11 files changed, 311 insertions, 279 deletions

diff --git a/wp-content/themes/classic/comments-popup.php b/wp-content/themes/classic/comments-popup.php
index 7a209a2..49ffe3c 100644
--- a/wp-content/themes/classic/comments-popup.php
+++ b/wp-content/themes/classic/comments-popup.php
@@ -29,9 +29,8 @@ foreach ($posts as $post) { start_wp();
 
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $commentstatus = get_post($id);
 if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) {  // and it doesn't match the cookie
diff --git a/wp-content/themes/default/comments-popup.php b/wp-content/themes/default/comments-popup.php
index f22b861..3cd58a6 100644
--- a/wp-content/themes/default/comments-popup.php
+++ b/wp-content/themes/default/comments-popup.php
@@ -29,9 +29,8 @@ foreach ($posts as $post) { start_wp();
 
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $post = get_post($id);
 if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $post->post_password) {  // and it doesn't match the cookie
diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php
index 6355a96..c5d5b8f 100644
--- a/wp-includes/comment-template.php
+++ b/wp-includes/comment-template.php
@@ -273,26 +273,12 @@ function pings_open() {
 function comments_template( $file = '/comments.php' ) {
 	global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;
 
-	if ( is_single() || is_page() || $withcomments ) :
-		$req = get_settings('require_name_email');
-		$comment_author = '';
-		if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
-			$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
-			$comment_author = stripslashes($comment_author);
-			$comment_author = wp_specialchars($comment_author, true);
-		}
-		$comment_author_email = '';
-		if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
-			$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
-			$comment_author_email = stripslashes($comment_author_email);
-			$comment_author_email = wp_specialchars($comment_author_email, true);		
-		}
-		$comment_author_url = '';
-		if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
-			$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
-			$comment_author_url = stripslashes($comment_author_url);
-			$comment_author_url = wp_specialchars($comment_author_url, true);		
-		}
+	if ( ! (is_single() || is_page() || $withcomments) )
+		return;
+
+	$req = get_settings('require_name_email');
+	$commenter = wp_get_current_commenter();
+	extract($commenter);
 
 	// TODO: Use API instead of SELECTs.
 	if ( empty($comment_author) ) {
@@ -309,8 +295,6 @@ function comments_template( $file = '/comments.php' ) {
 		require( $include );
 	else
 		require( ABSPATH . 'wp-content/themes/default/comments.php');
-
-	endif;
 }
 
 function comments_popup_script($width=400, $height=400, $file='') {
diff --git a/wp-includes/comment.php b/wp-includes/comment.php
index 9751c36..9211114 100644
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -146,6 +146,29 @@ function get_lastcommentmodified($timezone = 'server') {
 	return $lastcommentmodified;
 }
 
+function sanitize_comment_cookies() {
+	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
+		$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
+		$comment_author = stripslashes($comment_author);
+		$comment_author = wp_specialchars($comment_author, true);
+		$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
+	}
+
+	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
+		$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
+		$comment_author_email = stripslashes($comment_author_email);
+		$comment_author_email = wp_specialchars($comment_author_email, true);	
+		$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
+	}
+
+	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
+		$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
+		$comment_author_url = stripslashes($comment_author_url);
+		$comment_author_url = wp_specialchars($comment_author_url, true);
+		$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
+	}
+}
+
 function wp_allow_comment($commentdata) {
 	global $wpdb;
 	extract($commentdata);
@@ -275,6 +298,24 @@ function wp_get_comment_status($comment_id) {
 	}
 }
 
+function wp_get_current_commenter() {
+	// Cookies should already be sanitized.
+
+	$comment_author = '';
+	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) )
+		$comment_author = $_COOKIE['comment_author_'.COOKIEHASH];
+
+	$comment_author_email = '';
+	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) )
+		$comment_author_email = $_COOKIE['comment_author_email_'.COOKIEHASH];
+
+	$comment_author_url = '';
+	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) )
+		$comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH];
+
+	return compact('comment_author', 'comment_author_email', 'comment_author_url');
+}
+
 function wp_insert_comment($commentdata) {
 	global $wpdb;
 	extract($commentdata);
@@ -436,85 +477,9 @@ function wp_update_comment_count($post_id) {
 	return true;
 }
 
-function pingback($content, $post_ID) {
-	global $wp_version, $wpdb;
-	include_once (ABSPATH . WPINC . '/class-IXR.php');
-
-	// original code by Mort (http://mort.mine.nu:8080)
-	$log = debug_fopen(ABSPATH . '/pingback.log', 'a');
-	$post_links = array();
-	debug_fwrite($log, 'BEGIN '.date('YmdHis', time())."\n");
-
-	$pung = get_pung($post_ID);
-
-	// Variables
-	$ltrs = '\w';
-	$gunk = '/#~:.?+=&%@!\-';
-	$punc = '.:?\-';
-	$any = $ltrs . $gunk . $punc;
-
-	// Step 1
-	// Parsing the post, external links (if any) are stored in the $post_links array
-	// This regexp comes straight from phpfreaks.com
-	// http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php
-	preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp);
-
-	// Debug
-	debug_fwrite($log, 'Post contents:');
-	debug_fwrite($log, $content."\n");
-
-	// Step 2.
-	// Walking thru the links array
-	// first we get rid of links pointing to sites, not to specific files
-	// Example:
-	// http://dummy-weblog.org
-	// http://dummy-weblog.org/
-	// http://dummy-weblog.org/post.php
-	// We don't wanna ping first and second types, even if they have a valid <link/>
-
-	foreach($post_links_temp[0] as $link_test) :
-		if ( !in_array($link_test, $pung) && (url_to_postid($link_test) != $post_ID) // If we haven't pung it already and it isn't a link to itself
-				&& !is_local_attachment($link_test) ) : // Also, let's never ping local attachments.
-			$test = parse_url($link_test);
-			if (isset($test['query']))
-				$post_links[] = $link_test;
-			elseif(($test['path'] != '/') && ($test['path'] != ''))
-				$post_links[] = $link_test;
-		endif;
-	endforeach;
-
-	do_action('pre_ping',  array(&$post_links, &$pung));
-
-	foreach ($post_links as $pagelinkedto){
-		debug_fwrite($log, "Processing -- $pagelinkedto\n");
-		$pingback_server_url = discover_pingback_server_uri($pagelinkedto, 2048);
-
-		if ($pingback_server_url) {
-			@ set_time_limit( 60 ); 
-			 // Now, the RPC call
-			debug_fwrite($log, "Page Linked To: $pagelinkedto \n");
-			debug_fwrite($log, 'Page Linked From: ');
-			$pagelinkedfrom = get_permalink($post_ID);
-			debug_fwrite($log, $pagelinkedfrom."\n");
-
-			// using a timeout of 3 seconds should be enough to cover slow servers
-			$client = new IXR_Client($pingback_server_url);
-			$client->timeout = 3;
-			$client->useragent .= ' -- WordPress/' . $wp_version;
-
-			// when set to true, this outputs debug messages by itself
-			$client->debug = false;
-
-			if ( $client->query('pingback.ping', $pagelinkedfrom, $pagelinkedto ) )
-				add_ping( $post_ID, $pagelinkedto );
-			else
-				debug_fwrite($log, "Error.\n Fault code: ".$client->getErrorCode()." : ".$client->getErrorMessage()."\n");
-		}
-	}
-
-	debug_fwrite($log, "\nEND: ".time()."\n****************************\n");
-	debug_fclose($log);
-}
+//
+// Ping and trackback functions.
+//
 
 function discover_pingback_server_uri($url, $timeout_bytes = 2048) {
 	global $wp_version;
@@ -606,17 +571,227 @@ function discover_pingback_server_uri($url, $timeout_bytes = 2048) {
 	return false;
 }
 
-function is_local_attachment($url) {
-	if ( !strstr($url, get_bloginfo('home') ) )
-		return false;
-	if ( strstr($url, get_bloginfo('home') . '/?attachment_id=') )
-		return true;
-	if ( $id = url_to_postid($url) ) {
-		$post = & get_post($id);
-		if ( 'attachment' == $post->post_type )
-			return true;
+function do_all_pings() {
+	global $wpdb;
+
+	// Do pingbacks
+	while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) {
+		$wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';");
+		pingback($ping->post_content, $ping->ID);
 	}
-	return false;
+	
+	// Do Enclosures
+	while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) {
+		$wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$enclosure->ID} AND meta_key = '_encloseme';");
+		do_enclose($enclosure->post_content, $enclosure->ID);
+	}
+
+	// Do Trackbacks
+	$trackbacks = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE CHAR_LENGTH(TRIM(to_ping)) > 7 AND post_status = 'publish'");
+	if ( is_array($trackbacks) ) {
+		foreach ( $trackbacks as $trackback ) {
+			do_trackbacks($trackback->ID);
+		}
+	}
+
+	//Do Update Services/Generic Pings
+	generic_ping();
+}
+
+function do_trackbacks($post_id) {
+	global $wpdb;
+
+	$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $post_id");
+	$to_ping = get_to_ping($post_id);
+	$pinged  = get_pung($post_id);
+	if ( empty($to_ping) ) {
+		$wpdb->query("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = '$post_id'");
+		return;
+	}
+
+	if (empty($post->post_excerpt))
+		$excerpt = apply_filters('the_content', $post->post_content);
+	else
+		$excerpt = apply_filters('the_excerpt', $post->post_excerpt);
+	$excerpt = str_replace(']]>', ']]&gt;', $excerpt);
+	$excerpt = strip_tags($excerpt);
+	if ( function_exists('mb_strcut') ) // For international trackbacks
+    	$excerpt = mb_strcut($excerpt, 0, 252, get_settings('blog_charset')) . '...';
+	else
+		$excerpt = substr($excerpt, 0, 252) . '...';
+
+	$post_title = apply_filters('the_title', $post->post_title);
+	$post_title = strip_tags($post_title);
+
+	if ($to_ping) : foreach ($to_ping as $tb_ping) :
+		$tb_ping = trim($tb_ping);
+		if ( !in_array($tb_ping, $pinged) ) {
+			trackback($tb_ping, $post_title, $excerpt, $post_id);
+			$pinged[] = $tb_ping;
+		} else {
+			$wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = '$post_id'");
+		}
+	endforeach; endif;
+}
+
+function generic_ping($post_id = 0) {
+	$services = get_settings('ping_sites');
+	$services = preg_replace("|(\s)+|", '$1', $services); // Kill dupe lines
+	$services = trim($services);
+	if ( '' != $services ) {
+		$services = explode("\n", $services);
+		foreach ($services as $service) {
+			weblog_ping($service);
+		}
+	}
+
+	return $post_id;
+}
+
+function pingback($content, $post_ID) {
+	global $wp_version, $wpdb;
+	include_once (ABSPATH . WPINC . '/class-IXR.php');
+
+	// original code by Mort (http://mort.mine.nu:8080)
+	$log = debug_fopen(ABSPATH . '/pingback.log', 'a');
+	$post_links = array();
+	debug_fwrite($log, 'BEGIN '.date('YmdHis', time())."\n");
+
+	$pung = get_pung($post_ID);
+
+	// Variables
+	$ltrs = '\w';
+	$gunk = '/#~:.?+=&%@!\-';
+	$punc = '.:?\-';
+	$any = $ltrs . $gunk . $punc;
+
+	// Step 1
+	// Parsing the post, external links (if any) are stored in the $post_links array
+	// This regexp comes straight from phpfreaks.com
+	// http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php
+	preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp);
+
+	// Debug
+	debug_fwrite($log, 'Post contents:');
+	debug_fwrite($log, $content."\n");
+
+	// Step 2.
+	// Walking thru the links array
+	// first we get rid of links pointing to sites, not to specific files
+	// Example:
+	// http://dummy-weblog.org
+	// http://dummy-weblog.org/
+	// http://dummy-weblog.org/post.php
+	// We don't wanna ping first and second types, even if they have a valid <link/>
+
+	foreach($post_links_temp[0] as $link_test) :
+		if ( !in_array($link_test, $pung) && (url_to_postid($link_test) != $post_ID) // If we haven't pung it already and it isn't a link to itself
+				&& !is_local_attachment($link_test) ) : // Also, let's never ping local attachments.
+			$test = parse_url($link_test);
+			if (isset($test['query']))
+				$post_links[] = $link_test;
+			elseif(($test['path'] != '/') && ($test['path'] != ''))
+				$post_links[] = $link_test;
+		endif;
+	endforeach;
+
+	do_action('pre_ping',  array(&$post_links, &$pung));
+
+	foreach ($post_links as $pagelinkedto){
+		debug_fwrite($log, "Processing -- $pagelinkedto\n");
+		$pingback_server_url = discover_pingback_server_uri($pagelinkedto, 2048);
+
+		if ($pingback_server_url) {
+			@ set_time_limit( 60 ); 
+			 // Now, the RPC call
+			debug_fwrite($log, "Page Linked To: $pagelinkedto \n");
+			debug_fwrite($log, 'Page Linked From: ');
+			$pagelinkedfrom = get_permalink($post_ID);
+			debug_fwrite($log, $pagelinkedfrom."\n");
+
+			// using a timeout of 3 seconds should be enough to cover slow servers
+			$client = new IXR_Client($pingback_server_url);
+			$client->timeout = 3;
+			$client->useragent .= ' -- WordPress/' . $wp_version;
+
+			// when set to true, this outputs debug messages by itself
+			$client->debug = false;
+
+			if ( $client->query('pingback.ping', $pagelinkedfrom, $pagelinkedto ) )
+				add_ping( $post_ID, $pagelinkedto );
+			else
+				debug_fwrite($log, "Error.\n Fault code: ".$client->getErrorCode()." : ".$client->getErrorMessage()."\n");
+		}
+	}
+
+	debug_fwrite($log, "\nEND: ".time()."\n****************************\n");
+	debug_fclose($log);
+}
+
+function privacy_ping_filter( $sites ) {
+	global $current_blog;
+	if ( '0' != $current_blog->public )
+		return $sites;
+	else
+		return '';
+}
+
+// Send a Trackback
+function trackback($trackback_url, $title, $excerpt, $ID) {
+	global $wpdb, $wp_version;
+
+	if ( empty($trackback_url) )
+		return;
+
+	$title = urlencode($title);
+	$excerpt = urlencode($excerpt);
+	$blog_name = urlencode(get_settings('blogname'));
+	$tb_url = $trackback_url;
+	$url = urlencode(get_permalink($ID));
+	$query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt";
+	$trackback_url = parse_url($trackback_url);
+	$http_request = 'POST ' . $trackback_url['path'] . ($trackback_url['query'] ? '?'.$trackback_url['query'] : '') . " HTTP/1.0\r\n";
+	$http_request .= 'Host: '.$trackback_url['host']."\r\n";
+	$http_request .= 'Content-Type: application/x-www-form-urlencoded; charset='.get_settings('blog_charset')."\r\n";
+	$http_request .= 'Content-Length: '.strlen($query_string)."\r\n";
+	$http_request .= "User-Agent: WordPress/" . $wp_version;
+	$http_request .= "\r\n\r\n";
+	$http_request .= $query_string;
+	if ( '' == $trackback_url['port'] )
+		$trackback_url['port'] = 80;
+	$fs = @fsockopen($trackback_url['host'], $trackback_url['port'], $errno, $errstr, 4);
+	@fputs($fs, $http_request);
+/*
+	$debug_file = 'trackback.log';
+	$fp = fopen($debug_file, 'a');
+	fwrite($fp, "\n*****\nRequest:\n\n$http_request\n\nResponse:\n\n");
+	while(!@feof($fs)) {
+		fwrite($fp, @fgets($fs, 4096));
+	}
+	fwrite($fp, "\n\n");
+	fclose($fp);
+*/
+	@fclose($fs);
+
+	$tb_url = addslashes( $tb_url );
+	$wpdb->query("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = '$ID'");
+	return $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = '$ID'");
+}
+
+function weblog_ping($server = '', $path = '') {
+	global $wp_version;
+	include_once (ABSPATH . WPINC . '/class-IXR.php');
+
+	// using a timeout of 3 seconds should be enough to cover slow servers
+	$client = new IXR_Client($server, ((!strlen(trim($path)) || ('/' == $path)) ? false : $path));
+	$client->timeout = 3;
+	$client->useragent .= ' -- WordPress/'.$wp_version;
+
+	// when set to true, this outputs debug messages by itself
+	$client->debug = false;
+	$home = trailingslashit( get_option('home') );
+	if ( !$client->query('weblogUpdates.extendedPing', get_settings('blogname'), $home, get_bloginfo('rss2_url') ) ) // then try a normal ping
+		$client->query('weblogUpdates.ping', get_settings('blogname'), $home);
 }
 
 ?>
diff --git a/wp-includes/compat.php b/wp-includes/compat.php
index 49717a4..3b64dfb 100644
--- a/wp-includes/compat.php
+++ b/wp-includes/compat.php
@@ -73,7 +73,7 @@ if (!defined('CASE_UPPER')) {
  * @link        http://php.net/function.array_change_key_case
  * @author      Stephan Schmidt <schst@php.net>
  * @author      Aidan Lister <aidan@php.net>
- * @version     $Revision: 3862 $
+ * @version     $Revision: 3901 $
  * @since       PHP 4.2.0
  * @require     PHP 4.0.0 (user_error)
  */
@@ -111,4 +111,11 @@ if(!function_exists('http_build_query')) {
        return implode($separator, $res);
    }
 }
+
+if ( !function_exists('_') ) {
+	function _($string) {
+		return $string;
+	}
+}
+
 ?>
diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php
index 8500a0c..d596500 100644
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@@ -127,4 +127,5 @@ add_action('do_feed_rss2', 'do_feed_rss2', 10, 1);
 add_action('do_feed_atom', 'do_feed_atom', 10, 1);
 add_action('do_pings', 'do_all_pings', 10, 1);
 add_action('do_robots', 'do_robots');
+add_action('sanitize_comment_cookies', 'sanitize_comment_cookies');
 ?>
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index a8f5b5c..1882962 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -2,12 +2,6 @@
 
 require_once(dirname(__FILE__).'/compat.php');
 
-if ( !function_exists('_') ) {
-	function _($string) {
-		return $string;
-	}
-}
-
 function mysql2date($dateformatstring, $mysqlstring, $translate = true) {
 	global $wp_locale;
 	$m = $mysqlstring;
@@ -336,78 +330,6 @@ function timer_stop($display = 0, $precision = 3) { //if called like timer_stop(
 	return $timetotal;
 }
 
-function weblog_ping($server = '', $path = '') {
-	global $wp_version;
-	include_once (ABSPATH . WPINC . '/class-IXR.php');
-
-	// using a timeout of 3 seconds should be enough to cover slow servers
-	$client = new IXR_Client($server, ((!strlen(trim($path)) || ('/' == $path)) ? false : $path));
-	$client->timeout = 3;
-	$client->useragent .= ' -- WordPress/'.$wp_version;
-
-	// when set to true, this outputs debug messages by itself
-	$client->debug = false;
-	$home = trailingslashit( get_option('home') );
-	if ( !$client->query('weblogUpdates.extendedPing', get_settings('blogname'), $home, get_bloginfo('rss2_url') ) ) // then try a normal ping
-		$client->query('weblogUpdates.ping', get_settings('blogname'), $home);
-}
-
-function generic_ping($post_id = 0) {
-	$services = get_settings('ping_sites');
-	$services = preg_replace("|(\s)+|", '$1', $services); // Kill dupe lines
-	$services = trim($services);
-	if ( '' != $services ) {
-		$services = explode("\n", $services);
-		foreach ($services as $service) {
-			weblog_ping($service);
-		}
-	}
-
-	return $post_id;
-}
-
-// Send a Trackback
-function trackback($trackback_url, $title, $excerpt, $ID) {
-	global $wpdb, $wp_version;
-
-	if ( empty($trackback_url) )
-		return;
-
-	$title = urlencode($title);
-	$excerpt = urlencode($excerpt);
-	$blog_name = urlencode(get_settings('blogname'));
-	$tb_url = $trackback_url;
-	$url = urlencode(get_permalink($ID));
-	$query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt";
-	$trackback_url = parse_url($trackback_url);
-	$http_request = 'POST ' . $trackback_url['path'] . ($trackback_url['query'] ? '?'.$trackback_url['query'] : '') . " HTTP/1.0\r\n";
-	$http_request .= 'Host: '.$trackback_url['host']."\r\n";
-	$http_request .= 'Content-Type: application/x-www-form-urlencoded; charset='.get_settings('blog_charset')."\r\n";
-	$http_request .= 'Content-Length: '.strlen($query_string)."\r\n";
-	$http_request .= "User-Agent: WordPress/" . $wp_version;
-	$http_request .= "\r\n\r\n";
-	$http_request .= $query_string;
-	if ( '' == $trackback_url['port'] )
-		$trackback_url['port'] = 80;
-	$fs = @fsockopen($trackback_url['host'], $trackback_url['port'], $errno, $errstr, 4);
-	@fputs($fs, $http_request);
-/*
-	$debug_file = 'trackback.log';
-	$fp = fopen($debug_file, 'a');
-	fwrite($fp, "\n*****\nRequest:\n\n$http_request\n\nResponse:\n\n");
-	while(!@feof($fs)) {
-		fwrite($fp, @fgets($fs, 4096));
-	}
-	fwrite($fp, "\n\n");
-	fclose($fp);
-*/
-	@fclose($fs);
-
-	$tb_url = addslashes( $tb_url );
-	$wpdb->query("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = '$ID'");
-	return $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = '$ID'");
-}
-
 function make_url_footnote($content) {
 	preg_match_all('/<a(.+?)href=\"(.+?)\"(.*?)>(.+?)<\/a>/', $content, $matches);
 	$j = 0;
@@ -841,14 +763,6 @@ function get_num_queries() {
 	return $wpdb->num_queries;
 }
 
-function privacy_ping_filter( $sites ) {
-	global $current_blog;
-	if ( '0' != $current_blog->public )
-		return $sites;
-	else
-		return '';
-}
-
 function bool_from_yn($yn) {
     if ($yn == 'Y') return 1;
     return 0;
@@ -1091,69 +1005,6 @@ function wp_check_filetype($filename, $mimes = null) {
 	return compact('ext', 'type');
 }
 
-function do_trackbacks($post_id) {
-	global $wpdb;
-
-	$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $post_id");
-	$to_ping = get_to_ping($post_id);
-	$pinged  = get_pung($post_id);
-	if ( empty($to_ping) ) {
-		$wpdb->query("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = '$post_id'");
-		return;
-	}
-
-	if (empty($post->post_excerpt))
-		$excerpt = apply_filters('the_content', $post->post_content);
-	else
-		$excerpt = apply_filters('the_excerpt', $post->post_excerpt);
-	$excerpt = str_replace(']]>', ']]&gt;', $excerpt);
-	$excerpt = strip_tags($excerpt);
-	if ( function_exists('mb_strcut') ) // For international trackbacks
-    	$excerpt = mb_strcut($excerpt, 0, 252, get_settings('blog_charset')) . '...';
-	else
-		$excerpt = substr($excerpt, 0, 252) . '...';
-
-	$post_title = apply_filters('the_title', $post->post_title);
-	$post_title = strip_tags($post_title);
-
-	if ($to_ping) : foreach ($to_ping as $tb_ping) :
-		$tb_ping = trim($tb_ping);
-		if ( !in_array($tb_ping, $pinged) ) {
-			trackback($tb_ping, $post_title, $excerpt, $post_id);
-			$pinged[] = $tb_ping;
-		} else {
-			$wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = '$post_id'");
-		}
-	endforeach; endif;
-}
-
-function do_all_pings() {
-	global $wpdb;
-
-	// Do pingbacks
-	while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) {
-		$wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';");
-		pingback($ping->post_content, $ping->ID);
-	}
-	
-	// Do Enclosures
-	while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) {
-		$wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$enclosure->ID} AND meta_key = '_encloseme';");
-		do_enclose($enclosure->post_content, $enclosure->ID);
-	}
-
-	// Do Trackbacks
-	$trackbacks = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE CHAR_LENGTH(TRIM(to_ping)) > 7 AND post_status = 'publish'");
-	if ( is_array($trackbacks) ) {
-		foreach ( $trackbacks as $trackback ) {
-			do_trackbacks($trackback->ID);
-		}
-	}
-
-	//Do Update Services/Generic Pings
-	generic_ping();
-}
-
 function wp_proxy_check($ipnum) {
 	if ( get_option('open_proxy_check') && isset($ipnum) ) {
 		$rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) );
diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php
index 1c18980..fcd3f89 100644
--- a/wp-includes/post-template.php
+++ b/wp-includes/post-template.php
@@ -34,6 +34,8 @@ function get_the_title($id = 0) {
 	$title = $post->post_title;
 	if ( !empty($post->post_password) )
 		$title = sprintf(__('Protected: %s'), $title);
+	else if ( 'private' == $post->post_status )
+		$title = sprintf(__('Private: %s'), $title);
 
 	return $title;
 }
diff --git a/wp-includes/post.php b/wp-includes/post.php
index ce1a227..b29d0d2 100644
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -1118,6 +1118,19 @@ function generate_page_uri_index() {
 // Attachment functions
 //
 
+function is_local_attachment($url) {
+	if ( !strstr($url, get_bloginfo('home') ) )
+		return false;
+	if ( strstr($url, get_bloginfo('home') . '/?attachment_id=') )
+		return true;
+	if ( $id = url_to_postid($url) ) {
+		$post = & get_post($id);
+		if ( 'attachment' == $post->post_type )
+			return true;
+	}
+	return false;
+}
+
 function wp_insert_attachment($object, $file = false, $post_parent = 0) {
 	global $wpdb, $user_ID;
 
diff --git a/wp-includes/query.php b/wp-includes/query.php
index ae6ecbe..3bb98b0 100644
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@@ -850,20 +850,19 @@ class WP_Query {
 		} else {

 			$where .= " AND (post_type = '$post_type' AND (post_status = 'publish'";

 

-			if ( is_admin() ) {

+			if ( is_admin() )

 				$where .= " OR post_status = 'future' OR post_status = 'draft'";

 	

-				if ( is_user_logged_in() ) {

-					if ( 'post' == $post_type )

-						$cap = 'edit_private_posts';

-					else

-						$cap = 'edit_private_pages';

-

-					if ( current_user_can($cap) )

-						$where .= "OR post_status = 'private'";

-					else

-					$where .= " OR post_author = $user_ID AND post_status = 'private'";

-				}

+			if ( is_user_logged_in() ) {

+				if ( 'post' == $post_type )

+					$cap = 'edit_private_posts';

+				else

+					$cap = 'edit_private_pages';

+

+				if ( current_user_can($cap) )

+					$where .= " OR post_status = 'private'";

+				else

+				$where .= " OR post_author = $user_ID AND post_status = 'private'";

 			}

 

 			$where .= '))';

diff --git a/wp-settings.php b/wp-settings.php
index a7cb2b4..50ba158 100644
--- a/wp-settings.php
+++ b/wp-settings.php
@@ -258,6 +258,8 @@ $_POST   = add_magic_quotes($_POST  );
 $_COOKIE = add_magic_quotes($_COOKIE);
 $_SERVER = add_magic_quotes($_SERVER);
 
+do_action('sanitize_comment_cookies');
+
 $wp_query   = new WP_Query();
 $wp_rewrite = new WP_Rewrite();
 $wp         = new WP();