp-includes/pluggable-functions.php
+++ wp-includes/pluggable-functions.php
@@ -221,7 +221,7 @@
 			 (empty($_COOKIE[USER_COOKIE])) ) {
 		nocache_headers();
 	
-		header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
+		wp_redirect(get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
 		exit();
 	}
 }
@@ -229,44 +229,25 @@
 
 if ( !function_exists('check_admin_referer') ) :
 function check_admin_referer($action = -1) {
-	global $pagenow;
 	$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
-	$referer = strtolower($_SERVER['HTTP_REFERER']);
+	$referer = strtolower(wp_get_referer());
 	if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
 		!(-1 == $action && strstr($referer, $adminurl)) ) {
-		
-		$html  = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n";
-		$html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";
-		$html .= "</head>\n<body>\n";
-		if ( $_POST ) {
-			$q = http_build_query($_POST);
-			$q = explode( ini_get('arg_separator.output'), $q);
-			$html .= "\t<form method='post' action='$pagenow'>\n";
-			foreach ( (array) $q as $a ) {
-				$v = substr(strstr($a, '='), 1);
-				$k = substr($a, 0, -(strlen($v)+1));
-				$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
-			}
-			$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
-			$html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n";
-		} else {
-			$html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n";
-		}
-		$html .= "</body>\n</html>";
-
-		die($html);
+		wp_nonce_ays($action);
+		die();
 	}
-	do_action('check_admin_referer');
-}endif;
+	do_action('check_admin_referer', $action);
+}
+endif;
 
 if ( !function_exists('check_ajax_referer') ) :
 function check_ajax_referer() {
 	$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
 	foreach ( $cookie as $tasty ) {
 		if ( false !== strpos($tasty, USER_COOKIE) )
-			$user = substr(strstr($tasty, '='), 1);
+			$user = urldecode(substr(strstr($tasty, '='), 1)); // Nasty double encoding
 		if ( false !== strpos($tasty, PASS_COOKIE) )
-			$pass = substr(strstr($tasty, '='), 1);
+			$pass = urldecode(substr(strstr($tasty, '='), 1));
 	}
 	if ( wp_login( $user, $pass, true ) )
 		return true;
@@ -280,8 +261,11 @@
 function wp_redirect($location) {
 	global $is_IIS;
 
-	$location = str_replace( array("\n", "\r"), '', $location);
+	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
 
+	$strip = array('%0d', '%0a');
+	$location = str_replace($strip, '', $location);
+
 	if ($is_IIS)
 		header("Refresh: 0;url=$location");
 	else
--- wp-includes/comment-functions.php
+++ wp-includes/comment-functions.php
@@ -5,27 +5,14 @@
 function comments_template( $file = '/comments.php' ) {
 	global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;
 
-	if ( is_single() || is_page() || $withcomments ) :
-		$req = get_settings('require_name_email');
-		$comment_author = '';
-		if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
-			$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
-			$comment_author = stripslashes($comment_author);
-			$comment_author = wp_specialchars($comment_author, true);
-		}
-		$comment_author_email = '';
-		if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
-			$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
-			$comment_author_email = stripslashes($comment_author_email);
-			$comment_author_email = wp_specialchars($comment_author_email, true);		
-		}
-		$comment_author_url = '';
-		if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
-			$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
-			$comment_author_url = stripslashes($comment_author_url);
-			$comment_author_url = wp_specialchars($comment_author_url, true);		
-		}
+	if ( ! (is_single() || is_page() || $withcomments) )
+		return;
 
+	$req = get_settings('require_name_email');
+	$commenter = wp_get_current_commenter();
+	extract($commenter);
+
+	// TODO: Use API instead of SELECTs.
 	if ( empty($comment_author) ) {
 		$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
 	} else {
@@ -40,8 +27,6 @@
 		require( $include );
 	else
 		require( ABSPATH . 'wp-content/themes/default/comments.php');
-
-	endif;
 }
 
 function wp_new_comment( $commentdata ) {
@@ -221,8 +206,10 @@
 		return false;
 
 	$post_id = $comment->comment_post_ID;
-	if ( $post_id && $comment->comment_approved == 1 )
-		$wpdb->query( "UPDATE $wpdb->posts SET comment_count = comment_count - 1 WHERE ID = '$post_id'" );
+	if ( $post_id && $comment->comment_approved == 1 ) {
+		$count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1'");
+		$wpdb->query( "UPDATE $wpdb->posts SET comment_count = $count WHERE ID = '$post_id'" );
+	}
 
 	do_action('wp_set_comment_status', $comment_id, 'delete');
 	return true;
@@ -328,7 +315,8 @@
 		if (!empty($CSSclass)) {
 			echo ' class="'.$CSSclass.'"';
 		}
-		echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">';
+		$title = wp_specialchars(apply_filters('the_title', get_the_title()), true);
+		echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">';
 		comments_number($zero, $one, $more, $number);
 		echo '</a>';
 	}
@@ -905,4 +893,45 @@
 	return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date");
 }
 
+function sanitize_comment_cookies() {
+	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
+		$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
+		$comment_author = stripslashes($comment_author);
+		$comment_author = wp_specialchars($comment_author, true);
+		$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
+	}
+
+	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
+		$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
+		$comment_author_email = stripslashes($comment_author_email);
+		$comment_author_email = wp_specialchars($comment_author_email, true);	
+		$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
+	}
+
+	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
+		$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
+		$comment_author_url = stripslashes($comment_author_url);
+		$comment_author_url = wp_specialchars($comment_author_url, true);
+		$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
+	}
+}
+
+function wp_get_current_commenter() {
+	// Cookies should already be sanitized.
+
+	$comment_author = '';
+	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) )
+		$comment_author = $_COOKIE['comment_author_'.COOKIEHASH];
+
+	$comment_author_email = '';
+	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) )
+		$comment_author_email = $_COOKIE['comment_author_email_'.COOKIEHASH];
+
+	$comment_author_url = '';
+	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) )
+		$comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH];
+
+	return compact('comment_author', 'comment_author_email', 'comment_author_url');
+}
+
 ?>
--- wp-includes/functions.php
+++ wp-includes/functions.php
@@ -32,10 +32,10 @@
 		$dateweekday = $weekday[date('w', $i)];
 		$dateweekday_abbrev = $weekday_abbrev[$dateweekday];
 		$dateformatstring = ' '.$dateformatstring;
-		$dateformatstring = preg_replace("/([^\\\])D/", "\${1}".backslashit($dateweekday_abbrev), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])F/", "\${1}".backslashit($datemonth), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])l/", "\${1}".backslashit($dateweekday), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])M/", "\${1}".backslashit($datemonth_abbrev), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit($dateweekday_abbrev), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit($datemonth_abbrev), $dateformatstring);
 
 		$dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1);
 	}
@@ -71,10 +71,10 @@
 		$dateweekday = $weekday[date('w', $i)];
 		$dateweekday_abbrev = $weekday_abbrev[$dateweekday];
 		$dateformatstring = ' '.$dateformatstring;
-		$dateformatstring = preg_replace("/([^\\\])D/", "\${1}".backslashit($dateweekday_abbrev), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])F/", "\${1}".backslashit($datemonth), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])l/", "\${1}".backslashit($dateweekday), $dateformatstring);
-		$dateformatstring = preg_replace("/([^\\\])M/", "\${1}".backslashit($datemonth_abbrev), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit($dateweekday_abbrev), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring);
+		$dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit($datemonth_abbrev), $dateformatstring);
 		$dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1);
 	}
 	$j = @date($dateformatstring, $i);
@@ -748,6 +748,8 @@
 		}
 	}
 
+	$_category = apply_filters('get_category', $_category);
+
 	if ( !isset($_category->fullpath) ) {
 		$_category = set_category_path($_category);
 		wp_cache_replace($_category->cat_ID, $_category, 'category');	
@@ -994,7 +996,7 @@
 }
 
 function spawn_pinger() {
-	global $wpdb;
+	global $wpdb, $wp_version;
 	$doping = false;
 	if ( $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE TRIM(to_ping) != '' LIMIT 1") )
 		$doping = true;
@@ -1010,7 +1012,7 @@
 		$parts = parse_url($ping_url);
 		$argyle = @ fsockopen($parts['host'], $_SERVER['SERVER_PORT'], $errno, $errstr, 0.01);
 		if ( $argyle )
-			fputs($argyle, "GET {$parts['path']}?time=".time()." HTTP/1.0\r\nHost: {$_SERVER['HTTP_HOST']}\r\n\r\n");
+			fputs($argyle, "GET {$parts['path']}?time=".time()." HTTP/1.0\r\nHost: {$_SERVER['HTTP_HOST']}\r\nUser-Agent: WordPress/{$wp_version}\r\n\r\n");
        }
 }
 
@@ -1252,6 +1254,7 @@
 
 	// rebuild the list of filters
 	if ( isset($wp_filter[$tag]["$priority"]) ) {
+		$new_function_list = array();
 		foreach($wp_filter[$tag]["$priority"] as $filter) {
 			if ( $filter['function'] != $function_to_remove ) {
 				$new_function_list[] = $filter;
@@ -1738,24 +1741,24 @@
 	preg_match("|Author URI:(.*)|i", $theme_data, $author_uri);
 	preg_match("|Template:(.*)|i", $theme_data, $template);
 	if ( preg_match("|Version:(.*)|i", $theme_data, $version) )
-		$version = $version[1];
+		$version = trim($version[1]);
 	else
 		$version ='';
 	if ( preg_match("|Status:(.*)|i", $theme_data, $status) )
-		$status = $status[1];
+		$status = trim($status[1]);
 	else
-		$status ='publish';
+		$status = 'publish';
 
-	$description = wptexturize($description[1]);
+	$description = wptexturize(trim($description[1]));
 
 	$name = $theme_name[1];
 	$name = trim($name);
 	$theme = $name;
 
 	if ( '' == $author_uri[1] ) {
-		$author = $author_name[1];
+		$author = trim($author_name[1]);
 	} else {
-		$author = '<a href="' . $author_uri[1] . '" title="' . __('Visit author homepage') . '">' . $author_name[1] . '</a>';
+		$author = '<a href="' . trim($author_uri[1]) . '" title="' . __('Visit author homepage') . '">' . trim($author_name[1]) . '</a>';
 	}
 
 	return array('Name' => $name, 'Title' => $theme, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1], 'Status' => $status);
@@ -2082,6 +2085,13 @@
 			$uri = @func_get_arg(2);
 	}
 
+	if ( preg_match('|^https?://|i', $uri, $matches) ) {
+		$protocol = $matches[0];
+		$uri = substr($uri, strlen($protocol));
+	} else {
+		$protocol = '';
+	}
+
 	if ( strstr($uri, '?') ) {
 		$parts = explode('?', $uri, 2);
 		if ( 1 == count($parts) ) {
@@ -2091,8 +2101,7 @@
 			$base = $parts[0] . '?';
 			$query = $parts[1];
 		}
-	}
-	else if ( strstr($uri, '/') ) {
+	} else if ( !empty($protocol) || strstr($uri, '/') ) {
 		$base = $uri . '?';
 		$query = '';
 	} else {
@@ -2115,7 +2124,7 @@
 			$ret .= "$k=$v";
 		}
 	}
-	$ret = $base . $ret;
+	$ret = $protocol . $base . $ret;
 	return trim($ret, '?');
 }
 
@@ -2309,11 +2318,189 @@
 }
 
 function wp_nonce_url($actionurl, $action = -1) {
-	return add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl);
+	return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
 }
 
 function wp_nonce_field($action = -1) {
 	echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
+	wp_referer_field();
 }
 
+function wp_referer_field() {
+	$ref = wp_specialchars($_SERVER['REQUEST_URI']);
+	echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
+	if ( wp_get_original_referer() ) {
+		$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+		echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
+	}
+}
+
+function wp_original_referer_field() {
+	echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+}
+
+function wp_get_referer() {
+	foreach ( array($_REQUEST['_wp_http_referer'], $_SERVER['HTTP_REFERER']) as $ref )
+		if ( !empty($ref) )
+			return $ref;
+	return false;
+}
+
+function wp_get_original_referer() {
+	if ( !empty($_REQUEST['_wp_original_http_referer']) )
+		return $_REQUEST['_wp_original_http_referer'];
+	return false;
+}
+
+function wp_explain_nonce($action) {
+	if ( $action !== -1 && preg_match('/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches) ) {
+		$verb = $matches[1];
+		$noun = $matches[2];
+
+		$trans = array();
+		$trans['update']['attachment'] = array(__('Are you sure you want to edit this attachment: &quot;%s&quot;?'), 'get_the_title');
+
+		$trans['add']['category'] = array(__('Are you sure you want to add this category?'), false);
+		$trans['delete']['category'] = array(__('Are you sure you want to delete this category: &quot;%s&quot;?'), 'get_catname');
+		$trans['update']['category'] = array(__('Are you sure you want to edit this category: &quot;%s&quot;?'), 'get_catname');
+
+		$trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['update']['comment'] = array(__('Are you sure you want to edit this comment: &quot;%s&quot;?'), 'use_id');
+		$trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false);
+		$trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false);
+
+		$trans['add']['bookmark'] = array(__('Are you sure you want to add this bookmark?'), false);
+		$trans['delete']['bookmark'] = array(__('Are you sure you want to delete this bookmark: &quot;%s&quot;?'), 'use_id');
+		$trans['update']['bookmark'] = array(__('Are you sure you want to edit this bookmark: &quot;%s&quot;?'), 'use_id');
+		$trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify bookmarks?'), false);
+
+		$trans['add']['page'] = array(__('Are you sure you want to add this page?'), false);
+		$trans['delete']['page'] = array(__('Are you sure you want to delete this page: &quot;%s&quot;?'), 'get_the_title');
+		$trans['update']['page'] = array(__('Are you sure you want to edit this page: &quot;%s&quot;?'), 'get_the_title');
+
+		$trans['edit']['plugin'] = array(__('Are you sure you want to edit this plugin file: &quot;%s&quot;?'), 'use_id');
+		$trans['activate']['plugin'] = array(__('Are you sure you want to activate this plugin: &quot;%s&quot;?'), 'use_id');
+		$trans['deactivate']['plugin'] = array(__('Are you sure you want to deactivate this plugin: &quot;%s&quot;?'), 'use_id');
+
+		$trans['add']['post'] = array(__('Are you sure you want to add this post?'), false);
+		$trans['delete']['post'] = array(__('Are you sure you want to delete this post: &quot;%s&quot;?'), 'get_the_title');
+		$trans['update']['post'] = array(__('Are you sure you want to edit this post: &quot;%s&quot;?'), 'get_the_title');
+
+		$trans['add']['user'] = array(__('Are you sure you want to add this user?'), false);
+		$trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false);
+		$trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false);
+		$trans['update']['user'] = array(__('Are you sure you want to edit this user: &quot;%s&quot;?'), 'get_author_name');
+		$trans['update']['profile'] = array(__('Are you sure you want to modify the profile for: &quot;%s&quot;?'), 'get_author_name');
+
+		$trans['update']['options'] = array(__('Are you sure you want to edit your settings?'), false);
+		$trans['update']['permalink'] = array(__('Are you sure you want to change your permalink structure to: %s?'), 'use_id');
+		$trans['edit']['file'] = array(__('Are you sure you want to edit this file: &quot;%s&quot;?'), 'use_id');
+		$trans['edit']['theme'] = array(__('Are you sure you want to edit this theme file: &quot;%s&quot;?'), 'use_id');
+		$trans['switch']['theme'] = array(__('Are you sure you want to switch to this theme: &quot;%s&quot;?'), 'use_id');
+
+		if ( isset($trans[$verb][$noun]) ) {
+			if ( !empty($trans[$verb][$noun][1]) ) {
+				$lookup = $trans[$verb][$noun][1];
+				$object = $matches[4];
+				if ( 'use_id' != $lookup )
+					$object = call_user_func($lookup, $object);
+				return sprintf($trans[$verb][$noun][0], $object);
+			} else {
+				return $trans[$verb][$noun][0];
+			}
+		}
+	}
+
+	return __('Are you sure you want to do this');
+}
+
+function wp_nonce_ays($action) {
+	global $pagenow, $menu, $submenu, $parent_file, $submenu_file;
+
+	$adminurl = get_settings('siteurl') . '/wp-admin';
+	if ( wp_get_referer() )
+		$adminurl = wp_get_referer();
+
+	$title = __('WordPress Confirmation');
+	// Remove extra layer of slashes.
+	$_POST   = stripslashes_deep($_POST  );
+	if ( $_POST ) {
+		$q = http_build_query($_POST);
+		$q = explode( ini_get('arg_separator.output'), $q);
+		$html .= "\t<form method='post' action='$pagenow'>\n";
+		foreach ( (array) $q as $a ) {
+			$v = substr(strstr($a, '='), 1);
+			$k = substr($a, 0, -(strlen($v)+1));
+			$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
+		}
+		$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
+		$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
+	} else {
+		$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
+	}
+	$html .= "</body>\n</html>";
+	wp_die($html, $title);
+}
+
+function wp_die($message, $title = '') {
+	header('Content-Type: text/html; charset=utf-8');
+
+	if ( empty($title) )
+		$title = __('WordPress &rsaquo; Error');
 ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+	<title><?php echo $title ?></title>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+	<style media="screen" type="text/css">
+	<!--
+	html {
+		background: #eee;
+	}
+	body {
+		background: #fff;
+		color: #000;
+		font-family: Georgia, "Times New Roman", Times, serif;
+		margin-left: 25%;
+		margin-right: 25%;
+		padding: .2em 2em;
+	}
+
+	h1 {
+		color: #006;
+		font-size: 18px;
+		font-weight: lighter;
+	}
+
+	h2 {
+		font-size: 16px;
+	}
+
+	p, li, dt {
+		line-height: 140%;
+		padding-bottom: 2px;
+	}
+
+	ul, ol {
+		padding: 5px 5px 5px 20px;
+	}
+	#logo {
+		margin-bottom: 2em;
+	}
+	-->
+	</style>
+</head>
+<body>
+	<h1 id="logo"><img alt="WordPress" src="<?php echo get_settings('siteurl'); ?>/wp-admin/images/wordpress-logo.png" /></h1>
+	<p><?php echo $message; ?></p>
+</body>
+</html>
+<?php
+
+	die();
+}
+
+?>
\ No newline at end of file
--- wp-includes/vars.php
+++ wp-includes/vars.php
@@ -1,7 +1,7 @@
 <?php
 
 // On which page are we ?
-if (preg_match('#([^/]+.php)#', $PHP_SELF, $self_matches)) {
+if (preg_match('#([^/]+\.php)$#', $PHP_SELF, $self_matches)) {
 	$pagenow = $self_matches[1];
 } else if (strstr($PHP_SELF, '?')) {
 	$pagenow = explode('/', $PHP_SELF);
@@ -14,20 +14,18 @@
 
 // Simple browser detection
 $is_lynx = 0; $is_gecko = 0; $is_winIE = 0; $is_macIE = 0; $is_opera = 0; $is_NS4 = 0;
-if (!isset($HTTP_USER_AGENT)) {
-	$HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
-}
-if (preg_match('/Lynx/', $HTTP_USER_AGENT)) {
+
+if (preg_match('/Lynx/', $_SERVER['HTTP_USER_AGENT'])) {
 	$is_lynx = 1;
-} elseif (preg_match('/Gecko/', $HTTP_USER_AGENT)) {
+} elseif (preg_match('/Gecko/', $_SERVER['HTTP_USER_AGENT'])) {
 	$is_gecko = 1;
-} elseif ((preg_match('/MSIE/', $HTTP_USER_AGENT)) && (preg_match('/Win/', $HTTP_USER_AGENT))) {
+} elseif ((preg_match('/MSIE/', $_SERVER['HTTP_USER_AGENT'])) && (preg_match('/Win/', $_SERVER['HTTP_USER_AGENT']))) {
 	$is_winIE = 1;
-} elseif ((preg_match('/MSIE/', $HTTP_USER_AGENT)) && (preg_match('/Mac/', $HTTP_USER_AGENT))) {
+} elseif ((preg_match('/MSIE/', $_SERVER['HTTP_USER_AGENT'])) && (preg_match('/Mac/', $_SERVER['HTTP_USER_AGENT']))) {
 	$is_macIE = 1;
-} elseif (preg_match('/Opera/', $HTTP_USER_AGENT)) {
+} elseif (preg_match('/Opera/', $_SERVER['HTTP_USER_AGENT'])) {
 	$is_opera = 1;
-} elseif ((preg_match('/Nav/', $HTTP_USER_AGENT) ) || (preg_match('/Mozilla\/4\./', $HTTP_USER_AGENT))) {
+} elseif ((preg_match('/Nav/', $_SERVER['HTTP_USER_AGENT']) ) || (preg_match('/Mozilla\/4\./', $_SERVER['HTTP_USER_AGENT']))) {
 	$is_NS4 = 1;
 }
 $is_IE    = (($is_macIE) || ($is_winIE));
@@ -44,51 +42,50 @@
 // if the config file does not provide the smilies array, let's define it here
 if (!isset($wpsmiliestrans)) {
 	$wpsmiliestrans = array(
-	' :)'        => 'icon_smile.gif',
-	' :D'        => 'icon_biggrin.gif',
-	' :-D'       => 'icon_biggrin.gif',
-	':grin:'    => 'icon_biggrin.gif',
-	' :)'        => 'icon_smile.gif',
-	' :-)'       => 'icon_smile.gif',
-	':smile:'   => 'icon_smile.gif',
-	' :('        => 'icon_sad.gif',
-	' :-('       => 'icon_sad.gif',
-	':sad:'     => 'icon_sad.gif',
-	' :o'        => 'icon_surprised.gif',
-	' :-o'       => 'icon_surprised.gif',
-	':eek:'     => 'icon_surprised.gif',
-	' 8O'        => 'icon_eek.gif',
-	' 8-O'       => 'icon_eek.gif',
-	':shock:'   => 'icon_eek.gif',
-	' :?'        => 'icon_confused.gif',
-	' :-?'       => 'icon_confused.gif',
-	' :???:'     => 'icon_confused.gif',
-	' 8)'        => 'icon_cool.gif',
-	' 8-)'       => 'icon_cool.gif',
-	':cool:'    => 'icon_cool.gif',
-	':lol:'     => 'icon_lol.gif',
-	' :x'        => 'icon_mad.gif',
-	' :-x'       => 'icon_mad.gif',
-	':mad:'     => 'icon_mad.gif',
-	' :P'        => 'icon_razz.gif',
-	' :-P'       => 'icon_razz.gif',
-	':razz:'    => 'icon_razz.gif',
-	':oops:'    => 'icon_redface.gif',
-	':cry:'     => 'icon_cry.gif',
-	':evil:'    => 'icon_evil.gif',
-	':twisted:' => 'icon_twisted.gif',
-	':roll:'    => 'icon_rolleyes.gif',
-	':wink:'    => 'icon_wink.gif',
-	' ;)'        => 'icon_wink.gif',
-	' ;-)'       => 'icon_wink.gif',
-	':!:'       => 'icon_exclaim.gif',
-	':?:'       => 'icon_question.gif',
-	':idea:'    => 'icon_idea.gif',
-	':arrow:'   => 'icon_arrow.gif',
-	' :|'        => 'icon_neutral.gif',
-	' :-|'       => 'icon_neutral.gif',
-	':neutral:' => 'icon_neutral.gif',
-	':mrgreen:' => 'icon_mrgreen.gif',
+	':mrgreen:'	=> 'icon_mrgreen.gif',
+	':neutral:'	=> 'icon_neutral.gif',
+	':twisted:'	=> 'icon_twisted.gif',
+	':arrow:'	=> 'icon_arrow.gif',
+	':shock:'	=> 'icon_eek.gif',
+	':smile:'	=> 'icon_smile.gif',
+	' :???:'	=> 'icon_confused.gif',
+	':cool:'	=> 'icon_cool.gif',
+	':evil:'	=> 'icon_evil.gif',
+	':grin:'	=> 'icon_biggrin.gif',
+	':idea:'	=> 'icon_idea.gif',
+	':oops:'	=> 'icon_redface.gif',
+	':razz:'	=> 'icon_razz.gif',
+	':roll:'	=> 'icon_rolleyes.gif',
+	':wink:'	=> 'icon_wink.gif',
+	':cry:'		=> 'icon_cry.gif',
+	':eek:'		=> 'icon_surprised.gif',
+	':lol:'		=> 'icon_lol.gif',
+	':mad:'		=> 'icon_mad.gif',
+	':sad:'		=> 'icon_sad.gif',
+	' 8-)'		=> 'icon_cool.gif',
+	' 8-O'		=> 'icon_eek.gif',
+	' :-('		=> 'icon_sad.gif',
+	' :-)'		=> 'icon_smile.gif',
+	' :-?'		=> 'icon_confused.gif',
+	' :-D'		=> 'icon_biggrin.gif',
+	' :-P'		=> 'icon_razz.gif',
+	' :-o'		=> 'icon_surprised.gif',
+	' :-x'		=> 'icon_mad.gif',
+	' :-|'		=> 'icon_neutral.gif',
+	' ;-)'		=> 'icon_wink.gif',
+	' 8)'		=> 'icon_cool.gif',
+	' 8O'		=> 'icon_eek.gif',
+	' :('		=> 'icon_sad.gif',
+	' :)'		=> 'icon_smile.gif',
+	' :?'		=> 'icon_confused.gif',
+	' :D'		=> 'icon_biggrin.gif',
+	' :P'		=> 'icon_razz.gif',
+	' :o'		=> 'icon_surprised.gif',
+	' :x'		=> 'icon_mad.gif',
+	' :|'		=> 'icon_neutral.gif',
+	' ;)'		=> 'icon_wink.gif',
+	':!:'		=> 'icon_exclaim.gif',
+	':?:'		=> 'icon_question.gif',
 	);
 }
 
--- wp-includes/streams.php
+++ wp-includes/streams.php
@@ -105,7 +105,14 @@
   function read($bytes) {
     if ($bytes) {
       fseek($this->_fd, $this->_pos);
-      $data = fread($this->_fd, $bytes);
+
+      // PHP 5.1.1 does not read more than 8192 bytes in one fread()
+      // the discussions at PHP Bugs suggest it's the intended behaviour
+      while ($bytes > 0) {
+        $chunk  = fread($this->_fd, $bytes);
+        $data  .= $chunk;
+        $bytes -= strlen($chunk);
+      }
       $this->_pos = ftell($this->_fd);
       
       return $data;
--- wp-includes/template-functions-author.php
+++ wp-includes/template-functions-author.php
@@ -133,7 +133,7 @@
 	echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
 }
 
-function get_author_link($echo = false, $author_id, $author_nicename) {
+function get_author_link($echo = false, $author_id, $author_nicename = '') {
 	global $wpdb, $wp_rewrite, $post, $cache_userdata;
 	$auth_ID = $author_id;
 	$link = $wp_rewrite->get_author_permastruct();
@@ -142,8 +142,11 @@
 		$file = get_settings('home') . '/';
 		$link = $file . '?author=' . $auth_ID;
 	} else {
-		if ( '' == $author_nicename )
-			$author_nicename = $cache_userdata[$author_id]->user_nicename;
+		if ( '' == $author_nicename ) {
+			$user = get_userdata($author_id);
+			if ( !empty($user->user_nicename) )
+				$author_nicename = $user->user_nicename;
+		}
 		$link = str_replace('%author%', $author_nicename, $link);
 		$link = get_settings('home') . trailingslashit($link);
 	}
--- xmlrpc.php
+++ xmlrpc.php
@@ -1228,10 +1228,12 @@
 		$pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
 		$original_title = $title;
 
-		$comment_post_ID = $post_ID;
+		$comment_post_ID = (int) $post_ID;
 		$comment_author = $title;
+		$this->escape($comment_author);
 		$comment_author_url = $pagelinkedfrom;
 		$comment_content = $context;
+		$this->escape($comment_content);
 		$comment_type = 'pingback';
 
 		$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type');
--- wp-content/plugins/wp-db-backup.php
+++ wp-content/plugins/wp-db-backup.php
@@ -320,11 +320,11 @@
 	
 	///////////////////////////////
 	function admin_menu() {
-		add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));
+		add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
 	}
 
 	function fragment_menu() {
-		add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));
+		add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
 	}
 
 	/////////////////////////////////////////////////////////
@@ -885,6 +885,9 @@
 
 function wpdbBackup_init() {
 	global $mywpdbbackup;
+
+	if ( !current_user_can('import') ) return;
+
 	$mywpdbbackup = new wpdbBackup(); 	
 }
 
--- wp-content/themes/classic/comments-popup.php
+++ wp-content/themes/classic/comments-popup.php
@@ -29,9 +29,8 @@
 
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $commentstatus = get_post($id);
 if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) {  // and it doesn't match the cookie
--- wp-content/themes/default/footer.php
+++ wp-content/themes/default/footer.php
@@ -1,6 +1,7 @@
 
 <hr />
 <div id="footer">
+<!-- If you'd like to support WordPress, having the "powered by" link someone on your blog is the best way, it's our only promotion or advertising. -->
 	<p>
 		<?php bloginfo('name'); ?> is proudly powered by 
 		<a href="http://wordpress.org/">WordPress</a>
--- wp-content/themes/default/style.css
+++ wp-content/themes/default/style.css
@@ -2,7 +2,7 @@
 Theme Name: WordPress Default
 Theme URI: http://wordpress.org/
 Description: The default WordPress theme based on the famous <a href="http://binarybonsai.com/kubrick/">Kubrick</a>.
-Version: 1.5
+Version: 1.6
 Author: Michael Heilemann
 Author URI: http://binarybonsai.com/
 
@@ -14,13 +14,7 @@
 
 	The CSS, XHTML and design is released under GPL:
 	http://www.opensource.org/licenses/gpl-license.php
-	
 
-	*** REGARDING IMAGES ***
-	All CSS that involves the use of images, can be found in the 'index.php' file.
-	This is to ease installation inside subdirectories of a server.
-
-	Have fun, and don't be afraid to contact me if you have questions.
 */
 
 
@@ -29,7 +23,7 @@
 body {
 	font-size: 62.5%; /* Resets 1em to 10px */
 	font-family: 'Lucida Grande', Verdana, Arial, Sans-Serif;
-	background-color: #d5d6d7;
+	background: #d5d6d7 url('images/kubrickbgcolor.jpg');
 	color: #333;
 	text-align: center;
 	}
@@ -41,9 +35,15 @@
 	}
 
 #header {
-	background-color: #73a0c5;
+	background: #73a0c5 url('images/kubrickheader.jpg') no-repeat bottom center;
 	}
 
+#headerimg 	{ 
+	margin: 7px 9px 0; 
+	height: 192px; 
+	width: 740px; 
+	} 
+
 #content {
 	font-size: 1.2em
 	}
@@ -59,7 +59,7 @@
 .widecolumn {
 	line-height: 1.6em;
 	}
-	
+
 .narrowcolumn .postmetadata {
 	text-align: center;
 	}
@@ -71,7 +71,8 @@
 	}
 
 #footer {
-	background-color: #eee;
+	background: #eee url('images/kubrickfooter.jpg') no-repeat top; 
+	border: none;
 	}
 
 small {
@@ -132,7 +133,7 @@
 .commentlist li, #commentform input, #commentform textarea {
 	font: 0.9em 'Lucida Grande', Verdana, Arial, Sans-Serif;
 	}
-	
+
 .commentlist li {
 	font-weight: bold;
 	}
@@ -164,7 +165,7 @@
 small, #sidebar ul ul li, #sidebar ul ol li, .nocomments, .postmetadata, blockquote, strike {
 	color: #777;
 	}
-	
+
 code {
 	font: 1.1em 'Courier New', Courier, Fixed;
 	}
@@ -184,7 +185,7 @@
 	color: #147;
 	text-decoration: underline;
 	}
-	
+
 #wp-calendar #prev a {
 	font-size: 9pt;
 	}
@@ -208,7 +209,7 @@
 
 /* Begin Structure */
 body {
-	margin: 0;
+	margin: 0 0 20px 0;
 	padding: 0; 
 	}
 
@@ -219,13 +220,13 @@
 	width: 760px;
 	border: 1px solid #959596;
 	}
-	
+
 #header {
-	padding: 0;
-	margin: 0 auto;
-	height: 200px;
-	width: 100%;
 	background-color: #73a0c5;
+	margin: 0 0 0 1px; 
+	padding: 0; 
+	height: 200px; 
+	width: 758px;
 	}
 
 #headerimg {
@@ -246,7 +247,7 @@
 	margin: 5px 0 0 150px;
 	width: 450px;
 	}
-	
+
 .post {
 	margin: 0 0 40px;
 	text-align: justify;
@@ -281,7 +282,7 @@
 }
 
 #footer {
-	padding: 0 0 0 1px;
+	padding: 0;
 	margin: 0 auto;
 	width: 760px;
 	clear: both;
@@ -339,13 +340,13 @@
 	thought?!) align the image to the right. And using 'class="centered',
 	will of course center the image. This is much better than using
 	align="center", being much more futureproof (and valid) */
-	
+
 img.centered {
 	display: block;
 	margin-left: auto;
 	margin-right: auto;
 	}
-	
+
 img.alignright {
 	padding: 4px;
 	margin: 0 0 2px 7px;
@@ -361,7 +362,7 @@
 .alignright {
 	float: right;
 	}
-	
+
 .alignleft {
 	float: left
 	}
@@ -405,7 +406,7 @@
 	list-style-type: none;
 	list-style-image: none;
 	}
-	
+
 #sidebar ul, #sidebar ul ol {
 	margin: 0;
 	padding: 0;
@@ -449,7 +450,7 @@
 	}
 
 #sidebar #searchform #s {
-	width: 115px;
+	width: 108px;
 	padding: 2px;
 	}
 
--- wp-content/themes/default/archives.php
+++ wp-content/themes/default/archives.php
@@ -20,6 +20,6 @@
      <?php wp_list_cats(); ?>
   </ul>
 
-</div>	
+</div>
 
 <?php get_footer(); ?>
--- wp-content/themes/default/search.php
+++ wp-content/themes/default/search.php
@@ -5,7 +5,7 @@
 	<?php if (have_posts()) : ?>
 
 		<h2 class="pagetitle">Search Results</h2>
-		
+
 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
@@ -13,28 +13,28 @@
 
 
 		<?php while (have_posts()) : the_post(); ?>
-				
+
 			<div class="post">
 				<h3 id="post-<?php the_ID(); ?>"><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h3>
 				<small><?php the_time('l, F jS, Y') ?></small>
-		
+
 				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
 			</div>
-	
+
 		<?php endwhile; ?>
 
 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
 		</div>
-	
+
 	<?php else : ?>
 
 		<h2 class="center">No posts found. Try a different search?</h2>
 		<?php include (TEMPLATEPATH . '/searchform.php'); ?>
 
 	<?php endif; ?>
-		
+
 	</div>
 
 <?php get_sidebar(); ?>
--- wp-content/themes/default/index.php
+++ wp-content/themes/default/index.php
@@ -3,27 +3,27 @@
 	<div id="content" class="narrowcolumn">
 
 	<?php if (have_posts()) : ?>
-		
+
 		<?php while (have_posts()) : the_post(); ?>
-				
+
 			<div class="post" id="post-<?php the_ID(); ?>">
 				<h2><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h2>
 				<small><?php the_time('F jS, Y') ?> <!-- by <?php the_author() ?> --></small>
-				
+
 				<div class="entry">
 					<?php the_content('Read the rest of this entry &raquo;'); ?>
 				</div>
-		
+
 				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p>
 			</div>
-	
+
 		<?php endwhile; ?>
 
 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
 		</div>
-		
+
 	<?php else : ?>
 
 		<h2 class="center">Not Found</h2>
--- wp-content/themes/default/functions.php
+++ wp-content/themes/default/functions.php
@@ -57,7 +57,7 @@
 	$color = kubrick_header_color();
 	if ( false === $color )
 		return 'white';
-		
+
 	return $color;
 }
 
@@ -100,21 +100,21 @@
 					}
 				}
 			} else {
-	
+
 				if ( isset($_REQUEST['headerimage']) ) {
 					if ( '' == $_REQUEST['headerimage'] )
 						delete_option('kubrick_header_image');
 					else
 						update_option('kubrick_header_image', $_REQUEST['headerimage']);
 				}
-	
+
 				if ( isset($_REQUEST['fontcolor']) ) {
 					if ( '' == $_REQUEST['fontcolor'] )
 						delete_option('kubrick_header_color');
 					else
 						update_option('kubrick_header_color', $_REQUEST['fontcolor']);
 				}
-	
+
 				if ( isset($_REQUEST['fontdisplay']) ) {
 					if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] )
 						delete_option('kubrick_header_display');
@@ -123,7 +123,7 @@
 				}
 			}
 			//print_r($_REQUEST);
-			header("Location: themes.php?page=functions.php&saved=true");
+			wp_redirect("themes.php?page=functions.php&saved=true");
 			die;
 		}
 		add_action('admin_head', 'kubrick_theme_page_head');
@@ -135,6 +135,7 @@
 ?>
 <script type="text/javascript" src="../wp-includes/js/colorpicker.js"></script>
 <script type='text/javascript'>
+// <![CDATA[
 	function pickColor(color) {
 		ColorPicker_targetInput.value = color;
 		kUpdate(ColorPicker_targetInput.id);
@@ -239,6 +240,7 @@
 		document.getElementById('nonJsForm').style.display = 'none';
 	}
 	addLoadEvent(kInit);
+// ]]>
 </script>
 <style type='text/css'>
 	#headwrap {
@@ -268,7 +270,7 @@
 		font-family: 'Lucida Grande', Verdana, Arial, Sans-Serif;
 		font-size: 1.2em;
 		text-align: center;
-	}	
+	}
 	#kubrick-header #header {
 		text-decoration: none;
 		color: <?php echo kubrick_header_color_string(); ?>;
@@ -351,13 +353,13 @@
 		</div>
 		<br />
 		<div id="nonJsForm">
-			<form method="POST">
+			<form method="post" action="">
 				<div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div>
 				<label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo kubrick_header_color(); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />
 				<label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo kubrick_upper_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
 				<label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo kubrick_lower_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
 				<input type="hidden" name="hi" id="hi" value="<?php echo kubrick_header_image(); ?>" />
-				<label> </label><input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />
+				<input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />
 				<input type="submit" name="defaults" value="Use Defaults" />
 				<input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;Save&nbsp;&nbsp;" />
 				<input type="hidden" name="action" value="save" />
@@ -381,7 +383,7 @@
 			</form>
 			<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
 			<div id="advanced">
-				<form id="jsAdvanced" style="display:none;">
+				<form id="jsAdvanced" style="display:none;" action="">
 					<label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo kubrick_header_color(); ?>" /><br />
 					<label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo kubrick_upper_color(); ?>" /><br />
 					<label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo kubrick_lower_color(); ?>" /><br />
--- wp-content/themes/default/sidebar.php
+++ wp-content/themes/default/sidebar.php
@@ -1,6 +1,6 @@
 	<div id="sidebar">
 		<ul>
-			
+
 			<li>
 				<?php include (TEMPLATEPATH . '/searchform.php'); ?>
 			</li>
@@ -15,11 +15,11 @@
 			<?php /* If this is a 404 page */ if (is_404()) { ?>
 			<?php /* If this is a category archive */ } elseif (is_category()) { ?>
 			<p>You are currently browsing the archives for the <?php single_cat_title(''); ?> category.</p>
-			
+
 			<?php /* If this is a yearly archive */ } elseif (is_day()) { ?>
 			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for the day <?php the_time('l, F jS, Y'); ?>.</p>
-			
+
 			<?php /* If this is a monthly archive */ } elseif (is_month()) { ?>
 			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for <?php the_time('F, Y'); ?>.</p>
@@ -27,7 +27,7 @@
       <?php /* If this is a yearly archive */ } elseif (is_year()) { ?>
 			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for the year <?php the_time('Y'); ?>.</p>
-			
+
 		 <?php /* If this is a monthly archive */ } elseif (is_search()) { ?>
 			<p>You have searched the <a href="<?php echo bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for <strong>'<?php echo wp_specialchars($s); ?>'</strong>. If you are unable to find anything in these search results, you can try one of these links.</p>
@@ -52,9 +52,9 @@
 				</ul>
 			</li>
 
-			<?php /* If this is the frontpage */ if ( is_home() || is_page() ) { ?>				
+			<?php /* If this is the frontpage */ if ( is_home() || is_page() ) { ?>
 				<?php get_links_list(); ?>
-				
+
 				<li><h2>Meta</h2>
 				<ul>
 					<?php wp_register(); ?>
@@ -66,7 +66,7 @@
 				</ul>
 				</li>
 			<?php } ?>
-			
+
 		</ul>
 	</div>
 
--- wp-content/themes/default/page.php
+++ wp-content/themes/default/page.php
@@ -5,11 +5,11 @@
     <?php if (have_posts()) : while (have_posts()) : the_post(); ?>
 		<div class="post" id="post-<?php the_ID(); ?>">
 		<h2><?php the_title(); ?></h2>
-			<div class="entrytext">
+			<div class="entry">
 				<?php the_content('<p class="serif">Read the rest of this page &raquo;</p>'); ?>
-	
+
 				<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-	
+
 			</div>
 		</div>
 	  <?php endwhile; endif; ?>
--- wp-content/themes/default/links.php
+++ wp-content/themes/default/links.php
@@ -13,6 +13,6 @@
 <?php get_links_list(); ?>
 </ul>
 
-</div>	
+</div>
 
 <?php get_footer(); ?>
--- wp-content/themes/default/archive.php
+++ wp-content/themes/default/archive.php
@@ -5,21 +5,21 @@
 		<?php if (have_posts()) : ?>
 
 		 <?php $post = $posts[0]; // Hack. Set $post so that the_date() works. ?>
-<?php /* If this is a category archive */ if (is_category()) { ?>				
+<?php /* If this is a category archive */ if (is_category()) { ?>
 		<h2 class="pagetitle">Archive for the '<?php echo single_cat_title(); ?>' Category</h2>
-		
+
  	  <?php /* If this is a daily archive */ } elseif (is_day()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('F jS, Y'); ?></h2>
-		
+
 	 <?php /* If this is a monthly archive */ } elseif (is_month()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('F, Y'); ?></h2>
 
 		<?php /* If this is a yearly archive */ } elseif (is_year()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('Y'); ?></h2>
-		
+
 	  <?php /* If this is a search */ } elseif (is_search()) { ?>
 		<h2 class="pagetitle">Search Results</h2>
-		
+
 	  <?php /* If this is an author archive */ } elseif (is_author()) { ?>
 		<h2 class="pagetitle">Author Archive</h2>
 
@@ -38,29 +38,29 @@
 		<div class="post">
 				<h3 id="post-<?php the_ID(); ?>"><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h3>
 				<small><?php the_time('l, F jS, Y') ?></small>
-				
+
 				<div class="entry">
 					<?php the_content() ?>
 				</div>
-		
+
 				<p class="postmetadata">Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments &#187;', '1 Comment &#187;', '% Comments &#187;'); ?></p> 
 
 			</div>
-	
+
 		<?php endwhile; ?>
 
 		<div class="navigation">
 			<div class="alignleft"><?php next_posts_link('&laquo; Previous Entries') ?></div>
 			<div class="alignright"><?php previous_posts_link('Next Entries &raquo;') ?></div>
 		</div>
-	
+
 	<?php else : ?>
 
 		<h2 class="center">Not Found</h2>
 		<?php include (TEMPLATEPATH . '/searchform.php'); ?>
 
 	<?php endif; ?>
-		
+
 	</div>
 
 <?php get_sidebar(); ?>
--- wp-content/themes/default/single.php
+++ wp-content/themes/default/single.php
@@ -1,22 +1,22 @@
 <?php get_header(); ?>
 
 	<div id="content" class="widecolumn">
-				
+
   <?php if (have_posts()) : while (have_posts()) : the_post(); ?>
-	
+
 		<div class="navigation">
 			<div class="alignleft"><?php previous_post_link('&laquo; %link') ?></div>
 			<div class="alignright"><?php next_post_link('%link &raquo;') ?></div>
 		</div>
-	
+
 		<div class="post" id="post-<?php the_ID(); ?>">
 			<h2><a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2>
-	
-			<div class="entrytext">
+
+			<div class="entry">
 				<?php the_content('<p class="serif">Read the rest of this entry &raquo;</p>'); ?>
-	
+
 				<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-	
+
 				<p class="postmetadata alt">
 					<small>
 						This entry was posted
@@ -27,39 +27,39 @@
 						on <?php the_time('l, F jS, Y') ?> at <?php the_time() ?>
 						and is filed under <?php the_category(', ') ?>.
 						You can follow any responses to this entry through the <?php comments_rss_link('RSS 2.0'); ?> feed. 
-						
+
 						<?php if (('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Both Comments and Pings are open ?>
 							You can <a href="#respond">leave a response</a>, or <a href="<?php trackback_url(true); ?>" rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (!('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Only Pings are Open ?>
 							Responses are currently closed, but you can <a href="<?php trackback_url(true); ?> " rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Comments are open, Pings are not ?>
 							You can skip to the end and leave a response. Pinging is currently not allowed.
-			
+
 						<?php } elseif (!('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Neither Comments, nor Pings are open ?>
-							Both comments and pings are currently closed.			
-						
+							Both comments and pings are currently closed.
+
 						<?php } edit_post_link('Edit this entry.','',''); ?>
-						
+
 					</small>
 				</p>
-	
+
 			</div>
 		</div>
-		
+
 	<?php comments_template(); ?>
-	
+
 	<?php endwhile; else: ?>
-	
+
 		<p>Sorry, no posts matched your criteria.</p>
-	
+
 <?php endif; ?>
-	
+
 	</div>
 
 <?php get_footer(); ?>
--- wp-content/themes/default/comments.php
+++ wp-content/themes/default/comments.php
@@ -5,9 +5,9 @@
         if (!empty($post->post_password)) { // if there's a password
             if ($_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) {  // and it doesn't match the cookie
 				?>
-				
+
 				<p class="nocomments">This post is password protected. Enter the password to view comments.<p>
-				
+
 				<?php
 				return;
             }
@@ -39,7 +39,7 @@
 
 		</li>
 
-	<?php /* Changes every other comment to a different class */	
+	<?php /* Changes every other comment to a different class */
 		if ('alt' == $oddcomment) $oddcomment = '';
 		else $oddcomment = 'alt';
 	?>
@@ -52,11 +52,11 @@
 
   <?php if ('open' == $post->comment_status) : ?> 
 		<!-- If comments are open, but there are no comments. -->
-		
+
 	 <?php else : // comments are closed ?>
 		<!-- If comments are closed. -->
 		<p class="nocomments">Comments are closed.</p>
-		
+
 	<?php endif; ?>
 <?php endif; ?>
 
--- wp-content/themes/default/comments-popup.php
+++ wp-content/themes/default/comments-popup.php
@@ -29,9 +29,8 @@
 
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $post = get_post($id);
 if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $post->post_password) {  // and it doesn't match the cookie
@@ -103,7 +102,7 @@
 <?php // Seen at http://www.mijnkopthee.nl/log2/archive/2003/05/28/esc(18) ?>
 <script type="text/javascript">
 <!--
-document.onkeypress = function esc(e) {	
+document.onkeypress = function esc(e) {
 	if(typeof(e) == "undefined") { e=event; }
 	if (e.keyCode == 27) { self.close(); }
 }
--- wp-content/themes/default/header.php
+++ wp-content/themes/default/header.php
@@ -13,32 +13,16 @@
 <link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />
 
 <style type="text/css" media="screen">
-/*	To accomodate differing install paths of WordPress, images are referred only here,
-	and not in the wp-layout.css file. If you prefer to use only CSS for colors and what
-	not, then go right ahead and delete the following lines, and the image files. */
-		
-	body { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgcolor.jpg"); }	
-<?php /* Checks to see whether it needs a sidebar or not */ if ((! $withcomments) && (! is_single())) { ?>
+
+<?php 
+// Checks to see whether it needs a sidebar or not
+if ( !$withcomments && !is_single() ) { 
+?>
 	#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbg.jpg") repeat-y top; border: none; }
 <?php } else { // No sidebar ?>
 	#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgwide.jpg") repeat-y top; border: none; } 
 <?php } ?>
-	#header { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickheader.jpg") no-repeat bottom center; }
-	#footer { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickfooter.jpg") no-repeat bottom; border: none;}
 
-/*	Because the template is slightly different, size-wise, with images, this needs to be set here
-	If you don't want to use the template's images, you can also delete the following two lines. */
-		
-	#header 	{ margin: 0 !important; margin: 0 0 0 1px; padding: 1px; height: 198px; width: 758px; }
-	#headerimg 	{ margin: 7px 9px 0; height: 192px; width: 740px; } 
-
-/* 	To ease the insertion of a personal header image, I have done it in such a way,
-	that you simply drop in an image called 'personalheader.jpg' into your /images/
-	directory. Dimensions should be at least 760px x 200px. Anything above that will
-	get cropped off of the image. */
-	/*
-	#headerimg { background: url('<?php bloginfo('stylesheet_directory'); ?>/images/personalheader.jpg') no-repeat top;}
-	*/
 </style>
 
 <?php wp_head(); ?>
--- wp-content/themes/default/attachment.php
+++ wp-content/themes/default/attachment.php
@@ -1,9 +1,9 @@
 <?php get_header(); ?>
 
 	<div id="content" class="widecolumn">
-				
+
   <?php if (have_posts()) : while (have_posts()) : the_post(); ?>
-	
+
 		<div class="navigation">
 			<div class="alignleft">&nbsp;</div>
 			<div class="alignright">&nbsp;</div>
@@ -12,13 +12,13 @@
 <?php $_post = &get_post($post->ID); $classname = ($_post->iconsize[0] <= 128 ? 'small' : '') . 'attachment'; // This lets us style narrow icons specially ?>
 		<div class="post" id="post-<?php the_ID(); ?>">
 			<h2><a href="<?php echo get_permalink($post->post_parent); ?>" rev="attachment"><?php echo get_the_title($post->post_parent); ?></a> &raquo; <a href="<?php echo get_permalink() ?>" rel="bookmark" title="Permanent Link: <?php the_title(); ?>"><?php the_title(); ?></a></h2>
-			<div class="entrytext">
+			<div class="entry">
 				<p class="<?php echo $classname; ?>"><?php echo $attachment_link; ?><br /><?php echo basename($post->guid); ?></p>
 
 				<?php the_content('<p class="serif">Read the rest of this entry &raquo;</p>'); ?>
-	
+
 				<?php link_pages('<p><strong>Pages:</strong> ', '</p>', 'number'); ?>
-	
+
 				<p class="postmetadata alt">
 					<small>
 						This entry was posted
@@ -29,39 +29,39 @@
 						on <?php the_time('l, F jS, Y') ?> at <?php the_time() ?>
 						and is filed under <?php the_category(', ') ?>.
 						You can follow any responses to this entry through the <?php comments_rss_link('RSS 2.0'); ?> feed. 
-						
+
 						<?php if (('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Both Comments and Pings are open ?>
 							You can <a href="#respond">leave a response</a>, or <a href="<?php trackback_url(true); ?>" rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (!('open' == $post-> comment_status) && ('open' == $post->ping_status)) {
 							// Only Pings are Open ?>
 							Responses are currently closed, but you can <a href="<?php trackback_url(true); ?> " rel="trackback">trackback</a> from your own site.
-						
+
 						<?php } elseif (('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Comments are open, Pings are not ?>
 							You can skip to the end and leave a response. Pinging is currently not allowed.
-			
+
 						<?php } elseif (!('open' == $post-> comment_status) && !('open' == $post->ping_status)) {
 							// Neither Comments, nor Pings are open ?>
-							Both comments and pings are currently closed.			
-						
+							Both comments and pings are currently closed.
+
 						<?php } edit_post_link('Edit this entry.','',''); ?>
-						
+
 					</small>
 				</p>
-	
+
 			</div>
 		</div>
-		
+
 	<?php comments_template(); ?>
-	
+
 	<?php endwhile; else: ?>
-	
+
 		<p>Sorry, no attachments matched your criteria.</p>
-	
+
 <?php endif; ?>
-	
+
 	</div>
 
 <?php get_footer(); ?>
--- wp-trackback.php
+++ wp-trackback.php
@@ -55,7 +55,7 @@
 
 if (empty($title) && empty($tb_url) && empty($blog_name)) {
 	// If it doesn't look like a trackback at all...
-	header('Location: ' . get_permalink($tb_id));
+	wp_redirect(get_permalink($tb_id));
 	exit;
 }
 
--- wp-settings.php
+++ wp-settings.php
@@ -18,7 +18,6 @@
 
 unregister_GLOBALS(); 
 
-$HTTP_USER_AGENT = getenv('HTTP_USER_AGENT');
 unset( $wp_filter, $cache_userdata, $cache_lastcommentmodified, $cache_lastpostdate, $cache_settings, $category_cache, $cache_categories );
 
 if ( ! isset($blog_id) )
@@ -198,6 +197,8 @@
 $_COOKIE = add_magic_quotes($_COOKIE);
 $_SERVER = add_magic_quotes($_SERVER);
 
+do_action('sanitize_comment_cookies');
+
 $wp_query   = new WP_Query();
 $wp_rewrite = new WP_Rewrite();
 $wp         = new WP();
--- wp-admin/edit-form-advanced.php
+++ wp-admin/edit-form-advanced.php
@@ -156,7 +156,7 @@
 </fieldset>
 
 <script type="text/javascript">
-<!--
+// <![CDATA[
 edCanvas = document.getElementById('content');
 <?php if ( user_can_richedit() ) : ?>
 // This code is meant to allow tabbing from Title to Post (TinyMCE).
@@ -191,7 +191,7 @@
 			}
 		}
 <?php endif; ?>
-//-->
+// ]]>
 </script>
 
 <?php echo $form_pingback ?>
@@ -211,10 +211,10 @@
 <input name="referredby" type="hidden" id="referredby" value="<?php 
 if ( !empty($_REQUEST['popupurl']) )
 	echo wp_specialchars($_REQUEST['popupurl']);
-else if ( url_to_postid($_SERVER['HTTP_REFERER']) == $post_ID )
+else if ( url_to_postid(wp_get_referer()) == $post_ID )
 	echo 'redo';
 else
-	echo wp_specialchars($_SERVER['HTTP_REFERER']);
+	echo wp_specialchars(wp_get_referer());
 ?>" /></p>
 
 <?php do_action('edit_form_advanced'); ?>
@@ -231,23 +231,39 @@
 
 <div id="advancedstuff" class="dbx-group" >
 
+<div class="dbx-box-wrapper">
 <fieldset id="postexcerpt" class="dbx-box">
+<div class="dbx-handle-wrapper">
 <h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
 <div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
+</div>
 </fieldset>
+</div>
 
+<div class="dbx-box-wrapper">
 <fieldset class="dbx-box">
+<div class="dbx-handle-wrapper">
 <h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
 <div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
 <?php 
 if ( ! empty($pings) )
 	echo $pings;
 ?>
 </div>
+</div>
 </fieldset>
+</div>
 
+<div class="dbx-box-wrapper">
 <fieldset id="postcustom" class="dbx-box">
+<div class="dbx-handle-wrapper">
 <h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
 <div id="postcustomstuff" class="dbx-content">
 <?php 
 if($metadata = has_meta($post_ID)) {
@@ -261,13 +277,14 @@
 ?>
 </div>
 </fieldset>
+</div>
 
 <?php do_action('dbx_post_advanced'); ?>
 
 </div>
 
 <?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
-<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}\""; ?> />
+<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
 
 </div>
--- wp-admin/inline-uploading.php
+++ wp-admin/inline-uploading.php
@@ -41,7 +41,7 @@
 
 wp_delete_attachment($attachment);
 
-header("Location: " . basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start");
+wp_redirect(basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start");
 die;
 
 case 'save':
@@ -102,7 +102,7 @@
 	add_post_meta($id, '_wp_attachment_metadata', array());
 }
 
-header("Location: " . basename(__FILE__) . "?post=$post&all=$all&action=view&start=0");
+wp_redirect(basename(__FILE__) . "?post=$post&all=$all&action=view&start=0");
 die();
 
 case 'upload':
@@ -141,7 +141,7 @@
 $attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_status = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A);
 
 if ( count($attachments) == 0 ) {
-	header("Location: " . basename(__FILE__) ."?post=$post&action=upload" );
+	wp_redirect( basename(__FILE__) ."?post=$post&action=upload" );
 	die;
 } elseif ( count($attachments) > $num ) {
 	$next = $start + count($attachments) - $num;
@@ -238,7 +238,7 @@
 			$xpadding = (128 - $image['uwidth']) / 2;
 			$ypadding = (96 - $image['uheight']) / 2;
 			$style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
-			$title = htmlentities($image['post_title'], ENT_QUOTES);
+			$title = wp_specialchars($image['post_title'], ENT_QUOTES);
 			$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
@@ -258,7 +258,7 @@
 </div>
 ";
 		} else {
-			$title = htmlentities($attachment['post_title'], ENT_QUOTES);
+			$title = wp_specialchars($attachment['post_title'], ENT_QUOTES);
 			$filename = basename($attachment['guid']);
 			$icon = get_attachment_icon($ID);
 			$toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
@@ -299,8 +299,10 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_settings('blog_charset'); ?>" />
+<title></title>
 <meta http-equiv="imagetoolbar" content="no" />
 <script type="text/javascript">
+// <![CDATA[
 /* Define any variables we'll need, such as alternate URLs. */
 <?php echo $script; ?>
 function htmldecode(st) {
@@ -438,6 +440,7 @@
 	else
 		win.edInsertContent(win.edCanvas, h);
 }
+// ]]>
 </script>
 <style type="text/css">
 <?php if ( $action == 'links' ) : ?>
@@ -678,7 +681,7 @@
 </div>
 <?php elseif ( $action == 'upload' ) : ?>
 <div class="tip"></div>
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo basename(__FILE__); ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo basename(__FILE__); ?>">
 <table style="width:99%;">
 <tr>
 <th scope="row" align="right"><label for="upload"><?php _e('File:'); ?></label></th>
@@ -709,7 +712,6 @@
 </td>
 </tr>
 </table>
-</div>
 </form>
 <?php elseif ( $action == 'links' ) : ?>
 <div id="links">
--- wp-admin/update-links.php
+++ wp-admin/update-links.php
@@ -23,7 +23,7 @@
 $http_request .= $query_string;
 
 $response = '';
-if( false !== ( $fs = fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
+if ( false !== ( $fs = @fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
 	fwrite($fs, $http_request);
 	while ( !feof($fs) )
 		$response .= fgets($fs, 1160); // One TCP-IP packet
--- wp-admin/users.php
+++ wp-admin/users.php
@@ -14,7 +14,7 @@
 	check_admin_referer('bulk-users');
 
 	if (empty($_POST['users'])) {
-		header('Location: users.php');
+		wp_redirect('users.php');
 	}
 
 	if ( !current_user_can('edit_users') )
@@ -33,7 +33,7 @@
  		$user->set_role($_POST['new_role']);
  	}
 		
-	header('Location: users.php?update=' . $update);
+	wp_redirect('users.php?update=' . $update);
 
 break;
 
@@ -42,7 +42,7 @@
 	check_admin_referer('delete-users');
 
 	if ( empty($_POST['users']) ) {
-		header('Location: users.php');
+		wp_redirect('users.php');
 	}
 
 	if ( !current_user_can('edit_users') )
@@ -66,7 +66,7 @@
 		}
 	}
 
-	header('Location: users.php?update=' . $update);
+	wp_redirect('users.php?update=' . $update);
 
 break;
 
@@ -74,9 +74,8 @@
 
 	check_admin_referer('bulk-users');
 
-	if (empty($_POST['users'])) {
-		header('Location: users.php');
-	}
+	if ( empty($_POST['users']) )
+		wp_redirect('users.php');
 
 	if ( !current_user_can('edit_users') )
 		$error['edit_users'] = __('You can&#8217;t delete users.');
@@ -137,7 +136,7 @@
 	$errors = add_user();
 	
 	if(count($errors) == 0) {
-		header('Location: users.php?update=add');
+		wp_redirect('users.php?update=add');
 		die();
 	}
 
--- wp-admin/edit-comments.php
+++ wp-admin/edit-comments.php
@@ -98,7 +98,7 @@
         <p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');  
 			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 				echo " | <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
-				echo ' | <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
+				echo ' | <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
 			} // end if any comments to show
 			// Get post title
 			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
--- wp-admin/wp-admin.css
+++ wp-admin/wp-admin.css
@@ -848,6 +848,11 @@
 	padding-right: 2px;
 }
 
+#moremeta fieldset.dbx-box-closed {
+	background: url(images/box-butt.gif) no-repeat bottom;
+	padding-bottom: 9px;
+}
+
 /* handles */
 
 .dbx-handle  {
@@ -868,6 +873,55 @@
 	background: url(images/box-bg.gif) repeat-y right;
 }
 
+#advancedstuff h3.dbx-handle {
+	margin-left: 7px;
+	margin-bottom: -7px;
+	padding: 6px 1em 0 3px;
+	background: #2685af url(images/box-head-right.gif) no-repeat top right;
+}
+
+#advancedstuff div.dbx-handle-wrapper {
+	margin: 0 0 0 -7px;
+	background: #fff url(images/box-head-left.gif) no-repeat top left;
+}
+
+#advancedstuff div.dbx-content {
+	margin-left: 8px;
+	background: url(images/box-bg-right.gif) repeat-y right;
+	padding: 10px 10px 15px 0px;
+}
+
+#postexcerpt div.dbx-content {
+	margin-right: 0;
+	padding-right: 17px;
+}
+
+#advancedstuff div.dbx-content-wrapper {
+	margin-left: -7px;
+	margin-right: 0;
+	background: url(images/box-bg-left.gif) repeat-y left;
+}
+
+#advancedstuff fieldset.dbx-box {
+	padding-bottom: 9px;
+	margin-left: 6px;
+	background: url(images/box-butt-right.gif) no-repeat bottom right;
+}
+
+#advancedstuff div.dbx-box-wrapper {
+	background: url(images/box-butt-left.gif) no-repeat bottom left;
+}
+
+#advancedstuff .dbx-box-closed div.dbx-content-wrapper {
+	padding-bottom: 2px;
+	background: url(images/box-butt-left.gif) no-repeat bottom left;
+}
+
+#advancedstuff .dbx-box {
+	background: url(images/box-butt-right.gif) no-repeat bottom right;
+}
+
+
 /* handle cursors */
 .dbx-handle-cursor {
 	cursor: move;
@@ -902,12 +956,16 @@
 #advancedstuff a.dbx-toggle, #advancedstuff a.dbx-toggle-open:visited {
 	height: 22px;
 	width: 22px;
+	top: 3px;
+	right: 5px;
 	background-position: 0 -3px;
 }
 
 #advancedstuff a.dbx-toggle-open, #advancedstuff a.dbx-toggle-open:visited {
 	height: 22px;
 	width: 22px;
+	top: 3px;
+	right: 5px;
 	background-position: 0 -28px;
 }
 
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream

Property changes on: wp-admin/images/box-butt-left.gif
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream

Property changes on: wp-admin/images/box-butt-right.gif
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream

Property changes on: wp-admin/images/box-head-left.gif
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream

Property changes on: wp-admin/images/box-head-right.gif
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream

Property changes on: wp-admin/images/box-bg-left.gif
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream

Property changes on: wp-admin/images/box-bg-right.gif
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

--- wp-admin/link-categories.php
+++ wp-admin/link-categories.php
@@ -77,7 +77,7 @@
              " '$show_rating', '$show_updated', '$sort_order', '$sort_desc', '$text_before_link', '$text_after_link', \n" .
              " '$text_after_all', $list_limit)");
 
-      header('Location: link-categories.php');
+      wp_redirect('link-categories.php');
     break;
   } // end addcat
   case 'Delete':
@@ -96,7 +96,7 @@
     $wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$cat_id'");
     $wpdb->query("UPDATE $wpdb->links SET link_category=1 WHERE link_category='$cat_id'");
 
-    header('Location: link-categories.php');
+    wp_redirect('link-categories.php');
     break;
   } // end delete
   case 'Edit':
@@ -182,15 +182,15 @@
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
 	<th width="33%" scope="row"><?php _e('Before Link:') ?></th>
-	<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link)?>" /></td>
+	<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link,'double')?>" /></td>
 </tr>
 <tr>
 <th scope="row"><?php _e('Between Link and Description:') ?></th>
-<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link)?>" /></td>
+<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link,'double')?>" /></td>
 </tr>
 <tr>
 <th scope="row"><?php _e('After Link:') ?></th>
-<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all)?>"/></td>
+<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all,'double')?>"/></td>
 </tr>
 </table>
 </fieldset>
@@ -271,7 +271,7 @@
     } // end if save
 
 
-    header("Location: link-categories.php");
+    wp_redirect("link-categories.php");
     break;
   } // end editcat
   default:
@@ -351,12 +351,12 @@
                 <td><?php echo $row->show_updated == 'Y' ? __('Yes') : __('No') ?></td>
                 <td><?php echo $row->sort_order ?></td>
                 <td><?php echo $row->sort_desc == 'Y' ? __('Yes') : __('No') ?></td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_before_link)?>&nbsp;</td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_after_link)?>&nbsp;</td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_after_all)?></td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_before_link)?>&nbsp;</td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_link)?>&nbsp;</td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_all)?></td>
                 <td><?php echo $row->list_limit ?></td>
                 <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Edit" class="edit"><?php _e('Edit') ?></a></td>
-                <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" "onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
+                <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
               </tr>
 <?php
         ++$i;
@@ -370,7 +370,7 @@
 </div>
 
 <div class="wrap">
-    <form name="addcat" method="post">
+    <form name="addcat" method="post" action="">
     <?php wp_nonce_field('add-link-category'); ?>
       <input type="hidden" name="action" value="addcat" />
 	  <h2><?php _e('Add a Link Category:') ?></h2>
--- wp-admin/plugins.php
+++ wp-admin/plugins.php
@@ -12,14 +12,14 @@
 			include(ABSPATH . 'wp-content/plugins/' . trim( $_GET['plugin'] ));
 			do_action('activate_' . trim( $_GET['plugin'] ));
 		}
-		header('Location: plugins.php?activate=true');
+		wp_redirect('plugins.php?activate=true');
 	} else if ('deactivate' == $_GET['action']) {
 		check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
 		$current = get_settings('active_plugins');
 		array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
 		update_option('active_plugins', $current);
 		do_action('deactivate_' . trim( $_GET['plugin'] ));
-		header('Location: plugins.php?deactivate=true');
+		wp_redirect('plugins.php?deactivate=true');
 	}
 	exit;
 }
--- wp-admin/post.php
+++ wp-admin/post.php
@@ -57,7 +57,7 @@
 	if ( isset($_POST['save']) )
 		$location = "post.php?action=edit&post=$post_ID";
 
-	header("Location: $location");
+	wp_redirect($location);
 	exit();
 	break;
 
@@ -110,13 +110,18 @@
 	
 	$post_ID = edit_post();
 
+	$referredby = '';
+	if ( !empty($_POST['referredby']) )
+		$referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
+	$referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
+	
 	if ($_POST['save']) {
-		$location = $_SERVER['HTTP_REFERER'];
+		$location = wp_get_referer();
 	} elseif ($_POST['updatemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=2#postcustom';
+		$location = wp_get_referer() . '&message=2#postcustom';
 	} elseif ($_POST['deletemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=3#postcustom';
-	} elseif (isset($_POST['referredby']) && $_POST['referredby'] != $_SERVER['HTTP_REFERER']) {
+		$location = wp_get_referer() . '&message=3#postcustom';
+	} elseif (!empty($referredby) && $referredby != $referer) {
 		$location = $_POST['referredby'];
 		if ( $_POST['referredby'] == 'redo' )
 			$location = get_permalink( $post_ID );
@@ -125,8 +130,9 @@
 	} else {
 		$location = 'post.php';
 	}
-	header ('Location: ' . $location); // Send user on their way while we keep working
 
+	wp_redirect($location); // Send user on their way while we keep working
+
 	exit();
 	break;
 
@@ -147,11 +153,11 @@
 			die( __('Error in deleting...') );
 	}
 
-	$sendback = $_SERVER['HTTP_REFERER'];
+	$sendback = wp_get_referer();
 	if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
 	elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
 	$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
-	header ('Location: ' . $sendback);
+	wp_redirect($sendback);
 	break;
 
 case 'editcomment':
@@ -234,10 +240,10 @@
 	wp_set_comment_status($comment->comment_ID, "delete");
 	do_action('delete_comment', $comment->comment_ID);
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
 
 	break;
@@ -261,10 +267,10 @@
 
 	wp_set_comment_status($comment->comment_ID, "hold");
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
 
 	break;
@@ -285,7 +291,7 @@
 			wp_notify_postauthor($comment->comment_ID);
 	}
 
-	header('Location: ' . get_option('siteurl') . '/wp-admin/moderation.php?approved=1');
+	wp_redirect(get_option('siteurl') . '/wp-admin/moderation.php?approved=1');
 
 	break;
 
@@ -312,25 +318,28 @@
 	}
 
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
 
 	break;
 
 case 'editedcomment':
 
-	check_admin_referer('update-comment');
+	$comment_ID = (int) $_POST['comment_ID'];
+	$comment_post_ID = (int)  $_POST['comment_post_ID'];
 
+	check_admin_referer('update-comment_' . $comment_ID);
+
 	edit_comment();
 
 	$referredby = $_POST['referredby'];
 	if (!empty($referredby)) {
-		header('Location: ' . $referredby);
+		wp_redirect($referredby);
 	} else {
-		header ("Location: edit.php?p=$comment_post_ID&c=1#comments");
+		wp_redirect("edit.php?p=$comment_post_ID&c=1#comments");
 	}
 
 	break;
--- wp-admin/theme-editor.php
+++ wp-admin/theme-editor.php
@@ -58,9 +58,9 @@
 		$f = fopen($real_file, 'w+');
 		fwrite($f, $newcontent);
 		fclose($f);
-		header("Location: theme-editor.php?file=$file&theme=$theme&a=te");
+		wp_redirect("theme-editor.php?file=$file&theme=$theme&a=te");
 	} else {
-		header("Location: theme-editor.php?file=$file&theme=$theme");
+		wp_redirect("theme-editor.php?file=$file&theme=$theme");
 	}
 
 	exit();
--- wp-admin/upgrade.php
+++ wp-admin/upgrade.php
@@ -67,7 +67,7 @@
 switch($step) {
 
 	case 0:
-	$goback = wp_specialchars($_SERVER['HTTP_REFERER'], 1);
+	$goback = wp_specialchars(wp_get_referer());
 ?> 
 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
 	<h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
--- wp-admin/admin.php
+++ wp-admin/admin.php
@@ -42,12 +42,15 @@
 
 $xfn_js = $sack_js = $list_js = $cat_js = $dbx_js = $editing = false;
 
+if (isset($_GET['page'])) {
+	$plugin_page = stripslashes($_GET['page']);
+	$plugin_page = plugin_basename($plugin_page);
+}
+
 require(ABSPATH . '/wp-admin/menu.php');
 
 // Handle plugin admin pages.
-if (isset($_GET['page'])) {
-	$plugin_page = stripslashes($_GET['page']);
-	$plugin_page = plugin_basename($plugin_page);
+if (isset($plugin_page)) {
 	$page_hook = get_plugin_page_hook($plugin_page, $pagenow);
 
 	if ( $page_hook ) {
@@ -76,6 +79,9 @@
 	
 	$importer = $_GET['import'];
 
+	if ( ! current_user_can('import') )
+		wp_die(__('You are not allowed to import.'));
+
 	if ( validate_file($importer) ) {
 		die(__('Invalid importer.'));
 	}
--- wp-admin/options.php
+++ wp-admin/options.php
@@ -77,8 +77,8 @@
 			//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
     }
     
-	$referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
-	$goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
+	$referred = remove_query_arg('updated' , wp_get_referer());
+	$goback = add_query_arg('updated', 'true', wp_get_referer());
 	$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
 	wp_redirect($goback);
     break;
--- wp-admin/admin-functions.php
+++ wp-admin/admin-functions.php
@@ -361,7 +361,7 @@
 	if (isset ($_POST['pass2']))
 		$pass2 = $_POST['pass2'];
 
-	if (isset ($_POST['role'])) {
+	if (isset ($_POST['role']) && current_user_can('edit_users')) {
 		if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
 			$user->role = $_POST['role'];
 	}
@@ -599,7 +599,7 @@
 					$default_cat_id = get_option('default_category');
 
 					if ($category->cat_ID != $default_cat_id)
-						$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category &quot;%s&quot;.  All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>";
+						$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category &quot;%s&quot;.  All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape($category->cat_name))."' );\" class='delete'>".__('Delete')."</a>";
 					else
 						$edit .= "<td style='text-align:center'>".__("Default");
 				}
@@ -643,7 +643,7 @@
     <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 
 	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
     <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $id) .  "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $id) .  "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
   </tr> 
 
 <?php
@@ -1214,6 +1214,7 @@
 	global $pagenow;
 	global $menu;
 	global $submenu;
+	global $plugin_page;
 
 	$parent = get_admin_page_parent();
 
@@ -1229,13 +1230,21 @@
 	}
 
 	if (isset ($submenu[$parent])) {
-		foreach ($submenu[$parent] as $submenu_array) {
+		if ( isset($plugin_page) ) {
+			foreach ($submenu[$parent] as $submenu_array) {
+				if ( $submenu_array[2] == $plugin_page ) {
+					if (!current_user_can($submenu_array[1]))
+						return false;
+				}
+			}
+		}
+
+		foreach ($submenu[$parent] as $submenu_array) {		
 			if ($submenu_array[2] == $pagenow) {
-				if (!current_user_can($submenu_array[1])) {
+				if (!current_user_can($submenu_array[1]))
 					return false;
-				} else {
+				else
 					return true;
-				}
 			}
 		}
 	}
@@ -1482,23 +1491,23 @@
 	preg_match("|Author:(.*)|i", $plugin_data, $author_name);
 	preg_match("|Author URI:(.*)|i", $plugin_data, $author_uri);
 	if (preg_match("|Version:(.*)|i", $plugin_data, $version))
-		$version = $version[1];
+		$version = trim($version[1]);
 	else
 		$version = '';
 
-	$description = wptexturize($description[1]);
+	$description = wptexturize(trim($description[1]));
 
 	$name = $plugin_name[1];
 	$name = trim($name);
 	$plugin = $name;
 	if ('' != $plugin_uri[1] && '' != $name) {
-		$plugin = '<a href="'.$plugin_uri[1].'" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
+		$plugin = '<a href="' . trim($plugin_uri[1]) . '" title="'.__('Visit plugin homepage').'">'.$plugin.'</a>';
 	}
 
 	if ('' == $author_uri[1]) {
-		$author = $author_name[1];
+		$author = trim($author_name[1]);
 	} else {
-		$author = '<a href="'.$author_uri[1].'" title="'.__('Visit author homepage').'">'.$author_name[1].'</a>';
+		$author = '<a href="' . trim($author_uri[1]) . '" title="'.__('Visit author homepage').'">' . trim($author_name[1]) . '</a>';
 	}
 
 	return array ('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1]);
@@ -1664,45 +1673,6 @@
 		__("Missing a temporary folder."),
 		__("Failed to write file to disk."));
 
-	// Accepted MIME types are set here as PCRE. Override with $override['mimes'].
-	$mimes = apply_filters('upload_mimes', array (
-		'jpg|jpeg|jpe' => 'image/jpeg',
-		'gif' => 'image/gif',
-		'png' => 'image/png',
-		'bmp' => 'image/bmp',
-		'tif|tiff' => 'image/tiff',
-		'ico' => 'image/x-icon',
-		'asf|asx|wax|wmv|wmx' => 'video/asf',
-		'avi' => 'video/avi',
-		'mov|qt' => 'video/quicktime',
-		'mpeg|mpg|mpe' => 'video/mpeg',
-		'txt|c|cc|h' => 'text/plain',
-		'rtx' => 'text/richtext',
-		'css' => 'text/css',
-		'htm|html' => 'text/html',
-		'mp3|mp4' => 'audio/mpeg',
-		'ra|ram' => 'audio/x-realaudio',
-		'wav' => 'audio/wav',
-		'ogg' => 'audio/ogg',
-		'mid|midi' => 'audio/midi',
-		'wma' => 'audio/wma',
-		'rtf' => 'application/rtf',
-		'js' => 'application/javascript',
-		'pdf' => 'application/pdf',
-		'doc' => 'application/msword',
-		'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
-		'wri' => 'application/vnd.ms-write',
-		'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
-		'mdb' => 'application/vnd.ms-access',
-		'mpp' => 'application/vnd.ms-project',
-		'swf' => 'application/x-shockwave-flash',
-		'class' => 'application/java',
-		'tar' => 'application/x-tar',
-		'zip' => 'application/zip',
-		'gz|gzip' => 'application/x-gzip',
-		'exe' => 'application/x-msdownload'
-	));
-
 	// All tests are on by default. Most can be turned off by $override[{test_name}] = false;
 	$test_form = true;
 	$test_size = true;
@@ -1730,18 +1700,12 @@
 	if (! @ is_uploaded_file($file['tmp_name']) )
 		return $upload_error_handler($file, __('Specified file failed upload test.'));
 
-	// A correct MIME type will pass this test.
+	// A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter.
 	if ( $test_type ) {
-		$type = false;
-		$ext = false;
-		foreach ($mimes as $ext_preg => $mime_match) {
-			$ext_preg = '![^.]\.(' . $ext_preg . ')$!i';
-			if ( preg_match($ext_preg, $file['name'], $ext_matches) ) {
-				$type = $mime_match;
-				$ext = $ext_matches[1];
-			}
-		}
+		$wp_filetype = wp_check_filetype($file['name'], $mimes);
 
+		extract($wp_filetype);
+
 		if ( !$type || !$ext )
 			return $upload_error_handler($file, __('File type does not meet security guidelines. Try another.'));
 	}
@@ -1767,7 +1731,8 @@
 			else
 				$filename = str_replace("$number$ext", ++$number . $ext, $filename);
 		}
-		$filename = preg_replace('#\.(?![^.]+$)#', '-', $filename);
+		$filename = str_replace($ext, '', $filename);
+		$filename = sanitize_title_with_dashes($filename) . $ext;
 	}
 
 	// Move the file to the uploads dir
@@ -1809,7 +1774,7 @@
 o.submit();
 }
 </script>
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo $action ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo $action ?>">
 <label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
 <input type="hidden" name="action" value="save" />
 <div id="buttons">
--- wp-admin/templates.php
+++ wp-admin/templates.php
@@ -47,12 +47,12 @@
 		if ( $f ) {
 			fwrite($f, $newcontent);
 			fclose($f);
-			header("Location: templates.php?file=$file&a=te");
+			wp_redirect("templates.php?file=$file&a=te");
 		} else {
-			header("Location: templates.php?file=$file&a=err");
+			wp_redirect("templates.php?file=$file&a=err");
 		}
 	} else {
-		header("Location: templates.php?file=$file&a=err");
+		wp_redirect("templates.php?file=$file&a=err");
 	}
 
 	exit();
--- wp-admin/edit-page-form.php
+++ wp-admin/edit-page-form.php
@@ -14,7 +14,7 @@
 	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
-$sendto = $_SERVER['HTTP_REFERER'];
+$sendto = wp_get_referer();
 
 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
  	$sendto = 'redo';
@@ -32,17 +32,17 @@
 }
 ?>
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
-<input type="hidden" name="action" value='<?php echo $form_action ?>' />
+<input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' />
 <?php echo $form_extra ?>
 <input type="hidden" name="post_status" value="static" />
 
 <script type="text/javascript">
-<!--
+// <![CDATA[
 function focusit() { // focus on first input field
 	document.post.title.focus();
 }
 addLoadEvent(focusit);
-//-->
+// ]]>
 </script>
 <div id="poststuff">
 
@@ -74,7 +74,7 @@
 </fieldset>
 
 <?php if ( 0 != count( get_page_templates() ) ) { ?>
-<fieldset id="pageparent" class="dbx-box">
+<fieldset id="pagetemplate" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Page Template:') ?></h3> 
 <div class="dbx-content"><p><select name="page_template">
 		<option value='default'><?php _e('Default Template'); ?></option>
@@ -213,14 +213,16 @@
 	meta_form();
 ?>
 </div>
+<div id="ajax-response"></div>
 </fieldset>
 
 <?php do_action('dbx_page_advanced'); ?>
 
 </div>
 
-<?php if ('edit' == $action) : ?>
-		<input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $wpdb->escape($post->post_title) ) . "')\""; ?> />
+<?php if ('edit' == $action) :
+	$delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?>
+	<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
 </form>
 
--- wp-admin/moderation.php
+++ wp-admin/moderation.php
@@ -70,7 +70,7 @@
 	}
 
 	$file = basename(__FILE__);
-	header("Location: $file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam");
+	wp_redirect("$file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam");
 	exit();
 
 break;
@@ -152,10 +152,10 @@
 <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a> | 
 <?php 
 echo " <a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
 	</p>
 
 	</li>
--- wp-admin/user-edit.php
+++ wp-admin/user-edit.php
@@ -42,7 +42,7 @@
 	$errors = edit_user($user_id);
 
 if(count($errors) == 0) {
-	header("Location: user-edit.php?user_id=$user_id&updated=true");
+	wp_redirect("user-edit.php?user_id=$user_id&updated=true");
 	exit;
 }
 
@@ -73,7 +73,7 @@
 <h2><?php _e('Edit User'); ?></h2>
 
 <form name="profile" id="your-profile" action="user-edit.php" method="post">
-<?php wp_nonce_field('update-user_' . $user_ID) ?>
+<?php wp_nonce_field('update-user_' . $user_id) ?>
 <p>
 <input type="hidden" name="from" value="profile" />
 <input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
--- wp-admin/setup-config.php
+++ wp-admin/setup-config.php
@@ -1,17 +1,18 @@
 <?php
 define('WP_INSTALLING', true);
 
-if (file_exists('../wp-config.php')) 
-	die("The file 'wp-config.php' already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try <a href='install.php'>installing now</a>.");
-
 if (!file_exists('../wp-config-sample.php'))
     die('Sorry, I need a wp-config-sample.php file to work from. Please re-upload this file from your WordPress installation.');
+
 $configFile = file('../wp-config-sample.php');
 
 if (!is_writable('../')) die("Sorry, I can't write to the directory. You'll have to either change the permissions on your WordPress directory or create your wp-config.php manually.");
 
-$step = 0;
-if(isset($_GET['step'])) $step = $_GET['step'];
+
+if (isset($_GET['step']))
+	$step = $_GET['step'];
+else
+	$step = 0;
 header( 'Content-Type: text/html; charset=utf-8' );
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -20,45 +21,74 @@
 <title>WordPress &rsaquo; Setup Configuration File</title>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <style media="screen" type="text/css">
-    <!--
+	<!--
+	html {
+		background: #eee;
+	}
 	body {
+		background: #fff;
+		color: #000;
 		font-family: Georgia, "Times New Roman", Times, serif;
-		margin-left: 15%;
-		margin-right: 15%;
+		margin-left: 20%;
+		margin-right: 20%;
+		padding: .2em 2em;
 	}
+
+	h1 {
+		color: #006;
+		font-size: 18px;
+		font-weight: lighter;
+	}
+
+	h2 {
+		font-size: 16px;
+	}
+
+	p, li, dt {
+		line-height: 140%;
+		padding-bottom: 2px;
+	}
+
+	ul, ol {
+		padding: 5px 5px 5px 20px;
+	}
 	#logo {
-		margin: 0;
-		padding: 0;
-		background-image: url(http://wordpress.org/images/logo.png);
-		background-repeat: no-repeat;
-		height: 60px;
-		border-bottom: 4px solid #333;
+		margin-bottom: 2em;
 	}
-	#logo a {
-		display: block;
-		height: 60px;
+	.step a, .step input {
+		font-size: 2em;
 	}
-	#logo a span {
-		display: none;
+	td input {
+		font-size: 1.5em;
 	}
-	p, li {
-		line-height: 140%;
+	.step, th {
+		text-align: right;
 	}
-    -->
+	#footer {
+		text-align: center;
+		border-top: 1px solid #ccc;
+		padding-top: 1em;
+		font-style: italic;
+	}
+	-->
 	</style>
 </head>
-<body> 
-<h1 id="logo"><a href="http://wordpress.org/"><span>WordPress</span></a></h1> 
+<body>
+<h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
 <?php
+// Check if wp-config.php has been created
+if (file_exists('../wp-config.php'))
+	die("<p>The file 'wp-config.php' already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try <a href='install.php'>installing now</a>.</p></body></html>");
 
 switch($step) {
 	case 0:
 ?> 
+
 <p>Welcome to WordPress. Before getting started, we need some information on the database. You will need to know the following items before proceeding.</p> 
 <ol> 
   <li>Database name</li> 
   <li>Database username</li> 
-  <li>Database password</li> 
+  <li>Database password</li>
   <li>Database host</li> 
   <li>Table prefix (if you want to run more than one WordPress in a single database) </li>
 </ol> 
@@ -70,40 +100,42 @@
 	case 1:
 	?> 
 </p> 
-<form method="post" action="setup-config.php?step=2"> 
+<form method="post" action="setup-config.php?step=2">
   <p>Below you should enter your database connection details. If you're not sure about these, contact your host. </p>
   <table> 
     <tr> 
       <th scope="row">Database Name</th> 
-      <td><input name="dbname" type="text" size="45" value="wordpress" /></td> 
+      <td><input name="dbname" type="text" size="25" value="wordpress" /></td>
       <td>The name of the database you want to run WP in. </td> 
     </tr> 
     <tr> 
       <th scope="row">User Name</th> 
-      <td><input name="uname" type="text" size="45" value="username" /></td> 
+      <td><input name="uname" type="text" size="25" value="username" /></td>
       <td>Your MySQL username</td> 
     </tr> 
     <tr> 
       <th scope="row">Password</th> 
-      <td><input name="pwd" type="text" size="45" value="password" /></td> 
+      <td><input name="pwd" type="text" size="25" value="password" /></td>
       <td>...and MySQL password.</td> 
     </tr> 
     <tr> 
       <th scope="row">Database Host</th> 
-      <td><input name="dbhost" type="text" size="45" value="localhost" /></td> 
+      <td><input name="dbhost" type="text" size="25" value="localhost" /></td>
       <td>99% chance you won't need to change this value.</td> 
     </tr>
     <tr>
       <th scope="row">Table Prefix</th>
-      <td><input name="prefix" type="text" id="prefix" value="wp_" size="45" /></td>
+      <td><input name="prefix" type="text" id="prefix" value="wp_" size="25" /></td>
       <td>If you want to run multiple WordPress installations in a single database, change this.</td>
     </tr> 
-  </table> 
-  <input name="submit" type="submit" value="Submit" /> 
+  </table>
+  <h2 class="step">
+  <input name="submit" type="submit" value="Submit" />
+  </h2>
 </form> 
 <?php
 	break;
-	
+
 	case 2:
 	$dbname  = trim($_POST['dbname']);
     $uname   = trim($_POST['uname']);
@@ -149,8 +181,8 @@
 <p>All right sparky! You've made it through this part of the installation. WordPress can now communicate with your database. If you are ready, time now to <a href="install.php">run the install!</a></p> 
 <?php
 	break;
-
 }
-?> 
+?>
+<p id="footer"><a href="http://wordpress.org/">WordPress</a>, personal publishing platform.</p>
 </body>
 </html>
--- wp-admin/link-manager.php
+++ wp-admin/link-manager.php
@@ -49,7 +49,7 @@
     //userlevel of the owner of the link then we can proceed.
 
     if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
         exit;
     }
     $all_links = join(',', $linkcheck);
@@ -62,7 +62,7 @@
     $all_links = join(',', $ids_to_change);
     $q = $wpdb->query("update $wpdb->links SET link_owner='$newowner' WHERE link_id IN ($all_links)");
 
-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
     break;
   }
   case 'visibility':
@@ -75,7 +75,7 @@
 
     //for each link id (in $linkcheck[]): toggle the visibility
     if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
         exit;
     }
     $all_links = join(',', $linkcheck);
@@ -99,7 +99,7 @@
         $q = $wpdb->query("update $wpdb->links SET link_visible='Y' WHERE link_id IN ($all_linkson)");
     }
 
-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
     break;
   }
   case 'move':
@@ -112,14 +112,14 @@
 
     //for each link id (in $linkcheck[]) change category to selected value
     if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
         exit;
     }
     $all_links = join(',', $linkcheck);
     // should now have an array of links we can change
     $q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)");
 
-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
     break;
   }
 
@@ -129,14 +129,14 @@
 
 	add_link();
 	
-    header('Location: ' . $_SERVER['HTTP_REFERER'] . '?added=true');
+    wp_redirect(wp_get_referer() . '?added=true');
     break;
   } // end Add
 
   case 'editlink':
   {
 	$link_id = (int) $_POST['link_id'];
-	check_admin_referer('update-bookmark' . $link_id);
+	check_admin_referer('update-bookmark_' . $link_id);
  	
 	if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
 		$cat_id = $links_show_cat_id;
@@ -154,10 +154,10 @@
     break;
   } // end Save
 
-  case 'Delete':
+  case 'delete':
   {
 	$link_id = (int) $_GET['link_id'];
-	check_admin_referer('delete-bookmark' . $link_id);
+	check_admin_referer('delete-bookmark_' . $link_id);
 
     if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
@@ -382,7 +382,7 @@
 
             if ($show_buttons) {
         echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=linkedit" class="edit">' . __('Edit') . '</a></td>';
- 		echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; bookmark to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
+ 		echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; bookmark to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($link->link_name), js_escape($link->link_url)).'\' );">'.__('Delete').'</a></td>';
         echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>';
             } else {
               echo "<td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td>\n";
--- wp-admin/index.php
+++ wp-admin/index.php
@@ -43,7 +43,6 @@
 <?php if ( $numcomments ) : ?>
 <p><strong><a href="moderation.php"><?php echo sprintf(__('Comments in moderation (%s)'), number_format($numcomments) ); ?> &raquo;</a></strong></p>
 <?php endif; ?>
-</div>
 
 <ul>
 <?php 
@@ -56,9 +55,10 @@
 }
 ?>
 </ul>
-
+</div>
 <?php endif; ?>
 
+
 <?php
 if ( $recentposts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'publish' AND post_date_gmt < '$today' ORDER BY post_date DESC LIMIT 5") ) :
 ?>
--- wp-admin/sidebar.php
+++ wp-admin/sidebar.php
@@ -48,7 +48,7 @@
 </head>
 <body id="sidebar">
 <h1 id="wphead"><a href="http://wordpress.org/" rel="external">WordPress</a></h1>
-<form name="post" action="post.php" method="POST">
+<form name="post" action="post.php" method="post">
 <div><input type="hidden" name="action" value="post" />
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" name="mode" value="sidebar" />
--- wp-admin/import.php
+++ wp-admin/import.php
@@ -36,7 +36,7 @@
 	$style = '';
 	foreach ($importers as $id => $data) {
 		$style = ('class="alternate"' == $style || 'class="alternate active"' == $style) ? '' : 'alternate';
-		$action = "<a href='admin.php?import=$id' title='{$data[1]}'>{$data[0]}</a>";
+		$action = "<a href='admin.php?import=$id' title='".wptexturize(strip_tags($data[1]))."'>{$data[0]}</a>";
 
 		if ($style != '')
 			$style = 'class="'.$style.'"';
--- wp-admin/admin-db.php
+++ wp-admin/admin-db.php
@@ -156,7 +156,7 @@
 	$cat_ID = (int) $cat_ID;
 
 	// Don't delete the default cat.
-	if (1 == $cat_ID)
+	if ($cat_ID == get_option('default_category'))
 		return 0;
 
 	$category = get_category($cat_ID);
@@ -170,7 +170,8 @@
 	$wpdb->query("UPDATE $wpdb->categories SET category_parent = '$parent' WHERE category_parent = '$cat_ID'");
 
 	// TODO: Only set categories to general if they're not in another category already
-	$wpdb->query("UPDATE $wpdb->post2cat SET category_id='1' WHERE category_id='$cat_ID'");
+	$default_cat = get_option('default_category');
+	$wpdb->query("UPDATE $wpdb->post2cat SET category_id='$default_cat' WHERE category_id='$cat_ID'");
 
 	wp_cache_delete($cat_ID, 'category');
 	wp_cache_delete('all_category_ids', 'category');
--- wp-admin/edit-link-form.php
+++ wp-admin/edit-link-form.php
@@ -87,7 +87,7 @@
                 <input class="valinp" type="radio" name="friendship" value="contact" id="contact" <?php xfn_check('friendship', 'contact', 'radio'); ?> /> <?php _e('contact') ?></label>
                 <label for="acquaintance">
                 <input class="valinp" type="radio" name="friendship" value="acquaintance" id="acquaintance" <?php xfn_check('friendship', 'acquaintance', 'radio'); ?> />  <?php _e('acquaintance') ?></label>
-                <label id="friend">
+                <label for="friend">
                 <input class="valinp" type="radio" name="friendship" value="friend" id="friend" <?php xfn_check('friendship', 'friend', 'radio'); ?> /> <?php _e('friend') ?></label>
                 <label for="friendship">
                 <input name="friendship" type="radio" class="valinp" value="" id="friendship" <?php xfn_check('friendship', '', 'radio'); ?> /> <?php _e('none') ?></label>
--- wp-admin/edit-pages.php
+++ wp-admin/edit-pages.php
@@ -52,7 +52,7 @@
     <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 
 	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
     <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
-    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title('','',0))) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
   </tr>
 <?php
 endforeach;
--- wp-admin/plugin-editor.php
+++ wp-admin/plugin-editor.php
@@ -44,9 +44,9 @@
 		$f = fopen($real_file, 'w+');
 		fwrite($f, $newcontent);
 		fclose($f);
-		header("Location: plugin-editor.php?file=$file&a=te");
+		wp_redirect("plugin-editor.php?file=$file&a=te");
 	} else {
-		header("Location: plugin-editor.php?file=$file");
+		wp_redirect("plugin-editor.php?file=$file");
 	}
 
 	exit();
--- wp-admin/import/dotclear.php
+++ wp-admin/import/dotclear.php
@@ -640,12 +640,12 @@
 	function db_form()
 	{
 		echo '<ul>';
-		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" /></li>', __('Dotclear Database User:'));
-		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" /></li>', __('Dotclear Database Password:'));
-		printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" /></li>', __('Dotclear Database Name:'));
-		printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" value="localhost" /></li>', __('Dotclear Database Host:'));
+		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Dotclear Database User:'));
+		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', __('Dotclear Database Password:'));
+		printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" id="dbname" /></li>', __('Dotclear Database Name:'));
+		printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" id="dbhost" value="localhost" /></li>', __('Dotclear Database Host:'));
 		/* printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" /></li>', __('Dotclear Table prefix (if any):')); */
-		printf('<li><label for="dccharset">%s</label> <input type="text" name="dccharset" value="ISO-8859-15"/></li>', __('Originating character set:'));
+		printf('<li><label for="dccharset">%s</label> <input type="text" id="dccharset" name="dccharset" value="ISO-8859-15"/></li>', __('Originating character set:'));
 		echo '</ul>';
 	}
 	
--- wp-admin/import/blogger.php
+++ wp-admin/import/blogger.php
@@ -25,7 +25,7 @@
 	// Deletes saved data and redirect.
 	function restart() {
 		delete_option('import-blogger');
-		header("Location: admin.php?import=blogger");
+		wp_redirect("admin.php?import=blogger");
 		die();
 	}
 
@@ -213,7 +213,7 @@
 	
 	// Redirects to next step
 	function do_next_step() {
-		header("Location: admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
+		wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
 		die();
 	}
 
@@ -273,7 +273,7 @@
 				);
 			}
 			update_option('import-blogger', $this->import);
-			header("Location: admin.php?import=blogger&noheader=true&step=1");
+			wp_redirect("admin.php?import=blogger&noheader=true&step=1");
 		}
 		die();
 	}
--- wp-admin/import/textpattern.php
+++ wp-admin/import/textpattern.php
@@ -569,11 +569,11 @@
 	function db_form()
 	{
 		echo '<ul>';
-		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" /></li>', __('Textpattern Database User:'));
-		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" /></li>', __('Textpattern Database Password:'));
-		printf('<li><label for="dbname">%s</label> <input type="text" name="dbname" /></li>', __('Textpattern Database Name:'));
-		printf('<li><label for="dbhost">%s</label> <input type="text" name="dbhost" value="localhost" /></li>', __('Textpattern Database Host:'));
-		printf('<li><label for="dbprefix">%s</label> <input type="text" name="dbprefix" /></li>', __('Textpattern Table prefix (if any):'));
+		printf('<li><label for="dbuser">%s</label> <input type="text" name="dbuser" id="dbuser" /></li>', __('Textpattern Database User:'));
+		printf('<li><label for="dbpass">%s</label> <input type="password" name="dbpass" id="dbpass" /></li>', _