From 89fe0ff804e7c6497ebacc8b341ac89974f6f255 Mon Sep 17 00:00:00 2001
From: donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>
Date: Mon, 21 May 2007 18:37:58 +0000
Subject: WP Merge to rev 5499, this is a big one! Test it before you put it
 live! Test only, not for production use yet

git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@972 7be80a69-a1ef-0310-a953-fb0f7c49ff36
---
 wp-admin/admin-ajax.php         |  25 +++
 wp-admin/admin-db.php           |  20 +++
 wp-admin/admin-footer.php       |   2 +-
 wp-admin/admin-functions.php    |  93 ++++++++--
 wp-admin/admin-header.php       |   4 +-
 wp-admin/cat.js                 |   2 +-
 wp-admin/categories.js          |   2 +-
 wp-admin/categories.php         |   1 +
 wp-admin/comment.php            |   2 +-
 wp-admin/custom-header.php      |  17 +-
 wp-admin/dbx-admin-key.js       |   2 +-
 wp-admin/edit-comments.js       |  42 ++++-
 wp-admin/edit-comments.php      | 161 +++++------------
 wp-admin/edit-form-advanced.php |  11 +-
 wp-admin/edit-form-comment.php  |   2 +-
 wp-admin/edit-link-form.php     |   6 +-
 wp-admin/edit-page-form.php     |  11 +-
 wp-admin/edit-pages.php         |   6 +-
 wp-admin/edit.php               |   4 +-
 wp-admin/export.php             |  39 ++--
 wp-admin/images/heading-bg.gif  | Bin 0 -> 37 bytes
 wp-admin/import.php             |   7 +-
 wp-admin/import/blogger.php     |   4 +-
 wp-admin/import/dotclear.php    |  32 ++--
 wp-admin/import/greymatter.php  |   8 +-
 wp-admin/import/livejournal.php |   3 +-
 wp-admin/import/mt.php          |   3 +
 wp-admin/import/rss.php         |   1 +
 wp-admin/import/textpattern.php |  36 ++--
 wp-admin/import/utw.php         | 270 ++++++++++++++++++++++++++++
 wp-admin/import/wordpress.php   | 242 +++++++++++++++----------
 wp-admin/import/wp-cat2tag.php  | 226 +++++++++++++++++++++++
 wp-admin/index-extra.php        |  14 +-
 wp-admin/index.php              |  12 +-
 wp-admin/link-import.php        |   8 +-
 wp-admin/link-manager.php       |   2 +-
 wp-admin/menu.php               |   1 +
 wp-admin/moderation.php         |   8 +-
 wp-admin/options-permalink.php  |   5 +-
 wp-admin/page.php               |   6 -
 wp-admin/plugins.php            |  20 +++
 wp-admin/post-new.php           |   4 +-
 wp-admin/post.php               |   6 -
 wp-admin/profile.php            |  24 +--
 wp-admin/rtl.css                |   9 +-
 wp-admin/themes.php             |   2 +-
 wp-admin/upgrade-functions.php  |  38 +++-
 wp-admin/upload-functions.php   |   1 +
 wp-admin/upload.css             |   1 +
 wp-admin/upload.php             |   4 +-
 wp-admin/user-edit.php          |   6 +-
 wp-admin/widgets-rtl.css        |  39 ++++
 wp-admin/widgets.css            | 214 ++++++++++++++++++++++
 wp-admin/widgets.php            | 390 ++++++++++++++++++++++++++++++++++++++++
 wp-admin/wp-admin.css           |  30 ++--
 55 files changed, 1763 insertions(+), 365 deletions(-)
 create mode 100644 wp-admin/images/heading-bg.gif
 create mode 100644 wp-admin/import/utw.php
 create mode 100644 wp-admin/import/wp-cat2tag.php
 create mode 100644 wp-admin/widgets-rtl.css
 create mode 100644 wp-admin/widgets.css
 create mode 100644 wp-admin/widgets.php

(limited to 'wp-admin')

diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index 2ad2469..ad5064f 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -151,6 +151,31 @@ case 'add-cat' : // From Manage->Categories
 	) );
 	$x->send();
 	break;
+case 'add-comment' :
+	if ( !current_user_can( 'edit_post', $id ) )
+		die('-1');
+	$search = isset($_POST['s']) ? $_POST['s'] : false;
+	$start = isset($_POST['page']) ? intval($_POST['page']) * 25 : 25;
+
+	list($comments, $total) = _wp_get_comment_list( $search, $start, 1 );
+
+	if ( !$comments )
+		die('1');
+	$x = new WP_Ajax_Response();
+	foreach ( (array) $comments as $comment ) {
+		get_comment( $comment );
+		ob_start();
+			_wp_comment_list_item( $comment->comment_ID );
+			$comment_list_item = ob_get_contents();
+		ob_end_clean();
+		$x->add( array(
+			'what' => 'comment',
+			'id' => $comment->comment_ID,
+			'data' => $comment_list_item
+		) );
+	}
+	$x->send();
+	break;
 case 'add-meta' :
 	if ( !current_user_can( 'edit_post', $id ) )
 		die('-1');
diff --git a/wp-admin/admin-db.php b/wp-admin/admin-db.php
index de90ad7..24e2388 100644
--- a/wp-admin/admin-db.php
+++ b/wp-admin/admin-db.php
@@ -125,6 +125,11 @@ function wp_insert_category($catarr) {
 	else
 		$links_private = 0;
 
+
+	// Let's check if we have this category already, if so just do an update
+	if ( !$update && $cat_ID = category_object_exists( $category_nicename ) )
+		$update = true;
+
 	if (!$update) {
 		$maxcat = $wpdb->get_var( "SELECT max(cat_ID) FROM {$wpdb->categories}" );
 		$cat_ID = mt_rand( $maxcat+100, $maxcat+4000 );
@@ -153,6 +158,11 @@ function wp_insert_category($catarr) {
 
 	clean_category_cache($cat_ID);
 
+	if ($update)
+		do_action('edited_category', $cat_ID);
+	else
+		do_action('created_category', $cat_ID);
+	
 	return $cat_ID;
 }
 
@@ -245,6 +255,14 @@ function wp_create_categories($categories, $post_id = '') {
 	return $cat_ids;
 }
 
+function category_object_exists($cat_name) {
+	global $wpdb;
+	if (!$category_nicename = sanitize_title($cat_name))
+		return 0;
+
+	return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'");
+}
+
 function category_exists($cat_name) {
 	global $wpdb;
 	if (!$category_nicename = sanitize_title($cat_name))
@@ -419,6 +437,8 @@ function wp_delete_link($link_id) {
 
 	$wpdb->query("DELETE FROM $wpdb->link2cat WHERE link_id = '$link_id'");
 	return $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
+	
+	do_action('deleted_link', $link_id);
 }
 
 function wp_get_link_cats($link_ID = 0) {
diff --git a/wp-admin/admin-footer.php b/wp-admin/admin-footer.php
index 8e30631..40a3e8c 100644
--- a/wp-admin/admin-footer.php
+++ b/wp-admin/admin-footer.php
@@ -2,7 +2,7 @@
 <div id="footer">
 <p class="logo"><a href="http://wordpress.org/" id="wordpress-logo"><img src="images/wordpress-logo.png" alt="WordPress" /></a></p>
 <p class="docs"><?php _e('<a href="http://codex.wordpress.org/">Documentation</a>'); ?> &#8212; <?php _e('<a href="http://wordpress.org/support/">Support Forums</a>'); ?><br />
-<?php bloginfo('version'); ?> &#8212; <?php printf(__('%s seconds'), timer_stop(0, 2)); ?></p>
+<?php printf( __('Version %s'), get_bloginfo('version') ); ?></p>
 </div>
 <?php do_action('admin_footer', ''); ?>
 <script type="text/javascript">if(typeof wpOnload=='function')wpOnload();</script>
diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php
index 7b9507c..10f8eeb 100644
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@@ -490,7 +490,7 @@ function edit_user( $user_id = 0 ) {
 	if ( isset( $_POST['email'] ))
 		$user->user_email = wp_specialchars( trim( $_POST['email'] ));
 	if ( isset( $_POST['url'] ) ) {
-		$user->user_url = wp_specialchars( trim( $_POST['url'] ));
+		$user->user_url = clean_url( trim( $_POST['url'] ));
 		$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
 	}
 	if ( isset( $_POST['first_name'] ))
@@ -702,6 +702,7 @@ function get_nested_categories( $default = 0, $parent = 0 ) {
 		}
 	}
 
+	$result = apply_filters('get_nested_categories', $result);
 	usort( $result, 'sort_cats' );
 
 	return $result;
@@ -774,6 +775,8 @@ function cat_rows( $parent = 0, $level = 0, $categories = 0 ) {
 	if (!$categories )
 		$categories = get_categories( 'hide_empty=0' );
 
+	$children = _get_category_hierarchy();
+
 	if ( $categories ) {
 		ob_start();
 		foreach ( $categories as $category ) {
@@ -783,7 +786,8 @@ function cat_rows( $parent = 0, $level = 0, $categories = 0 ) {
 			}
 			if ( $category->category_parent == $parent) {
 				echo "\t" . _cat_row( $category, $level );
-				cat_rows( $category->cat_ID, $level +1, $categories );
+				if ( isset($children[$category->cat_ID]) )
+					cat_rows( $category->cat_ID, $level +1, $categories );
 			}
 		}
 		$output = ob_get_contents();
@@ -815,8 +819,8 @@ function _cat_row( $category, $level, $name_override = false ) {
 
 	$class = ( ( defined( 'DOING_AJAX' ) && DOING_AJAX ) || " class='alternate'" == $class ) ? '' : " class='alternate'";
 
-	$category->category_count = number_format( $category->category_count );
-	$category->link_count = number_format( $category->link_count );
+	$category->category_count = number_format_i18n( $category->category_count );
+	$category->link_count = number_format_i18n( $category->link_count );
 	$posts_count = ( $category->category_count > 0 ) ? "<a href='edit.php?cat=$category->cat_ID'>$category->category_count</a>" : $category->category_count;
 	return "<tr id='cat-$category->cat_ID'$class>
 		<th scope='row' style='text-align: center'>$category->cat_ID</th>
@@ -898,6 +902,68 @@ function user_row( $user_object, $style = '' ) {
 	return $r;
 }
 
+function _wp_get_comment_list( $s = false, $start, $num ) {
+	global $wpdb;
+
+	$start = (int) $start;
+	$num = (int) $num;
+
+	if ( $s ) {
+		$s = $wpdb->escape($s);
+		$comments = $wpdb->get_results("SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE
+			(comment_author LIKE '%$s%' OR
+			comment_author_email LIKE '%$s%' OR
+			comment_author_url LIKE ('%$s%') OR
+			comment_author_IP LIKE ('%$s%') OR
+			comment_content LIKE ('%$s%') ) AND
+			comment_approved != 'spam'
+			ORDER BY comment_date DESC LIMIT $start, $num");
+	} else {
+		$comments = $wpdb->get_results( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE comment_approved = '0' OR comment_approved = '1' ORDER BY comment_date DESC LIMIT $start, $num" );
+	}
+
+	$total = $wpdb->get_var( "SELECT FOUND_ROWS()" );
+
+	return array($comments, $total);
+}
+
+function _wp_comment_list_item( $id, $alt = 0 ) {
+	global $authordata, $comment, $wpdb;
+	$id = (int) $id;
+	$comment =& get_comment( $id );
+	$class = '';
+	$authordata = get_userdata($wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $comment->comment_post_ID"));
+	$comment_status = wp_get_comment_status($comment->comment_ID);
+	if ( 'unapproved' == $comment_status )
+		$class .= ' unapproved';
+	if ( $alt % 2 )
+		$class .= ' alternate';
+	echo "<li id='comment-$comment->comment_ID' class='$class'>";
+?>
+<p><strong><?php comment_author(); ?></strong> <?php if ($comment->comment_author_email) { ?>| <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url) { ?> | <?php comment_author_url_link() ?> <?php } ?>| <?php _e('IP:') ?> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></p>
+
+<?php comment_text() ?>
+
+<p><?php comment_date(__('M j, g:i A'));  ?> &#8212; [
+<?php
+if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
+	echo " <a href='comment.php?action=editcomment&amp;c=".$comment->comment_ID."'>" .  __('Edit') . '</a>';
+	echo ' | <a href="' . wp_nonce_url('ocomment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
+	if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
+		echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
+		echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
+	}
+	echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), $comment->comment_author))  . "', theCommentList );\">" . __('Spam') . "</a> ";
+}
+$post = get_post($comment->comment_post_ID);
+$post_title = wp_specialchars( $post->post_title, 'double' );
+$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
+?>
+ ] &#8212; <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php echo $post_title; ?></a></p>
+		</li>
+<?php
+}
+
 function wp_dropdown_cats( $currentcat = 0, $currentparent = 0, $parent = 0, $level = 0, $categories = 0 ) {
 	global $wpdb;
 	if (!$categories )
@@ -1279,6 +1345,7 @@ function get_page_templates() {
 
 function page_template_dropdown( $default = '' ) {
 	$templates = get_page_templates();
+	ksort( $templates );
 	foreach (array_keys( $templates ) as $template )
 		: if ( $default == $templates[$template] )
 			$selected = " selected='selected'";
@@ -1684,7 +1751,7 @@ function get_plugin_data( $plugin_file ) {
 		$author = '<a href="' . trim( $author_uri[1] ) . '" title="'.__( 'Visit author homepage' ).'">' . trim( $author_name[1] ) . '</a>';
 	}
 
-	return array ('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1] );
+	return array('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version);
 }
 
 function get_plugins() {
@@ -1701,20 +1768,20 @@ function get_plugins() {
 	$plugins_dir = @ dir( $plugin_root);
 	if ( $plugins_dir ) {
 		while (($file = $plugins_dir->read() ) !== false ) {
-			if ( preg_match( '|^\.+$|', $file ))
+			if ( substr($file, 0, 1) == '.' )
 				continue;
 			if ( is_dir( $plugin_root.'/'.$file ) ) {
 				$plugins_subdir = @ dir( $plugin_root.'/'.$file );
 				if ( $plugins_subdir ) {
 					while (($subfile = $plugins_subdir->read() ) !== false ) {
-						if ( preg_match( '|^\.+$|', $subfile ))
+						if ( substr($subfile, 0, 1) == '.' )
 							continue;
-						if ( preg_match( '|\.php$|', $subfile ))
+						if ( substr($subfile, -4) == '.php' )
 							$plugin_files[] = "$file/$subfile";
 					}
 				}
 			} else {
-				if ( preg_match( '|\.php$|', $file ))
+				if ( substr($file, -4) == '.php' )
 					$plugin_files[] = $file;
 			}
 		}
@@ -1795,7 +1862,7 @@ function register_importer( $id, $name, $description, $callback ) {
 
 function get_importers() {
 	global $wp_importers;
-
+	uasort($wp_importers, create_function('$a, $b', 'return strcmp($a[0], $b[0]);'));
 	return $wp_importers;
 }
 
@@ -1878,8 +1945,11 @@ function wp_handle_upload( &$file, $overrides = false ) {
 
 		extract( $wp_filetype );
 
-		if ( !$type || !$ext )
+		if ( ( !$type || !$ext ) && !current_user_can( 'unfiltered_upload' ) )
 			return $upload_error_handler( $file, __( 'File type does not meet security guidelines. Try another.' ));
+		
+		if ( !$ext )
+			$ext = strrchr($file['name'], '.');
 	}
 
 	// A writable uploads dir will pass this test. Again, there's no point overriding this one.
@@ -1950,6 +2020,7 @@ function wp_import_upload_form( $action ) {
 ?>
 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
 <p>
+<?php wp_nonce_field('import-upload'); ?>
 <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
 <input type="file" id="upload" name="import" size="25" />
 <input type="hidden" name="action" value="save" />
diff --git a/wp-admin/admin-header.php b/wp-admin/admin-header.php
index 9f6402b..d6ff2ef 100644
--- a/wp-admin/admin-header.php
+++ b/wp-admin/admin-header.php
@@ -13,7 +13,7 @@ get_admin_page_title();
 
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
+<html xmlns="http://www.w3.org/1999/xhtml" <?php do_action('admin_xml_ns'); ?> <?php language_attributes(); ?>>
 <head>
 <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_option('blog_charset'); ?>" />
 <title><?php bloginfo('name') ?> &rsaquo; <?php echo wp_specialchars( strip_tags( $title ) ); ?> &#8212; WordPress</title>
@@ -44,7 +44,7 @@ do_action('admin_head');
 </head>
 <body>
 <div id="wphead">
-<h1><?php echo wptexturize(get_bloginfo(('name'))); ?> <span>(<a href="<?php echo get_option('home') . '/'; ?>"><?php _e('View site &raquo;') ?></a>)</span></h1>
+<h1><?php bloginfo('name'); ?> <span>(<a href="<?php echo get_option('home') . '/'; ?>"><?php _e('View site &raquo;') ?></a>)</span></h1>
 </div>
 <div id="user_info"><p><?php printf(__('Howdy, <strong>%s</strong>.'), $user_identity) ?> [<a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="<?php _e('Log out of this account') ?>"><?php _e('Sign Out'); ?></a>, <a href="profile.php"><?php _e('My Profile'); ?></a>] </p></div>
 
diff --git a/wp-admin/cat.js b/wp-admin/cat.js
index ab94d4c..e93adfc 100644
--- a/wp-admin/cat.js
+++ b/wp-admin/cat.js
@@ -4,7 +4,7 @@ function newCatAddIn() {
 	var jaxcat = $('jaxcat');
 	if ( !jaxcat )
 		return false;
-	Element.update(jaxcat,'<span id="ajaxcat"><input type="text" name="newcat" id="newcat" size="16" autocomplete="off"/><input type="button" name="Button" id="catadd" value="' + catL10n.add + '"/><span id="howto">' + catL10n.how + '</span></span>');
+	Element.update(jaxcat,'<span id="ajaxcat"><input type="text" name="newcat" id="newcat" size="16" autocomplete="off"/><input type="button" name="Button" id="catadd" value="' + catL10n.add + '"/><input type="hidden"/><span id="howto">' + catL10n.how + '</span></span>');
 	$('newcat').onkeypress = function(e) { return killSubmit("catList.ajaxAdder('category','jaxcat');", e); };
 	$('catadd').onclick = function() { catList.ajaxAdder('category', 'jaxcat'); };
 }
diff --git a/wp-admin/categories.js b/wp-admin/categories.js
index 8951df0..515d530 100644
--- a/wp-admin/categories.js
+++ b/wp-admin/categories.js
@@ -2,7 +2,7 @@ addLoadEvent(function() {
 	if (!theList.theList) return false;
 	document.forms.addcat.submit.onclick = function(e) {return killSubmit('theList.ajaxAdder("cat", "addcat");', e); };
 	theList.addComplete = function(what, where, update, transport) {
-		var name = getNodeValue(transport.responseXML, 'name');
+		var name = getNodeValue(transport.responseXML, 'name').unescapeHTML();
 		var id = transport.responseXML.getElementsByTagName(what)[0].getAttribute('id');
 		var options = document.forms['addcat'].category_parent.options;
 		options[options.length] = new Option(name, id);
diff --git a/wp-admin/categories.php b/wp-admin/categories.php
index 5e77e0f..40bdbf9 100644
--- a/wp-admin/categories.php
+++ b/wp-admin/categories.php
@@ -118,6 +118,7 @@ cat_rows();
 </div>
 
 <?php include('edit-category-form.php'); ?>
+
 <?php endif; ?>
 
 <?php
diff --git a/wp-admin/comment.php b/wp-admin/comment.php
index 063b825..6c0872d 100644
--- a/wp-admin/comment.php
+++ b/wp-admin/comment.php
@@ -91,7 +91,7 @@ case 'mac':
 <?php if ( $comment->comment_author_url ) { ?>
 <tr>
 <th scope="row"><?php _e('URL:'); ?></th>
-<td><?php echo $comment->comment_author_url; ?></td>
+<td><?php echo "<a href='$comment->comment_author_url'>$comment->comment_author_url</a>"; ?></td>
 </tr>
 <?php } ?>
 <tr>
diff --git a/wp-admin/custom-header.php b/wp-admin/custom-header.php
index 5daad1e..d18ed87 100644
--- a/wp-admin/custom-header.php
+++ b/wp-admin/custom-header.php
@@ -23,6 +23,7 @@ class Custom_Image_Header {
 	function js() {
 
 		if ( isset( $_POST['textcolor'] ) ) {
+			check_admin_referer('custom-header');
 			if ( 'blank' == $_POST['textcolor'] ) {
 				set_theme_mod('header_textcolor', 'blank');
 			} else {
@@ -31,8 +32,10 @@ class Custom_Image_Header {
 					set_theme_mod('header_textcolor', $color);
 			}
 		}
-		if ( isset($_POST['resetheader']) )
+		if ( isset($_POST['resetheader']) ) {
+			check_admin_referer('custom-header');
 			remove_theme_mods();
+		}
 	?>
 <script type="text/javascript">
 
@@ -157,7 +160,7 @@ Event.observe( window, 'load', hide_text );
 <h2><?php _e('Your Header Image'); ?></h2>
 <p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p>
 
-<div id="headimg" style="background: url(<?php header_image() ?>) no-repeat;">
+<div id="headimg" style="background: url(<?php clean_url(header_image()) ?>) no-repeat;">
 <h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1>
 <div id="desc"><?php bloginfo('description');?></div>
 </div>
@@ -165,7 +168,8 @@ Event.observe( window, 'load', hide_text );
 <form method="post" action="<?php echo get_option('siteurl') ?>/wp-admin/themes.php?page=custom-header&amp;updated=true">
 <input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
 <input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
-<input type="hidden" name="textcolor" id="textcolor" value="#<?php header_textcolor() ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> &raquo;" /></form>
+<?php wp_nonce_field('custom-header') ?>
+<input type="hidden" name="textcolor" id="textcolor" value="#<?php attribute_escape(header_textcolor()) ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> &raquo;" /></form>
 <?php } ?>
 
 <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
@@ -177,6 +181,7 @@ Event.observe( window, 'load', hide_text );
 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
 <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
 <input type="hidden" name="action" value="save" />
+<?php wp_nonce_field('custom-header') ?>
 <p class="submit">
 <input type="submit" value="<?php _e('Upload'); ?> &raquo;" />
 </p>
@@ -189,6 +194,7 @@ Event.observe( window, 'load', hide_text );
 <h2><?php _e('Reset Header Image and Color'); ?></h2>
 <p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
 <form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
+<?php wp_nonce_field('custom-header'); ?>
 <input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" />
 </form>
 </div>
@@ -197,6 +203,7 @@ Event.observe( window, 'load', hide_text );
 	}
 
 	function step_2() {
+		check_admin_referer('custom-header');
 		$overrides = array('test_form' => false);
 		$file = wp_handle_upload($_FILES['import'], $overrides);
 
@@ -222,7 +229,7 @@ Event.observe( window, 'load', hide_text );
 		list($width, $height, $type, $attr) = getimagesize( $file );
 
 		if ( $width == HEADER_IMAGE_WIDTH && $height == HEADER_IMAGE_HEIGHT ) {
-			set_theme_mod('header_image', $url);
+			set_theme_mod('header_image', clean_url($url));
 			$header = apply_filters('wp_create_file_in_uploads', $file, $id); // For replication
 			return $this->finished();
 		} elseif ( $width > HEADER_IMAGE_WIDTH ) {
@@ -256,6 +263,7 @@ Event.observe( window, 'load', hide_text );
 <input type="hidden" name="height" id="height" />
 <input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo $id; ?>" />
 <input type="hidden" name="oitar" id="oitar" value="<?php echo $oitar; ?>" />
+<?php wp_nonce_field('custom-header') ?>
 <input type="submit" value="<?php _e('Crop Header &raquo;'); ?>" />
 </p>
 
@@ -265,6 +273,7 @@ Event.observe( window, 'load', hide_text );
 	}
 
 	function step_3() {
+		check_admin_referer('custom-header');
 		if ( $_POST['oitar'] > 1 ) {
 			$_POST['x1'] = $_POST['x1'] * $_POST['oitar'];
 			$_POST['y1'] = $_POST['y1'] * $_POST['oitar'];
diff --git a/wp-admin/dbx-admin-key.js b/wp-admin/dbx-admin-key.js
index 9ea666c..3b3f7af 100644
--- a/wp-admin/dbx-admin-key.js
+++ b/wp-admin/dbx-admin-key.js
@@ -1,4 +1,4 @@
-addLoadEvent( function() {var manager = new dbxManager( dbxL10n.mananger );} );
+addLoadEvent( function() {var manager = new dbxManager( dbxL10n.manager );} );
 
 addLoadEvent( function()
 {
diff --git a/wp-admin/edit-comments.js b/wp-admin/edit-comments.js
index 4dfe755..e1fc68f 100644
--- a/wp-admin/edit-comments.js
+++ b/wp-admin/edit-comments.js
@@ -2,15 +2,51 @@ addLoadEvent(function() {
 	theCommentList = new listMan('the-comment-list');
 	if ( !theCommentList )
 		return false;
+
+	theExtraCommentList = new listMan('the-extra-comment-list');
+	if ( theExtraCommentList ) {
+		theExtraCommentList.showLink = 0;
+		theExtraCommentList.altOffset = 1;
+		if ( theExtraCommentList.theList && theExtraCommentList.theList.childNodes )
+			var commentNum = $A(theExtraCommentList.theList.childNodes).findAll( function(i) { return Element.visible(i) } ).length;
+		else
+			var commentNum = 0;
+		var urlQ   = document.location.href.split('?');
+		var params = urlQ[1] ? urlQ[1].toQueryParams() : [];
+		var search = params['s'] ? params['s'] : '';
+		var page   = params['apage'] ? params['apage'] : 1;
+	}
+
 	theCommentList.dimComplete = function(what,id,dimClass) {
 		var m = document.getElementById('awaitmod');
-		if ( document.getElementById(what + '-' + id).className.match(dimClass) ) m.innerHTML = parseInt(m.innerHTML,10) + 1;
-		else m.innerHTML = parseInt(m.innerHTML,10) - 1;
+		if ( document.getElementById(what + '-' + id).className.match(dimClass) )
+			m.innerHTML = parseInt(m.innerHTML,10) + 1;
+		else
+			m.innerHTML = parseInt(m.innerHTML,10) - 1;
 	}
+
 	theCommentList.delComplete = function(what,id) {
 		var m = document.getElementById('awaitmod');
-		if ( document.getElementById(what + '-' + id).className.match('unapproved') ) m.innerHTML = parseInt(m.innerHTML,10) - 1;
+		what = what.split('-')[0];
+		if ( document.getElementById(what + '-' + id).className.match('unapproved') )
+			m.innerHTML = parseInt(m.innerHTML,10) - 1;
+		if ( theExtraCommentList && commentNum ) {
+			var theMover = theExtraCommentList.theList.childNodes[0];
+			Element.removeClassName(theMover,'alternate');
+			theCommentList.theList.appendChild(theMover);
+			theExtraCommentList.inputData += '&page=' + page;
+			if ( search )
+				theExtraCommentList.inputData += '&s=' + search; // trust the URL not the search box
+			theExtraCommentList.addComplete = function() {
+				if ( theExtraCommentList.theList.childNodes )
+					var commentNum = $A(theExtraCommentList.theList.childNodes).findAll( function(i) { return Element.visible(i) } ).length;
+				else
+					var commentNum = 0;
+			}
+			theExtraCommentList.ajaxAdder( 'comment', 'ajax-response' ); // Dummy Request
+		}
 	}
+
 	if ( theList ) // the post list: edit.php
 		theList.delComplete = function() {
 			var comments = document.getElementById('comments');
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index 0557270..bbd5e22 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -75,104 +75,53 @@ if ( !empty( $_POST['delete_comments'] ) ) :
 	echo '</p></div>';
 endif;
 
-if (isset($_GET['s'])) {
-	$s = $wpdb->escape($_GET['s']);
-	$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments  WHERE
-		(comment_author LIKE '%$s%' OR
-		comment_author_email LIKE '%$s%' OR
-		comment_author_url LIKE ('%$s%') OR
-		comment_author_IP LIKE ('%$s%') OR
-		comment_content LIKE ('%$s%') ) AND
-		comment_approved != 'spam'
-		ORDER BY comment_date DESC");
-} else {
-	if ( isset( $_GET['apage'] ) )
-		$page = (int) $_GET['apage'];
-	else
-		$page = 1;
-	$start = $offset = ( $page - 1 ) * 20;
+if ( isset( $_GET['apage'] ) )
+	$page = (int) $_GET['apage'];
+else
+	$page = 1;
 
-	$comments = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_approved = '0' OR comment_approved = '1' ORDER BY comment_date DESC LIMIT $start, 20" );
-	$total = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0' OR comment_approved = '1'" );
-}
-?>
-<?php if ( $total > 20 ) {
-$total_pages = ceil( $total / 20 );
-$r = '';
-if ( 1 < $page ) {
-	$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
-	$r .=  '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
-}
-if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
-	for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
-		if ( $page == $page_num ) :
-			$r .=  "<span>$page_num</span>\n";
-		else :
-			$p = false;
-			if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
-				$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
-				$r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
-				$in = true;
-			elseif ( $in == true ) :
-				$r .= "...\n";
-				$in = false;
-			endif;
-		endif;
-	endfor;
-}
-if ( ( $page ) * 20 < $total || -1 == $total ) {
-	$args['apage'] = $page + 1;
-	$r .=  '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
-}
-echo "<p class='pagenav'>$r</p>";
-?>
+$start = $offset = ( $page - 1 ) * 20;
 
-<?php } ?>
+list($_comments, $total) = _wp_get_comment_list( isset($_GET['s']) ? $_GET['s'] : false, $start, 25 ); // Grab a few extra
+
+$comments = array_slice($_comments, 0, 20);
+$extra_comments = array_slice($_comments, 20);
+
+$page_links = paginate_links( array(
+	'base' => add_query_arg( 'apage', '%_%' ), 
+	'format' => '',
+	'total' => ceil($total / 20),
+	'current' => $page
+));
+
+if ( $page_links )
+	echo "<p class='pagenav'>$page_links</p>";
 
-<?php
 if ('view' == $mode) {
 	if ($comments) {
-?>
-<?php
-$offset = $offset + 1;
-$start = " start='$offset'";
+		$offset = $offset + 1;
+		$start = " start='$offset'";
 
-		echo "<ol id='the-comment-list' class='commentlist' $start>";
+		echo "<ol id='the-comment-list' class='commentlist' $start>\n";
 		$i = 0;
-		foreach ($comments as $comment) {
-		++$i; $class = '';
-		$authordata = get_userdata($wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $comment->comment_post_ID"));
-			$comment_status = wp_get_comment_status($comment->comment_ID);
-			if ('unapproved' == $comment_status)
-				$class .= ' unapproved';
-			if ($i % 2)
-				$class .= ' alternate';
-			echo "<li id='comment-$comment->comment_ID' class='$class'>";
-?>
-<p><strong><?php comment_author() ?></strong> <?php if ($comment->comment_author_email) { ?>| <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url) { ?> | <?php comment_author_url_link() ?> <?php } ?>| <?php _e('IP:') ?> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></p>
-
-<?php comment_text() ?>
+		foreach ( $comments as $comment ) {
+			get_comment( $comment ); // Cache it
+			_wp_comment_list_item( $comment->comment_ID, ++$i );
+		}
+		echo "</ol>\n\n";
 
-<p><?php comment_date(__('M j, g:i A'));  ?> &#8212; [
+if ( $extra_comments ) : ?>
+<div id="extra-comments" style="display:none">
+<ul id="the-extra-comment-list" class="commentlist">
 <?php
-if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
-	echo " <a href='comment.php?action=editcomment&amp;c=".$comment->comment_ID."'>" .  __('Edit') . '</a>';
-	echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
-	if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
-		echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
-		echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
+	foreach ( $extra_comments as $comment ) {
+		get_comment( $comment ); // Cache it
+		_wp_comment_list_item( $comment->comment_ID, ++$i );
 	}
-	echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), $comment->comment_author))  . "', theCommentList );\">" . __('Spam') . "</a> ";
-}
-$post = get_post($comment->comment_post_ID);
-$post_title = wp_specialchars( $post->post_title, 'double' );
-$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
 ?>
- ] &#8212; <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php echo $post_title; ?></a></p>
-		</li>
-
-<?php } // end foreach($comment) ?>
-</ol>
+</ul>
+</div>
+<?php endif; // $extra_comments ?>
 
 <div id="ajax-response"></div>
 
@@ -208,7 +157,7 @@ $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
 		$class .= ('unapproved' == $comment_status) ? ' unapproved' : '';
 ?>
   <tr id="comment-<?php echo $comment->comment_ID; ?>" class='<?php echo $class; ?>'>
-    <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td>
+    <td style="text-align: center"><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td>
     <td><?php comment_author_link() ?></td>
     <td><?php comment_author_email_link() ?></td>
     <td><a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></td>
@@ -242,39 +191,11 @@ $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
 <?php
 	} // end if ($comments)
 }
-	?>
-<?php if ( $total > 20 ) {
-$total_pages = ceil( $total / 20 );
-$r = '';
-if ( 1 < $page ) {
-	$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
-	$r .=  '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
-}
-if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
-	for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
-		if ( $page == $page_num ) :
-			$r .=  "<span>$page_num</span>\n";
-		else :
-			$p = false;
-			if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
-				$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
-				$r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
-				$in = true;
-			elseif ( $in == true ) :
-				$r .= "...\n";
-				$in = false;
-			endif;
-		endif;
-	endfor;
-}
-if ( ( $page ) * 20 < $total || -1 == $total ) {
-	$args['apage'] = $page + 1;
-	$r .=  '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
-}
-echo "<p class='pagenav'>$r</p>";
-?>
 
-<?php } ?>
+if ( $page_links )
+	echo "<p class='pagenav'>$page_links</p>";
+
+?>
 
 </div>
 
diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php
index cdf467a..b934ed8 100644
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -144,7 +144,14 @@ endforeach;
 </fieldset>
 
 <fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
-<legend><?php _e('Post') ?></legend>
+<legend><?php _e('Post') ?>
+
+<?php if ( 'publish' == $post->post_status ) { ?>
+<a href="<?php echo clean_url(get_permalink($post->ID)); ?>" class="view-link" target="_blank"><?php _e('View &raquo;'); ?></a>
+<?php } elseif ( 'edit' == $action ) { ?>
+<a href="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" class="view-link" target="_blank"><?php _e('Preview &raquo;'); ?></a>
+<?php } ?>
+</legend>
 
 	<?php the_editor($post->post_content); ?>
 </fieldset>
@@ -183,7 +190,7 @@ if (current_user_can('upload_files')) {
 	$uploading_iframe_src = wp_nonce_url("upload.php?style=inline&amp;tab=upload&amp;post_id=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )
-		echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+		echo '<iframe id="uploading" name="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
 }
 ?>
 
diff --git a/wp-admin/edit-form-comment.php b/wp-admin/edit-form-comment.php
index 92897b2..3e278bc 100644
--- a/wp-admin/edit-form-comment.php
+++ b/wp-admin/edit-form-comment.php
@@ -32,7 +32,7 @@ addLoadEvent(focusit);
 <fieldset id="uridiv">
         <legend><label for="newcomment_author_url"><?php _e('URL:') ?></label></legend>
 		<div>
-		  <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" id="URL" />
+		  <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" />
     </div>
 </fieldset>
 
diff --git a/wp-admin/edit-link-form.php b/wp-admin/edit-link-form.php
index 41381d9..4e0eece 100644
--- a/wp-admin/edit-link-form.php
+++ b/wp-admin/edit-link-form.php
@@ -80,15 +80,15 @@ function xfn_check($class, $value = '', $type = 'check') {
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
 <th scope="row" valign="top"><label for="link_name"><?php _e('Name:') ?></label></th>
-<td><input type="text" name="link_name" value="<?php echo $link->link_name; ?>" style="width: 95%" /></td>
+<td><input type="text" name="link_name" id="link_name" value="<?php echo $link->link_name; ?>" style="width: 95%" /></td>
 </tr>
 <tr>
 <th width="20%" scope="row" valign="top"><label for="link_url"><?php _e('Address:') ?></label></th>
-<td width="80%"><input type="text" name="link_url" value="<?php echo $link->link_url; if ( empty( $link->link_url ) ) echo 'http://'; ?>" style="width: 95%" /></td>
+<td width="80%"><input type="text" name="link_url" id="link_url" value="<?php echo $link->link_url; if ( empty( $link->link_url ) ) echo 'http://'; ?>" style="width: 95%" /></td>
 </tr>
 <tr>
 <th scope="row" valign="top"><label for="link_description"><?php _e('Description:') ?></label></th>
-<td><input type="text" name="link_description" value="<?php echo $link->link_description; ?>" style="width: 95%" /></td>
+<td><input type="text" name="link_description" id="link_description" value="<?php echo $link->link_description; ?>" style="width: 95%" /></td>
 </tr>
 </table>
 
diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php
index f55f733..f7083fd 100644
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@@ -131,7 +131,14 @@ endforeach;
 
 
 <fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
-    <legend><?php _e('Page Content') ?></legend>
+<legend><?php _e('Page Content') ?>
+
+<?php if ( 'publish' == $post->post_status ) { ?>
+<a href="<?php echo clean_url(get_permalink($post->ID)); ?>" style="position: absolute; right: 2em; margin-right: 19em; text-decoration: underline;" target="_blank"><?php _e('View &raquo;'); ?></a>
+<?php } elseif ( 'edit' == $action ) { ?>
+<a href="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" style="position: absolute; right: 2em; margin-right: 19em; text-decoration: underline;" target="_blank"><?php _e('Preview &raquo;'); ?></a>
+<?php } ?>
+</legend>
 	<?php the_editor($post->post_content); ?>
 </fieldset>
 
@@ -156,7 +163,7 @@ if (current_user_can('upload_files')) {
 	$uploading_iframe_src = wp_nonce_url("upload.php?style=inline&amp;tab=upload&amp;post_id=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )
-		echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+		echo '<iframe id="uploading" name="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
 }
 ?>
 
diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php
index 627a031..3218a1f 100644
--- a/wp-admin/edit-pages.php
+++ b/wp-admin/edit-pages.php
@@ -10,14 +10,16 @@ require_once('admin-header.php');
 <h2><?php _e('Page Management'); ?></h2>
 <p><?php _e('Pages are like posts except they live outside of the normal blog chronology and can be hierarchical. You can use pages to organize and manage any amount of content.'); ?> <a href="page-new.php"><?php _e('Create a new page &raquo;'); ?></a></p>
 
-<form name="searchform" action="" method="get">
+<form name="searchform" id="searchform" action="" method="get">
 	<fieldset>
 	<legend><?php _e('Search Pages&hellip;') ?></legend>
-	<input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" />
+	<input type="text" name="s" id="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" />
 	<input type="submit" name="submit" value="<?php _e('Search') ?>"  />
 	</fieldset>
 </form>
 
+<br style="clear:both;" />
+
 <?php
 wp('post_type=page&orderby=menu_order&what_to_show=posts&posts_per_page=-1&posts_per_archive_page=-1&order=asc');
 
diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index 47f5ad8..fcb01a1 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -76,7 +76,7 @@ if ( is_month() ) {
 <form name="searchform" id="searchform" action="" method="get">
   <fieldset> 
   <legend><?php _e('Search Posts&hellip;') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 
+  <input type="text" name="s" id="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>" class="button" /> 
   </fieldset>
 </form>
@@ -196,7 +196,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 	case 'comments':
 		?>
 		<td style="text-align: center">
-			<?php comments_number(__('0'), "<a href='edit.php?p=$id&amp;c=1'>" . __('1') . '</a>', "<a href='edit.php?p=$id&amp;c=1'>" . __('%') . '</a>') ?>
+			<?php comments_number("<a href='edit.php?p=$id&amp;c=1'>" . __('0') . '</a>', "<a href='edit.php?p=$id&amp;c=1'>" . __('1') . '</a>', "<a href='edit.php?p=$id&amp;c=1'>" . __('%') . '</a>') ?>
 			</td>
 		<?php
 		break;
diff --git a/wp-admin/export.php b/wp-admin/export.php
index b763412..51e007a 100644
--- a/wp-admin/export.php
+++ b/wp-admin/export.php
@@ -123,22 +123,30 @@ function wxr_category_description($c) {
 
 	echo '<wp:category_description>' . wxr_cdata($c->category_description) . '</wp:category_description>';
 }
+
+print '<?xml version="1.0" encoding="' . get_bloginfo('charset') . '"?' . ">\n";
+
 ?>
-<!-- This is a WordPress eXtended RSS file generated by WordPress as an export of your blog. -->
-<!-- It contains information about your blog's posts, comments, and categories. -->
-<!-- You may use this file to transfer that content from one site to another. -->
-<!-- This file is not intended to serve as a complete backup of your blog. -->
-
-<!-- To import this information into a WordPress blog follow these steps. -->
-<!-- 1. Log into that blog as an administrator. -->
-<!-- 2. Go to Manage: Import in the blog's admin panels. -->
-<!-- 3. Choose "WordPress" from the list. -->
-<!-- 4. Upload this file using the form provided on that page. -->
-<!-- 5. You will first be asked to map the authors in this export file to users -->
-<!--    on the blog.  For each author, you may choose to map to an -->
-<!--    existing user on the blog or to create a new user -->
-<!-- 6. WordPress will then import each of the posts, comments, and categories -->
-<!--    contained in this file into your blog -->
+
+<!--
+	This is a WordPress eXtended RSS file generated by WordPress as an export of 
+	your blog. It contains information about your blog's posts, comments, and 
+	categories. You may use this file to transfer that content from one site to 
+	another. This file is not intended to serve as a complete backup of your 
+	blog.
+	
+	To import this information into a WordPress blog follow these steps:
+	
+	1.	Log into that blog as an administrator.
+	2.	Go to Manage > Import in the blog's admin.
+	3.	Choose "WordPress" from the list of importers.
+	4.	Upload this file using the form provided on that page.
+	5.	You will first be asked to map the authors in this export file to users 
+		on the blog. For each author, you may choose to map an existing user on 
+		the blog or to create a new user.
+	6.	WordPress will then import each of the posts, comments, and categories 
+		contained in this file onto your blog.
+-->
 
 <!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H:m'); ?>"-->
 <rss version="2.0"
@@ -178,6 +186,7 @@ function wxr_category_description($c) {
 <wp:post_name><?php echo $post->post_name; ?></wp:post_name>
 <wp:status><?php echo $post->post_status; ?></wp:status>
 <wp:post_parent><?php echo $post->post_parent; ?></wp:post_parent>
+<wp:menu_order><?php echo $post->menu_order; ?></wp:menu_order>
 <wp:post_type><?php echo $post->post_type; ?></wp:post_type>
 <?php
 $postmeta = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE post_id = $post->ID");
diff --git a/wp-admin/images/heading-bg.gif b/wp-admin/images/heading-bg.gif
new file mode 100644
index 0000000..bea18ca
Binary files /dev/null and b/wp-admin/images/heading-bg.gif differ
diff --git a/wp-admin/import.php b/wp-admin/import.php
index e808c92..8c46046 100644
--- a/wp-admin/import.php
+++ b/wp-admin/import.php
@@ -17,10 +17,11 @@ $import_root = ABSPATH.$import_loc;
 $imports_dir = @ dir($import_root);
 if ($imports_dir) {
 	while (($file = $imports_dir->read()) !== false) {
-		if (preg_match('|^\.+$|', $file))
+		if ($file{0} == '.') {
 			continue;
-		if (preg_match('|\.php$|', $file))
-			require_once("$import_root/$file");
+		} elseif (substr($file, -4) == '.php') {
+			require_once($import_root . '/' . $file);
+		}
 	}
 }
 
diff --git a/wp-admin/import/blogger.php b/wp-admin/import/blogger.php
index fdc6004..4ad7a97 100644
--- a/wp-admin/import/blogger.php
+++ b/wp-admin/import/blogger.php
@@ -743,10 +743,11 @@ class Blogger_Import {
 
 	// Step 9: Congratulate the user
 	function congrats() {
+		$blog = (int) $_GET['blog'];
 		echo '<h1>'.__('Congratulations!').'</h1><p>'.__('Now that you have imported your Blogger blog into WordPress, what are you going to do? Here are some suggestions:').'</p><ul><li>'.__('That was hard work! Take a break.').'</li>';
 		if ( count($this->import['blogs']) > 1 )
 			echo '<li>'.__('In case you haven\'t done it already, you can import the posts from your other blogs:'). $this->show_blogs() . '</li>';
-		if ( $n = count($this->import['blogs'][$_GET['blog']]['newusers']) )
+		if ( $n = count($this->import['blogs'][$blog]['newusers']) )
 			echo '<li>'.sprintf(__('Go to <a href="%s" target="%s">Authors &amp; Users</a>, where you can modify the new user(s) or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.'), 'users.php', '_parent').'</li>';
 		echo '<li>'.__('For security, click the link below to reset this importer.').'</li>';
 		echo '</ul>';
@@ -765,6 +766,7 @@ class Blogger_Import {
 
 		if ( isset( $_REQUEST['blog'] ) ) {
 			$blog = is_array($_REQUEST['blog']) ? array_shift( array_keys( $_REQUEST['blog'] ) ) : $_REQUEST['blog'];
+			$blog = (int) $blog;
 			$this->import_blog( $blog );
 		} elseif ( isset($_GET['token']) )
 			$this->auth();
diff --git a/wp-admin/import/dotclear.php b/wp-admin/import/dotclear.php
index 9a32e3a..661e1a0 100644
--- a/wp-admin/import/dotclear.php
+++ b/wp-admin/import/dotclear.php
@@ -147,8 +147,9 @@ class Dotclear_Import {
 		echo '<div class="narrow"><p>'.__('Howdy! This importer allows you to extract posts from a DotClear database into your blog.  Mileage may vary.').'</p>';
 		echo '<p>'.__('Your DotClear Configuration settings are as follows:').'</p>';
 		echo '<form action="admin.php?import=dotclear&amp;step=1" method="post">';
+		wp_nonce_field('import-dotclear');
 		$this->db_form();
-		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Import Categories').' &raquo;" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
 		echo '</form></div>';
 	}
 
@@ -558,7 +559,8 @@ class Dotclear_Import {
 
 
 		echo '<form action="admin.php?import=dotclear&amp;step=2" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
 		echo '</form>';
 
 	}
@@ -570,7 +572,8 @@ class Dotclear_Import {
 		$this->users2wp($users);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=3" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
 		echo '</form>';
 	}
 
@@ -581,7 +584,8 @@ class Dotclear_Import {
 		$this->posts2wp($posts);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=4" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
 		echo '</form>';
 	}
 
@@ -592,7 +596,8 @@ class Dotclear_Import {
 		$this->comments2wp($comments);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=5" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
 		echo '</form>';
 	}
 
@@ -604,7 +609,8 @@ class Dotclear_Import {
 		add_option('dc_links', $links);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=6" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
 		echo '</form>';
 	}
 
@@ -667,42 +673,44 @@ class Dotclear_Import {
 
 		if ( $step > 0 )
 		{
+			check_admin_referer('import-dotclear');
+
 			if($_POST['dbuser'])
 			{
 				if(get_option('dcuser'))
 					delete_option('dcuser');
-				add_option('dcuser',$_POST['dbuser']);
+				add_option('dcuser', sanitize_user($_POST['dbuser'], true));
 			}
 			if($_POST['dbpass'])
 			{
 				if(get_option('dcpass'))
 					delete_option('dcpass');
-				add_option('dcpass',$_POST['dbpass']);
+				add_option('dcpass', sanitize_user($_POST['dbpass'], true));
 			}
 
 			if($_POST['dbname'])
 			{
 				if(get_option('dcname'))
 					delete_option('dcname');
-				add_option('dcname',$_POST['dbname']);
+				add_option('dcname', sanitize_user($_POST['dbname'], true));
 			}
 			if($_POST['dbhost'])
 			{
 				if(get_option('dchost'))
 					delete_option('dchost');
-				add_option('dchost',$_POST['dbhost']);
+				add_option('dchost', sanitize_user($_POST['dbhost'], true));
 			}
 			if($_POST['dccharset'])
 			{
 				if(get_option('dccharset'))
 					delete_option('dccharset');
-				add_option('dccharset',$_POST['dccharset']);
+				add_option('dccharset', sanitize_user($_POST['dccharset'], true));
 			}
 			if($_POST['dbprefix'])
 			{
 				if(get_option('dcdbprefix'))
 					delete_option('dcdbprefix');
-				add_option('dcdbprefix',$_POST['dbprefix']);
+				add_option('dcdbprefix', sanitize_user($_POST['dbprefix'], true));
 			}
 
 
diff --git a/wp-admin/import/greymatter.php b/wp-admin/import/greymatter.php
index 9203ff7..4305cd1 100644
--- a/wp-admin/import/greymatter.php
+++ b/wp-admin/import/greymatter.php
@@ -34,6 +34,7 @@ class GM_Import {
 <form name="stepOne" method="get">
 <input type="hidden" name="import" value="greymatter" />
 <input type="hidden" name="step" value="1" />
+<?php wp_nonce_field('import-greymatter'); ?>
 <h3><?php _e('Second step: GreyMatter details:') ?></h3>
 <p><table cellpadding="0">
 <tr>
@@ -87,10 +88,12 @@ class GM_Import {
 		}
 
 		if (!chdir($archivespath))
-			wp_die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $archivespath));
+			wp_die(__("Wrong path, the path to the GM entries does not exist on the server"));
 
 		if (!chdir($gmpath))
-			wp_die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $gmpath));
+			wp_die(__("Wrong path, the path to the GM files does not exist on the server"));
+
+		$lastentry = (int) $lastentry;
 
 		$this->header();
 ?>
@@ -297,6 +300,7 @@ class GM_Import {
 				$this->greet();
 				break;
 			case 1:
+				check_admin_referer('import-greymatter');
 				$this->import();
 				break;
 		}
diff --git a/wp-admin/import/livejournal.php b/wp-admin/import/livejournal.php
index 690005b..c3b821a 100644
--- a/wp-admin/import/livejournal.php
+++ b/wp-admin/import/livejournal.php
@@ -49,7 +49,7 @@ class LJ_Import {
 
 			preg_match('|<eventtime>(.*?)</eventtime>|is', $post, $post_date);
 			$post_date = strtotime($post_date[1]);
-			$post_date = gmdate('Y-m-d H:i:s', $post_date);
+			$post_date = date('Y-m-d H:i:s', $post_date);
 
 			preg_match('|<event>(.*?)</event>|is', $post, $post_content);
 			$post_content = str_replace(array ('<![CDATA[', ']]>'), '', trim($post_content[1]));
@@ -153,6 +153,7 @@ class LJ_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->import();
 				break;
 		}
diff --git a/wp-admin/import/mt.php b/wp-admin/import/mt.php
index 1effb5c..cd60654 100644
--- a/wp-admin/import/mt.php
+++ b/wp-admin/import/mt.php
@@ -130,6 +130,7 @@ class MT_Import {
 		$authors = $this->get_mt_authors();
 		echo '<ol id="authors">';
 		echo '<form action="?import=mt&amp;step=2&amp;id=' . $this->id . '" method="post">';
+		wp_nonce_field('import-mt');
 		$j = -1;
 		foreach ($authors as $author) {
 			++ $j;
@@ -400,9 +401,11 @@ class MT_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->select_authors();
 				break;
 			case 2:
+				check_admin_referer('import-mt');
 				$this->import();
 				break;
 		}
diff --git a/wp-admin/import/rss.php b/wp-admin/import/rss.php
index 944b297..f46caa1 100644
--- a/wp-admin/import/rss.php
+++ b/wp-admin/import/rss.php
@@ -156,6 +156,7 @@ class RSS_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->import();
 				break;
 		}
diff --git a/wp-admin/import/textpattern.php b/wp-admin/import/textpattern.php
index db60e15..286d74a 100644
--- a/wp-admin/import/textpattern.php
+++ b/wp-admin/import/textpattern.php
@@ -56,8 +56,9 @@ class Textpattern_Import {
 		echo '<p>'.__('This has not been tested on previous versions of Textpattern.  Mileage may vary.').'</p>';
 		echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>';
 		echo '<form action="admin.php?import=textpattern&amp;step=1" method="post">';
+		wp_nonce_field('import-textpattern');
 		$this->db_form();
-		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Import Categories').' &raquo;" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
@@ -483,7 +484,8 @@ class Textpattern_Import {
 
 
 		echo '<form action="admin.php?import=textpattern&amp;step=2" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
 		echo '</form>';
 
 	}
@@ -495,7 +497,8 @@ class Textpattern_Import {
 		$this->users2wp($users);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=3" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
 		echo '</form>';
 	}
 
@@ -506,7 +509,8 @@ class Textpattern_Import {
 		$this->posts2wp($posts);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=4" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
 		echo '</form>';
 	}
 
@@ -517,7 +521,8 @@ class Textpattern_Import {
 		$this->comments2wp($comments);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=5" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
 		echo '</form>';
 	}
 
@@ -529,7 +534,8 @@ class Textpattern_Import {
 		add_option('txp_links', $links);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=6" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
 		echo '</form>';
 	}
 
@@ -553,11 +559,11 @@ class Textpattern_Import {
 	{
 		echo '<p>'.__('Welcome to WordPress.  We hope (and expect!) that you will find this platform incredibly rewarding!  As a new WordPress user coming from Textpattern, there are some things that we would like to point out.  Hopefully, they will help your transition go as smoothly as possible.').'</p>';
 		echo '<h3>'.__('Users').'</h3>';
-		echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password.  Forget it.  You didn\'t have that login in Textpattern, why should you have it here?  Instead we have taken care to import all of your users into our system.  Unfortunately there is one downside.  Because both WordPress and Textpattern uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users.  <strong>Every user has the same username, but their passwords are reset to password123.</strong>  So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>';
+		echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password.  Forget it.  You didn&#8217;t have that login in Textpattern, why should you have it here?  Instead we have taken care to import all of your users into our system.  Unfortunately there is one downside.  Because both WordPress and Textpattern uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users.  <strong>Every user has the same username, but their passwords are reset to password123.</strong>  So <a href="%1$s">Login</a> and change it.'), get_bloginfo( 'wpurl' ) . '/wp-login.php').'</p>';
 		echo '<h3>'.__('Preserving Authors').'</h3>';
 		echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
 		echo '<h3>'.__('Textile').'</h3>';
-		echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+		echo '<p>'.__('Also, since you&#8217;re coming from Textpattern, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You&#8217;ll want it.').'</p>';
 		echo '<h3>'.__('WordPress Resources').'</h3>';
 		echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
 		echo '<ul>';
@@ -565,7 +571,7 @@ class Textpattern_Import {
 		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
 		echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
 		echo '</ul>';
-		echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
+		echo '<p>'.sprintf(__('That&#8217;s it! What are you waiting for? Go <a href="%1$s">login</a>!'), get_bloginfo( 'wpurl' ) . '/wp-login.php').'</p>';
 	}
 
 	function db_form()
@@ -590,36 +596,38 @@ class Textpattern_Import {
 
 		if ( $step > 0 )
 		{
+			check_admin_referer('import-textpattern');
+
 			if($_POST['dbuser'])
 			{
 				if(get_option('txpuser'))
 					delete_option('txpuser');
-				add_option('txpuser',$_POST['dbuser']);
+				add_option('txpuser', sanitize_user($_POST['dbuser'], true));
 			}
 			if($_POST['dbpass'])
 			{
 				if(get_option('txppass'))
 					delete_option('txppass');
-				add_option('txppass',$_POST['dbpass']);
+				add_option('txppass',  sanitize_user($_POST['dbpass'], true));
 			}
 
 			if($_POST['dbname'])
 			{
 				if(get_option('txpname'))
 					delete_option('txpname');
-				add_option('txpname',$_POST['dbname']);
+				add_option('txpname',  sanitize_user($_POST['dbname'], true));
 			}
 			if($_POST['dbhost'])
 			{
 				if(get_option('txphost'))
 					delete_option('txphost');
-				add_option('txphost',$_POST['dbhost']);
+				add_option('txphost',  sanitize_user($_POST['dbhost'], true));
 			}
 			if($_POST['dbprefix'])
 			{
 				if(get_option('tpre'))
 					delete_option('tpre');
-				add_option('tpre',$_POST['dbprefix']);
+				add_option('tpre',  sanitize_user($_POST['dbprefix']));
 			}
 
 
diff --git a/wp-admin/import/utw.php b/wp-admin/import/utw.php
new file mode 100644
index 0000000..824ba50
--- /dev/null
+++ b/wp-admin/import/utw.php
@@ -0,0 +1,270 @@
+<?php
+
+class UTW_Import {
+	
+	function header()  {
+		echo '<div class="wrap">';
+		echo '<h2>'.__('Import Ultimate Tag Warrior').'</h2>';
+		echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'<br /><br /></p>';
+	}
+
+	function footer() {
+		echo '</div>';
+	}
+
+	function greet() {
+		echo '<div class="narrow">';
+		echo '<p>'.__('Howdy! This imports tags from an existing Ultimate Tag Warrior 3 installation into this blog using the new WordPress native tagging structure.').'</p>';
+		echo '<p>'.__('This has not been tested on any other versions of Ultimate Tag Warrior. Mileage may vary.').'</p>';
+		echo '<p>'.__('To accommodate larger databases for those tag-crazy authors out there, we have made this into an easy 5-step program to help you kick that nasty UTW habit. Just keep clicking along and we will let you know when you are in the clear!').'</p>';
+		echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
+		echo '<form action="admin.php?import=utw&amp;step=1" method="post">';
+		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 1 &raquo;').'" /></p>';
+		echo '</form>';
+		echo '</div>';
+	}
+	
+	
+	function dispatch () {
+		if ( empty( $_GET['step'] ) ) {
+			$step = 0;
+		} else {
+			$step = (int) $_GET['step'];
+		}
+		
+		// load the header
+		$this->header();
+		
+		switch ( $step ) {
+			case 0 :
+				$this->greet();
+				break;
+			case 1 :
+				$this->import_tags();
+				break;
+			case 2 :
+				$this->import_posts();
+				break;
+			case 3:
+				$this->import_t2p();
+				break;
+			case 4:
+				$this->cleanup_import();
+				break;
+		}
+		
+		// load the footer
+		$this->footer();
+	}
+	
+	
+	function import_tags ( ) {
+		echo '<div class="narrow">';
+		echo '<p><h3>'.__('Reading UTW Tags&#8230;').'</h3></p>';
+		
+		$tags = $this->get_utw_tags();
+		
+		// if we didn't get any tags back, that's all there is folks!
+		if ( !is_array($tags) ) {
+			echo '<p>' . __('No Tags Found!') . '</p>';
+			return false;
+		}
+		else {
+
+			// if there's an existing entry, delete it
+			if ( get_option('utwimp_tags') ) {
+				delete_option('utwimp_tags');
+			}
+
+			add_option('utwimp_tags', $tags);
+			
+
+			$count = count($tags);
+			
+			echo '<p>' . sprintf( __('Done! <strong>%s</strong> tags were read.'), $count ) . '<br /></p>';
+			echo '<p>' . __('The following tags were found:') . '</p>';
+			
+			echo '<ul>';
+			
+			foreach ( $tags as $tag_id => $tag_name ) {
+				
+				echo '<li>' . $tag_name . '</li>';
+				
+			}
+			
+			echo '</ul>';
+			
+			echo '<br />';
+			
+			echo '<p>' . __('If you don&#8217;t want to import any of these tags, you should delete them from the UTW tag management page and then re-run this import.') . '</p>';
+			
+			
+		}
+		
+		echo '<form action="admin.php?import=utw&amp;step=2" method="post">';
+		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 2 &raquo;').'" /></p>';
+		echo '</form>';
+		echo '</div>';
+	}
+	
+	
+	function import_posts ( ) {
+		echo '<div class="narrow">';
+		echo '<p><h3>'.__('Reading UTW Post Tags&#8230;').'</h3></p>';
+
+		// read in all the UTW tag -> post settings
+		$posts = $this->get_utw_posts();
+
+		// if we didn't get any tags back, that's all there is folks!
+		if ( !is_array($posts) ) {
+			echo '<p>' . __('No posts were found to have tags!') . '</p>';
+			return false;
+		}
+		else {
+
+			// if there's an existing entry, delete it
+			if ( get_option('utwimp_posts') ) {
+				delete_option('utwimp_posts');
+			}
+
+			add_option('utwimp_posts', $posts);
+				
+
+			$count = count($posts);
+				
+			echo '<p>' . sprintf( __('Done! <strong>%s</strong> tag to post relationships were read.'), $count ) . '<br /></p>';
+				
+		}
+
+		echo '<form action="admin.php?import=utw&amp;step=3" method="post">';
+		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 3 &raquo;').'" /></p>';
+		echo '</form>';
+		echo '</div>';
+
+	}
+	
+	
+	function import_t2p ( ) {
+
+		echo '<div class="narrow">';
+		echo '<p><h3>'.__('Adding Tags to Posts&#8230;').'</h3></p>';
+
+		// run that funky magic!
+		$tags_added = $this->tag2post();
+		
+		echo '<p>' . sprintf( __('Done! <strong>%s</strong> tags where added!'), $tags_added ) . '<br /></p>';
+
+		echo '<form action="admin.php?import=utw&amp;step=4" method="post">';
+		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 4 &raquo;').'" /></p>';
+		echo '</form>';
+		echo '</div>';
+
+	}
+	
+	
+	function get_utw_tags ( ) {
+	
+		global $wpdb;
+		
+		// read in all the tags from the UTW tags table: should be wp_tags
+		$tags_query = "SELECT tag_id, tag FROM " . $wpdb->prefix . "tags";
+		
+		$tags = $wpdb->get_results($tags_query);
+		
+		// rearrange these tags into something we can actually use
+		foreach ( $tags as $tag ) {
+			
+			$new_tags[$tag->tag_id] = $tag->tag;
+			
+		}
+		
+		return $new_tags;
+
+	}
+	
+	function get_utw_posts ( ) {
+		
+		global $wpdb;
+		
+		// read in all the posts from the UTW post->tag table: should be wp_post2tag
+		$posts_query = "SELECT tag_id, post_id FROM " . $wpdb->prefix . "post2tag";
+		
+		$posts = $wpdb->get_results($posts_query);
+		
+		return $posts;
+		
+	}
+	
+	
+	function tag2post ( ) {
+		
+		// get the tags and posts we imported in the last 2 steps
+		$tags = get_option('utwimp_tags');
+		$posts = get_option('utwimp_posts');
+		
+		// null out our results
+		$tags_added = 0;
+		
+		// loop through each post and add its tags to the db
+		foreach ( $posts as $this_post ) {
+			
+			$the_post = (int) $this_post->post_id;
+			$the_tag = (int) $this_post->tag_id;
+			
+			// what's the tag name for that id?
+			$the_tag = $tags[$the_tag];
+			
+			// screw it, just try to add the tag
+			wp_add_post_tags($the_post, $the_tag);
+
+			$tags_added++;
+			
+		}
+		
+		// that's it, all posts should be linked to their tags properly, pending any errors we just spit out!
+		return $tags_added;
+		
+		
+	}
+	
+	
+	function cleanup_import ( ) {
+		
+		delete_option('utwimp_tags');
+		delete_option('utwimp_posts');
+		
+		$this->done();
+		
+	}
+	
+	
+	function done ( ) {
+		
+		echo '<div class="narrow">';
+		echo '<p><h3>'.__('Import Complete!').'</h3></p>';
+		
+		echo '<p>' . __('OK, so we lied about this being a 5-step program! You&#8217;re done!') . '</p>';
+		
+		echo '<p>' . __('Now wasn&#8217;t that easy?') . '</p>';
+		
+		echo '</div>';
+		
+	}
+	
+
+	function UTW_Import ( ) {
+		
+		// Nothing.
+		
+	}
+	
+}
+
+
+// create the import object
+$utw_import = new UTW_Import();
+
+// add it to the import page!
+register_importer('utw', 'Ultimate Tag Warrior', __('Import Ultimate Tag Warrior tags into the new native tagging structure.'), array($utw_import, 'dispatch'));
+
+?>
\ No newline at end of file
diff --git a/wp-admin/import/wordpress.php b/wp-admin/import/wordpress.php
index 90b616b..fa0d194 100644
--- a/wp-admin/import/wordpress.php
+++ b/wp-admin/import/wordpress.php
@@ -3,6 +3,8 @@
 class WP_Import {
 
 	var $posts = array ();
+	var $posts_processed = array ();
+    // Array of arrays. [[0] => XML fragment, [1] => New post ID]
 	var $file;
 	var $id;
 	var $mtnames = array ();
@@ -33,8 +35,9 @@ class WP_Import {
 	}
 
 	function get_tag( $string, $tag ) {
+		global $wpdb;
 		preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
-		$return = addslashes( trim( $return[1] ) );
+		$return = $wpdb->escape( trim( $return[1] ) );
 		return $return;
 	}
 
@@ -65,13 +68,40 @@ class WP_Import {
 
 	function get_entries() {
 		set_magic_quotes_runtime(0);
-		$importdata = file($this->file); // Read the file into an array
-		$importdata = implode('', $importdata); // squish it
-		$importdata = preg_replace("/(\r\n|\n|\r)/", "\n", $importdata);
-		preg_match_all('|<item>(.*?)</item>|is', $importdata, $this->posts);
-		$this->posts = $this->posts[1];
-		preg_match_all('|<wp:category>(.*?)</wp:category>|is', $importdata, $this->categories);
-		$this->categories = $this->categories[1];
+		$importdata = array_map('rtrim', file($this->file)); // Read the file into an array
+
+		$this->posts = array();
+		$this->categories = array();
+		$num = 0;
+		$doing_entry = false;
+		foreach ($importdata as $importline) {
+			if ( false !== strpos($importline, '<wp:category>') ) {
+				preg_match('|<wp:category>(.*?)</wp:category>|is', $importline, $category);
+				$this->categories[] = $category[1];
+				continue;
+			}
+			if ( false !== strpos($importline, '<item>') ) {
+				$this->posts[$num] = '';
+				$doing_entry = true;
+				continue;	
+			}
+			if ( false !== strpos($importline, '</item>') ) {
+				$num++;
+				$doing_entry = false;
+				continue;	
+			}
+			if ( $doing_entry ) {
+				$this->posts[$num] .= $importline . "\n";
+			}
+		}
+
+		foreach ($this->posts as $post) {
+			$post_ID = (int) $this->get_tag( $post, 'wp:post_id' );
+			if ($post_ID) {
+				$this->posts_processed[$post_ID][0] = &$post;
+				$this->posts_processed[$post_ID][1] = 0;
+			}
+		}
 	}
 
 	function get_wp_authors() {
@@ -133,6 +163,7 @@ class WP_Import {
 		$authors = $this->get_wp_authors();
 		echo '<ol id="authors">';
 		echo '<form action="?import=wordpress&amp;step=2&amp;id=' . $this->id . '" method="post">';
+		wp_nonce_field('import-wordpress');
 		$j = -1;
 		foreach ($authors as $author) {
 			++ $j;
@@ -150,10 +181,8 @@ class WP_Import {
 	function select_authors() {
 		$file = wp_import_handle_upload();
 		if ( isset($file['error']) ) {
-			$this->header();
 			echo '<p>'.__('Sorry, there has been an error.').'</p>';
 			echo '<p><strong>' . $file['error'] . '</strong></p>';
-			$this->footer();
 			return;
 		}
 		$this->file = $file['file'];
@@ -193,97 +222,128 @@ class WP_Import {
 	}
 
 	function process_posts() {
-		global $wpdb;
 		$i = -1;
 		echo '<ol>';
-		foreach ($this->posts as $post) {
 
-			// There are only ever one of these
-			$post_title     = $this->get_tag( $post, 'title' );
-			$post_date      = $this->get_tag( $post, 'wp:post_date' );
-			$post_date_gmt  = $this->get_tag( $post, 'wp:post_date_gmt' );
-			$comment_status = $this->get_tag( $post, 'wp:comment_status' );
-			$ping_status    = $this->get_tag( $post, 'wp:ping_status' );
-			$post_status    = $this->get_tag( $post, 'wp:status' );
-			$post_parent    = $this->get_tag( $post, 'wp:post_parent' );
-			$post_type      = $this->get_tag( $post, 'wp:post_type' );
-			$guid           = $this->get_tag( $post, 'guid' );
-			$post_author    = $this->get_tag( $post, 'dc:creator' );
-
-			$post_content = $this->get_tag( $post, 'content:encoded' );
-			$post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content);
-			$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
-			$post_content = str_replace('<br>', '<br />', $post_content);
-			$post_content = str_replace('<hr>', '<hr />', $post_content);
-
-			preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
-			$categories = $categories[1];
-
-			$cat_index = 0;
-			foreach ($categories as $category) {
-				$categories[$cat_index] = $wpdb->escape($this->unhtmlentities(str_replace(array ('<![CDATA[', ']]>'), '', $category)));
-				$cat_index++;
-			}
+		foreach ($this->posts as $post)
+			$this->process_post($post);
 
-			if ($post_id = post_exists($post_title, '', $post_date)) {
-				echo '<li>';
-				printf(__('Post <i>%s</i> already exists.'), stripslashes($post_title));
-			} else {
-				echo '<li>';
-				printf(__('Importing post <i>%s</i>...'), stripslashes($post_title));
+		echo '</ol>';
 
-				$post_author = $this->checkauthor($post_author); //just so that if a post already exists, new users are not created by checkauthor
+		wp_import_cleanup($this->id);
 
-				$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt', 'guid', 'post_parent', 'post_type');
-				$comment_post_ID = $post_id = wp_insert_post($postdata);
-				// Add categories.
-				if (0 != count($categories)) {
-					wp_create_categories($categories, $post_id);
-				}
-			}
+		echo '<h3>'.sprintf(__('All done.').' <a href="%s">'.__('Have fun!').'</a>', get_option('home')).'</h3>';
+	}
+  
+	function process_post($post) {
+		global $wpdb;
 
-				// Now for comments
-				preg_match_all('|<wp:comment>(.*?)</wp:comment>|is', $post, $comments);
-				$comments = $comments[1];
-				$num_comments = 0;
-				if ( $comments) { foreach ($comments as $comment) {
-					$comment_author       = $this->get_tag( $comment, 'wp:comment_author');
-					$comment_author_email = $this->get_tag( $comment, 'wp:comment_author_email');
-					$comment_author_IP    = $this->get_tag( $comment, 'wp:comment_author_IP');
-					$comment_author_url   = $this->get_tag( $comment, 'wp:comment_author_url');
-					$comment_date         = $this->get_tag( $comment, 'wp:comment_date');
-					$comment_date_gmt     = $this->get_tag( $comment, 'wp:comment_date_gmt');
-					$comment_content      = $this->get_tag( $comment, 'wp:comment_content');
-					$comment_approved     = $this->get_tag( $comment, 'wp:comment_approved');
-					$comment_type         = $this->get_tag( $comment, 'wp:comment_type');
-					$comment_parent       = $this->get_tag( $comment, 'wp:comment_parent');
-
-					if ( !comment_exists($comment_author, $comment_date) ) {
-						$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_approved', 'comment_type', 'comment_parent');
-						wp_insert_comment($commentdata);
-						$num_comments++;
-					}
-				} }
-				if ( $num_comments )
-					printf(' '.__('(%s comments)'), $num_comments);
-
-				// Now for post meta
-				preg_match_all('|<wp:postmeta>(.*?)</wp:postmeta>|is', $post, $postmeta);
-				$postmeta = $postmeta[1];
-				if ( $postmeta) { foreach ($postmeta as $p) {
-					$key   = $this->get_tag( $p, 'wp:meta_key' );
-					$value = $this->get_tag( $p, 'wp:meta_value' );
-					add_post_meta( $post_id, $key, $value );
-				} }
-
-			$index++;
+		$post_ID = (int) $this->get_tag( $post, 'wp:post_id' );
+  		if ( $post_ID && !empty($this->posts_processed[$post_ID][1]) ) // Processed already
+			return 0;
+      
+		// There are only ever one of these
+		$post_title     = $this->get_tag( $post, 'title' );
+		$post_date      = $this->get_tag( $post, 'wp:post_date' );
+		$post_date_gmt  = $this->get_tag( $post, 'wp:post_date_gmt' );
+		$comment_status = $this->get_tag( $post, 'wp:comment_status' );
+		$ping_status    = $this->get_tag( $post, 'wp:ping_status' );
+		$post_status    = $this->get_tag( $post, 'wp:status' );
+		$post_name      = $this->get_tag( $post, 'wp:post_name' );
+		$post_parent    = $this->get_tag( $post, 'wp:post_parent' );
+		$menu_order     = $this->get_tag( $post, 'wp:menu_order' );
+		$post_type      = $this->get_tag( $post, 'wp:post_type' );
+		$guid           = $this->get_tag( $post, 'guid' );
+		$post_author    = $this->get_tag( $post, 'dc:creator' );
+
+		$post_content = $this->get_tag( $post, 'content:encoded' );
+		$post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content);
+		$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+		$post_content = str_replace('<br>', '<br />', $post_content);
+		$post_content = str_replace('<hr>', '<hr />', $post_content);
+
+		preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
+		$categories = $categories[1];
+
+		$cat_index = 0;
+		foreach ($categories as $category) {
+			$categories[$cat_index] = $wpdb->escape($this->unhtmlentities(str_replace(array ('<![CDATA[', ']]>'), '', $category)));
+			$cat_index++;
 		}
 
-		echo '</ol>';
+		if ($post_id = post_exists($post_title, '', $post_date)) {
+			echo '<li>';
+			printf(__('Post <i>%s</i> already exists.'), stripslashes($post_title));
+		} else {
 
-		wp_import_cleanup($this->id);
+			// If it has parent, process parent first.
+			$post_parent = (int) $post_parent;
+			if ($parent = $this->posts_processed[$post_parent]) {
+				if (!$parent[1]) $this->process_post($parent[0]); // If not yet, process the parent first.
+				$post_parent = $parent[1]; // New ID of the parent;
+			}
 
-		echo '<h3>'.sprintf(__('All done.').' <a href="%s">'.__('Have fun!').'</a>', get_option('home')).'</h3>';
+			echo '<li>';
+			printf(__('Importing post <i>%s</i>...'), stripslashes($post_title));
+
+			$post_author = $this->checkauthor($post_author); //just so that if a post already exists, new users are not created by checkauthor
+
+			$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'post_name', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt', 'guid', 'post_parent', 'menu_order', 'post_type');
+			$comment_post_ID = $post_id = wp_insert_post($postdata);
+
+			// Memorize old and new ID.
+			if ( $post_id && $post_ID && $this->posts_processed[$post_ID] )
+				$this->posts_processed[$post_ID][1] = $post_id; // New ID.
+			
+			// Add categories.
+			if (count($categories) > 0) {
+				$post_cats = array();
+				foreach ($categories as $category) {
+					$cat_ID = (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE cat_name = '$category'");
+					if ($cat_ID == 0) {
+						$cat_ID = wp_insert_category(array('cat_name' => $category));
+					}
+					$post_cats[] = $cat_ID;
+				}
+				wp_set_post_categories($post_id, $post_cats);
+			}	
+		}
+
+		// Now for comments
+		preg_match_all('|<wp:comment>(.*?)</wp:comment>|is', $post, $comments);
+		$comments = $comments[1];
+		$num_comments = 0;
+		if ( $comments) { foreach ($comments as $comment) {
+			$comment_author       = $this->get_tag( $comment, 'wp:comment_author');
+			$comment_author_email = $this->get_tag( $comment, 'wp:comment_author_email');
+			$comment_author_IP    = $this->get_tag( $comment, 'wp:comment_author_IP');
+			$comment_author_url   = $this->get_tag( $comment, 'wp:comment_author_url');
+			$comment_date         = $this->get_tag( $comment, 'wp:comment_date');
+			$comment_date_gmt     = $this->get_tag( $comment, 'wp:comment_date_gmt');
+			$comment_content      = $this->get_tag( $comment, 'wp:comment_content');
+			$comment_approved     = $this->get_tag( $comment, 'wp:comment_approved');
+			$comment_type         = $this->get_tag( $comment, 'wp:comment_type');
+			$comment_parent       = $this->get_tag( $comment, 'wp:comment_parent');
+
+			if ( !comment_exists($comment_author, $comment_date) ) {
+				$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_approved', 'comment_type', 'comment_parent');
+				wp_insert_comment($commentdata);
+				$num_comments++;
+			}
+		} }
+
+		if ( $num_comments )
+			printf(' '.__('(%s comments)'), $num_comments);
+
+		// Now for post meta
+		preg_match_all('|<wp:postmeta>(.*?)</wp:postmeta>|is', $post, $postmeta);
+		$postmeta = $postmeta[1];
+		if ( $postmeta) { foreach ($postmeta as $p) {
+			$key   = $this->get_tag( $p, 'wp:meta_key' );
+			$value = $this->get_tag( $p, 'wp:meta_value' );
+			$value = stripslashes($value); // add_post_meta() will escape.
+			add_post_meta( $post_id, $key, $value );
+		} }
 	}
 
 	function import() {
@@ -308,9 +368,11 @@ class WP_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->select_authors();
 				break;
 			case 2:
+				check_admin_referer('import-wordpress');
 				$this->import();
 				break;
 		}
diff --git a/wp-admin/import/wp-cat2tag.php b/wp-admin/import/wp-cat2tag.php
new file mode 100644
index 0000000..6df9f1c
--- /dev/null
+++ b/wp-admin/import/wp-cat2tag.php
@@ -0,0 +1,226 @@
+<?php
+
+class WP_Categories_to_Tags {
+	var $categories_to_convert = array();
+	var $all_categories = array();
+	
+	function header() {
+		print '<div class="wrap">';
+		print '<h2>' . __('Convert Categories to Tags') . '</h2>';
+	}
+	
+	function footer() {
+		print '</div>';
+	}
+	
+	function populate_all_categories() {
+		global $wpdb;
+		
+		$this->all_categories = $wpdb->get_results("SELECT * FROM $wpdb->categories WHERE (type & ~ " . TAXONOMY_TAG . ") != 0 AND category_count > 0 ORDER BY cat_name ASC");
+	}
+	
+	function welcome() {
+		$this->populate_all_categories();
+		
+		print '<div class="narrow">';
+		
+		if (count($this->all_categories) > 0) {
+			print '<p>' . __('Howdy! This converter allows you to selectively convert existing categories to tags. To get started, check the checkboxes of the categories you wish to be converted, then click the Convert button.') . '</p>';
+			print '<p>' . __('Keep in mind that if you convert a category with child categories, those child categories get their parent setting removed, so they\'re in the root.') . '</p>';
+		
+			$this->categories_form();
+		} else {
+			print '<p>'.__('You have no categories to convert!').'</p>';
+		}
+		
+		print '</div>';
+	}
+	
+	function categories_form() {
+		print '<form action="admin.php?import=wp-cat2tag&amp;step=2" method="post">';
+		print '<ul style="list-style:none">';
+		
+		$hier = _get_category_hierarchy();
+		
+		foreach ($this->all_categories as $category) {
+			if ((int) $category->category_parent == 0) {
+				print '<li><label><input type="checkbox" name="cats_to_convert[]" value="' . intval($category->cat_ID) . '" /> ' . $category->cat_name . ' (' . $category->category_count . ')</label>';
+				
+				if (isset($hier[$category->cat_ID])) {
+					$this->_category_children($category, $hier);
+				}
+				
+				print '</li>';
+			}
+		}
+		
+		print '</ul>';
+		
+		print '<p class="submit"><input type="submit" name="maybe_convert_all_cats" value="' . __('Convert All Categories') . '" /> <input type="submit" name="submit" value="' . __('Convert &raquo;') . '" /></p>';
+		print '</form>';
+	}
+	
+	function _category_children($parent, $hier) {
+		print '<ul style="list-style:none">';
+		
+		foreach ($hier[$parent->cat_ID] as $child_id) {
+			$child =& get_category($child_id);
+			
+			print '<li><label><input type="checkbox" name="cats_to_convert[]" value="' . intval($child->cat_ID) . '" /> ' . $child->cat_name . ' (' . $child->category_count . ')</label>';
+			
+			if (isset($hier[$child->cat_ID])) {
+				$this->_category_children($child, $hier);
+			}
+			
+			print '</li>';
+		}
+		
+		print '</ul>';
+	}
+	
+	function _category_exists($cat_id) {
+		global $wpdb;
+		
+		$cat_id = (int) $cat_id;
+		
+		$maybe_exists = $wpdb->get_results("SELECT cat_ID from $wpdb->categories WHERE cat_ID = '$cat_id'");
+		
+		if (count($maybe_exists) > 0) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+	
+	function convert_them() {
+		global $wpdb;
+		
+		if (!isset($_POST['cats_to_convert']) || !is_array($_POST['cats_to_convert'])) {
+			print '<div class="narrow">';
+			print '<p>' . sprintf(__('Uh, oh. Something didn\'t work. Please <a href="%s">try again</a>.'), 'admin.php?import=wp-cat2tag') . '</p>';
+			print '</div>';
+		}
+		
+		$this->categories_to_convert = $_POST['cats_to_convert'];
+		$hier = _get_category_hierarchy();
+		
+		print '<ul>';
+		
+		foreach ($this->categories_to_convert as $cat_id) {
+			$cat_id = (int) $cat_id;
+			
+			print '<li>' . __('Converting category') . ' #' . $cat_id . '... ';
+			
+			if (!$this->_category_exists($cat_id)) {
+				_e('Category doesn\'t exist!');
+			} else {
+				$category =& get_category($cat_id);
+				
+				if ($category->link_count > 0) {
+					$type = $category->type | TAXONOMY_TAG;
+				} else {
+					$type = TAXONOMY_TAG;
+				}
+				
+				// Set the category itself to $type from above
+				$wpdb->query("UPDATE $wpdb->categories SET type = '$type' WHERE cat_ID = '{$category->cat_ID}'");
+				
+				// Set relationships in post2cat to 'tag', category_count becomes tag_count
+				$wpdb->query("UPDATE $wpdb->post2cat SET rel_type = 'tag' WHERE category_ID = '{$category->cat_ID}'");
+				$wpdb->query("UPDATE $wpdb->categories SET tag_count = '{$category->category_count}', category_count = '0' WHERE cat_ID = '{$category->cat_ID}'");
+				
+				// Set all parents to 0 (root-level) if their parent was the converted tag
+				$wpdb->query("UPDATE $wpdb->categories SET category_parent = 0 WHERE category_parent = '{$category->cat_ID}'");
+				
+				// Clean the cache
+				clean_category_cache($category->cat_ID);
+				
+				_e('Converted successfully.');
+			}
+			
+			print '</li>';
+		}
+		
+		print '</ul>';
+	}
+	
+	function convert_all_confirm() {
+		print '<div class="narrow">';
+		
+		print '<h3>' . __('Confirm') . '</h3>';
+		
+		print '<p>' . __('You are about to convert all categories to tags. Are you sure you want to continue?') . '</p>';
+		
+		print '<form action="admin.php?import=wp-cat2tag" method="post">';
+		print '<p style="text-align:center" class="submit"><input type="submit" value="' . __('Yes') . '" name="yes_convert_all_cats" />&nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="' . __('No') . '" name="no_dont_do_it" /></p>';
+		print '</form>';
+		
+		print '</div>';
+	}
+	
+	function convert_all() {
+		global $wpdb;
+		
+		$cats = $wpdb->get_results("SELECT * FROM $wpdb->categories WHERE (type & ~ " . TAXONOMY_TAG . ") != 0 AND category_count > 0");
+		
+		$_POST['cats_to_convert'] = array();
+		
+		foreach ($cats as $cat) {
+			$_POST['cats_to_convert'][] = $cat->cat_ID;
+		}
+		
+		$this->convert_them();
+	}
+	
+	function init() {
+		echo '<!--'; print_r($_POST); print_r($_GET); echo '-->';
+		
+		if (isset($_POST['maybe_convert_all_cats'])) {
+			$step = 3;
+		} elseif (isset($_POST['yes_convert_all_cats'])) {
+			$step = 4;
+		} elseif (isset($_POST['no_dont_do_it'])) {
+			die('no_dont_do_it');
+		} else {
+			$step = (isset($_GET['step'])) ? (int) $_GET['step'] : 1;
+		}
+		
+		$this->header();
+		
+		if (!current_user_can('manage_categories')) {
+			print '<div class="narrow">';
+			print '<p>' . __('Cheatin&#8217; uh?') . '</p>';
+			print '</div>';
+		} else {
+			switch ($step) {
+				case 1 :
+					$this->welcome();
+				break;
+				
+				case 2 :
+					$this->convert_them();
+				break;
+				
+				case 3 :
+					$this->convert_all_confirm();
+				break;
+				
+				case 4 :
+					$this->convert_all();
+				break;
+			}
+		}
+		
+		$this->footer();
+	}
+	
+	function WP_Categories_to_Tags() {
+		// Do nothing.
+	}
+}
+
+$wp_cat2tag_importer = new WP_Categories_to_Tags();
+
+register_importer('wp-cat2tag', __('Categories to Tags Converter'), __('Convert existing categories to tags, selectively.'), array(&$wp_cat2tag_importer, 'init'));
+
+?>
diff --git a/wp-admin/index-extra.php b/wp-admin/index-extra.php
index d5262ca..b3d38e9 100644
--- a/wp-admin/index-extra.php
+++ b/wp-admin/index-extra.php
@@ -7,10 +7,10 @@ require_once (ABSPATH . WPINC . '/rss.php');
 switch ( $_GET['jax'] ) {
 
 case 'incominglinks' :
-$rss = @fetch_rss('http://feeds.technorati.com/cosmos/rss/?url='. trailingslashit(get_option('home')) .'&partner=wordpress');
+$rss = @fetch_rss(apply_filters( 'dashboard_incoming_links_feed', 'http://feeds.technorati.com/cosmos/rss/?url='. trailingslashit(get_option('home')) .'&partner=wordpress' ));
 if ( isset($rss->items) && 1 < count($rss->items) ) { // Technorati returns a 1-item feed when it has no results
 ?>
-<h3><?php _e('Incoming Links'); ?> <cite><a href="http://www.technorati.com/search/<?php echo trailingslashit(get_option('home')); ?>?partner=wordpress"><?php _e('More &raquo;'); ?></a></cite></h3>
+<h3><?php _e('Incoming Links'); ?> <cite><a href="<?php echo apply_filters( 'dashboard_incoming_links_link', 'http://www.technorati.com/search/'. trailingslashit(get_option('home')) .'?partner=wordpress' ); ?>"><?php _e('More &raquo;'); ?></a></cite></h3>
 <ul>
 <?php
 $rss->items = array_slice($rss->items, 0, 10);
@@ -24,10 +24,10 @@ foreach ($rss->items as $item ) {
 break;
 
 case 'devnews' :
-$rss = @fetch_rss('http://wordpress.org/development/feed/');
+$rss = @fetch_rss(apply_filters( 'dashboard_primary_feed', 'http://wordpress.org/development/feed/' ));
 if ( isset($rss->items) && 0 != count($rss->items) ) {
 ?>
-<h3><?php _e('WordPress Development Blog'); ?></h3>
+<h3><?php echo apply_filters( 'dashboard_primary_title', __('WordPress Development Blog') ); ?></h3>
 <?php
 $rss->items = array_slice($rss->items, 0, 3);
 foreach ($rss->items as $item ) {
@@ -43,10 +43,10 @@ foreach ($rss->items as $item ) {
 break;
 
 case 'planetnews' :
-$rss = @fetch_rss('http://planet.wordpress.org/feed/');
+$rss = @fetch_rss(apply_filters( 'dashboard_secondary_feed', 'http://planet.wordpress.org/feed/' ));
 if ( isset($rss->items) && 0 != count($rss->items) ) {
 ?>
-<h3><?php _e('Other WordPress News'); ?></h3>
+<h3><?php echo apply_filters( 'dashboard_secondary_title', __('Other WordPress News') ); ?></h3>
 <ul>
 <?php
 $rss->items = array_slice($rss->items, 0, 20);
@@ -60,7 +60,7 @@ $post = preg_replace( '|.+?:(.+)|s', '$1', $item['title'] );
 	}
 ?>
 </ul>
-<p class="readmore"><a href="http://planet.wordpress.org/"><?php _e('Read more'); ?> &raquo;</a></p>
+<p class="readmore"><a href="<?php echo apply_filters( 'dashboard_secondary_link', 'http://planet.wordpress.org/' ); ?>"><?php _e('Read more'); ?> &raquo;</a></p>
 <?php
 }
 break;
diff --git a/wp-admin/index.php b/wp-admin/index.php
index 2a24a82..a3d3151 100644
--- a/wp-admin/index.php
+++ b/wp-admin/index.php
@@ -43,7 +43,7 @@ if ( $comments || $numcomments ) :
 <h3><?php _e('Comments'); ?> <a href="edit-comments.php" title="<?php _e('More comments...'); ?>">&raquo;</a></h3>
 
 <?php if ( $numcomments ) : ?>
-<p><strong><a href="moderation.php"><?php echo sprintf(__('Comments in moderation (%s)'), number_format($numcomments) ); ?> &raquo;</a></strong></p>
+<p><strong><a href="moderation.php"><?php echo sprintf(__('Comments in moderation (%s)'), number_format_i18n($numcomments) ); ?> &raquo;</a></strong></p>
 <?php endif; ?>
 
 <ul>
@@ -61,7 +61,7 @@ foreach ($comments as $comment) {
 <?php endif; ?>
 
 <?php
-if ( $recentposts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'publish' AND post_date_gmt < '$today' ORDER BY post_date DESC LIMIT 5") ) :
+if ( $recentposts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND " . get_private_posts_cap_sql('post') . " AND post_date_gmt < '$today' ORDER BY post_date DESC LIMIT 5") ) :
 ?>
 <div>
 <h3><?php _e('Posts'); ?> <a href="edit.php" title="<?php _e('More posts...'); ?>">&raquo;</a></h3>
@@ -103,9 +103,9 @@ $numposts = (int) $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_t
 $numcomms = (int) $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '1'");
 $numcats  = (int) $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->categories");
 
-$post_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Posts">post</a>', '%1$s <a href="%2$s" title="Posts">posts</a>', $numposts), number_format($numposts), 'edit.php');
-$comm_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Comments">comment</a>', '%1$s <a href="%2$s" title="Comments">comments</a>', $numcomms), number_format($numcomms), 'edit-comments.php');
-$cat_str  = sprintf(__ngettext('%1$s <a href="%2$s" title="Categories">category</a>', '%1$s <a href="%2$s" title="Categories">categories</a>', $numcats), number_format($numcats), 'categories.php');
+$post_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Posts">post</a>', '%1$s <a href="%2$s" title="Posts">posts</a>', $numposts), number_format_i18n($numposts), 'edit.php');
+$comm_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Comments">comment</a>', '%1$s <a href="%2$s" title="Comments">comments</a>', $numcomms), number_format_i18n($numcomms), 'edit-comments.php');
+$cat_str  = sprintf(__ngettext('%1$s <a href="%2$s" title="Categories">category</a>', '%1$s <a href="%2$s" title="Categories">categories</a>', $numcats), number_format_i18n($numcats), 'categories.php');
 ?>
 
 <p><?php printf(__('There are currently %1$s and %2$s, contained within %3$s.'), $post_str, $comm_str, $cat_str); ?></p>
@@ -122,7 +122,7 @@ $cat_str  = sprintf(__ngettext('%1$s <a href="%2$s" title="Categories">category<
 <?php endif; ?>
 	<li><a href="profile.php"><?php _e('Update your profile or change your password'); ?></a></li>
 <?php if ( current_user_can('manage_links') ) : ?>
-	<li><a href="link-add.php"><?php _e('Add a bookmark to your blogroll'); ?></a></li>
+	<li><a href="link-add.php"><?php _e('Add a link to your blogroll'); ?></a></li>
 <?php endif; ?>
 <?php if ( current_user_can('switch_themes') ) : ?>
 	<li><a href="themes.php"><?php _e('Change your site&#8217;s look or theme'); ?></a></li>
diff --git a/wp-admin/link-import.php b/wp-admin/link-import.php
index 2c8accf..8502ed8 100644
--- a/wp-admin/link-import.php
+++ b/wp-admin/link-import.php
@@ -93,7 +93,12 @@ foreach ($categories as $category) {
 		}
 
 		if ( isset($opml_url) && $opml_url != '' ) {
-			$opml = wp_remote_fopen($opml_url);
+			if ( $blogrolling === true ) {
+				$opml = wp_remote_fopen($opml_url);
+			} else {
+				$opml = file_get_contents($opml_url);
+			}
+			
 			include_once('link-parse-opml.php');
 
 			$link_count = count($names);
@@ -118,6 +123,7 @@ else
 } // end else
 
 if ( ! $blogrolling )
+	apply_filters( 'wp_delete_file', $opml_url); 
 	@unlink($opml_url);
 ?>
 </div>
diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
index 54ae4f9..77196bb 100644
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -180,7 +180,7 @@ if ( $links ) {
 					break;
 				default:
 					?>
-					<td><?php do_action('manage_link_custom_column', $column_name, $id); ?></td>
+					<td><?php do_action('manage_link_custom_column', $column_name, $link->link_id); ?></td>
 					<?php
 					break;
 
diff --git a/wp-admin/menu.php b/wp-admin/menu.php
index 37e9714..affd314 100644
--- a/wp-admin/menu.php
+++ b/wp-admin/menu.php
@@ -83,6 +83,7 @@ if( is_site_admin() ) {
 	$submenu[ 'wpmu-admin.php' ][25] = array( __('Options'), '10', 'wpmu-options.php' );
 	$submenu[ 'wpmu-admin.php' ][30] = array( __('Upgrade'), '10', 'wpmu-upgrade-site.php' );
 }
+do_action('_admin_menu');
 
 // Create list of page plugin hook names.
 foreach ($menu as $menu_page) {
diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php
index e24a9a1..caa37ec 100644
--- a/wp-admin/moderation.php
+++ b/wp-admin/moderation.php
@@ -123,14 +123,14 @@ $i = 0;
 <?php comment_text() ?>
 <p><?php comment_date(__('M j, g:i A')); ?> &#8212; [ <?php
 echo '<a href="comment.php?action=editcomment&amp;c='.$comment->comment_ID.'">' . __('Edit') . '</a> | ';
-echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author )) . "', theCommentList );\">" . __('Delete') . "</a> | "; ?>
+echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author )) . "', theCommentList );\">" . __('Delete') . "</a> "; ?> ] &#8212;
 <?php
 $post = get_post($comment->comment_post_ID);
 $post_title = wp_specialchars( $post->post_title, 'double' );
 $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
 ?>
-<a href="<?php echo get_permalink($comment->comment_post_ID); ?>" title="<?php echo $post_title; ?>"><?php _e('View Post') ?></a> ] &#8212;
- <?php _e('Bulk action:') ?>
+<a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php echo $post_title; ?></a></p>
+<p><?php _e('Bulk action:') ?>
 	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment-<?php echo $comment->comment_ID; ?>-approve"><?php _e('Approve') ?></label> &nbsp;
 	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment-<?php echo $comment->comment_ID; ?>-spam"><?php _e('Spam') ?></label> &nbsp;
 	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment-<?php echo $comment->comment_ID; ?>-delete"><?php _e('Delete') ?></label> &nbsp;
@@ -182,7 +182,7 @@ document.write('<ul><li><a href="javascript:markAllForApprove()"><?php _e('Mark
 
 <noscript>
 	<p>
-		<input name="feelinglucky" type="checkbox" id="feelinglucky" value="true" /> <label for="feelinglucky"><?php _e('Delete every comment marked "defer." <strong>Warning: This can&#8217;t be undone.</strong>'); ?></label>
+		<input name="feelinglucky" type="checkbox" id="feelinglucky" value="true" /> <label for="feelinglucky"><?php _e('Delete every comment marked &#8220;defer.&#8221; <strong>Warning: This can&#8217;t be undone.</strong>'); ?></label>
 	</p>
 </noscript>
 </form>
diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php
index 200cabe..75792db 100644
--- a/wp-admin/options-permalink.php
+++ b/wp-admin/options-permalink.php
@@ -168,10 +168,7 @@ checked="checked"
   <p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a>, we could do this automatically, but it isn&#8217;t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
 <form action="options-permalink.php" method="post">
 <?php wp_nonce_field('update-permalink') ?>
-   <p>
-<textarea rows="5" style="width: 98%;" name="rules"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?>
-</textarea>
-    </p>
+	<p><textarea rows="5" style="width: 98%;" name="rules" id="rules"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?></textarea></p>
 </form>
 <?php endif; ?>
 
diff --git a/wp-admin/page.php b/wp-admin/page.php
index 4ef74e9..2825184 100644
--- a/wp-admin/page.php
+++ b/wp-admin/page.php
@@ -62,12 +62,6 @@ case 'edit':
 		die ( __('You are not allowed to edit this page.') );
 
 	include('edit-page-form.php');
-	?>
-	<div id='preview' class='wrap'>
-	<h2 id="preview-post"><?php _e('Page Preview (updated when page is saved)'); ?></h2>
-		<iframe src="<?php echo clean_url(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
-	</div>
-	<?php
 	break;
 
 case 'editattachment':
diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index 68e1caf..a4edf30 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -19,11 +19,13 @@ if ( isset($_GET['action']) ) {
 			wp_die(__('Plugin file does not exist.'));
 		if (!in_array($plugin, $current)) {
 			wp_redirect('plugins.php?error=true'); // we'll override this later if the plugin can be included without fatal error
+			ob_start();
 			@include(ABSPATH . PLUGINDIR . '/' . $plugin);
 			$current[] = $plugin;
 			sort($current);
 			update_option('active_plugins', $current);
 			do_action('activate_' . $plugin);
+			ob_end_clean();
 		}
 		wp_redirect('plugins.php?activate=true'); // overrides the ?error=true one above
 	} else if ('deactivate' == $_GET['action']) {
@@ -33,6 +35,17 @@ if ( isset($_GET['action']) ) {
 		update_option('active_plugins', $current);
 		do_action('deactivate_' . trim( $_GET['plugin'] ));
 		wp_redirect('plugins.php?deactivate=true');
+	} elseif ($_GET['action'] == 'deactivate-all') {
+		check_admin_referer('deactivate-all');
+		$current = get_option('active_plugins');
+		
+		foreach ($current as $plugin) {
+			array_splice($current, array_search($plugin, $current), 1);
+			do_action('deactivate_' . $plugin);
+		}
+		
+		update_option('active_plugins', array());
+		wp_redirect('plugins.php?deactivate-all=true');
 	}
 	exit;
 }
@@ -72,6 +85,8 @@ foreach ($check_plugins as $check_plugin) {
 	<div id="message" class="updated fade"><p><?php _e('Plugin <strong>activated</strong>.') ?></p></div>
 <?php elseif ( isset($_GET['deactivate']) ) : ?>
 	<div id="message" class="updated fade"><p><?php _e('Plugin <strong>deactivated</strong>.') ?></p></div>
+<?php elseif (isset($_GET['deactivate-all'])) : ?>
+	<div id="message" class="updated fade"><p><?php _e('All plugins <strong>deactivated</strong>.'); ?></p></div>
 <?php endif; ?>
 
 <div class="wrap">
@@ -139,6 +154,11 @@ if (empty($plugins)) {
 	}
 ?>
 
+<tr>
+	<td colspan="3">&nbsp;</td>
+	<td colspan="2" style="width:12em;"><a href="<?php echo wp_nonce_url('plugins.php?action=deactivate-all', 'deactivate-all'); ?>" class="delete"><?php _e('Deactivate All Plugins'); ?></a></td>
+</tr>
+
 </table>
 <?php
 }
diff --git a/wp-admin/post-new.php b/wp-admin/post-new.php
index fd8a046..e2c978b 100644
--- a/wp-admin/post-new.php
+++ b/wp-admin/post-new.php
@@ -10,7 +10,7 @@ require_once ('./admin-header.php');
 
 if ( ! current_user_can('edit_posts') ) { ?>
 <div class="wrap">
-<p><?php printf(__('Since you&#8217;re a newcomer, you&#8217;ll have to wait for an admin to raise your level to 1, in order to be authorized to post.<br />
+<p><?php printf(__('Since you&#8217;re a newcomer, you&#8217;ll have to wait for an admin to add the <code>edit_posts</code> capability to your user, in order to be authorized to post.<br />
 You can also <a href="mailto:%s?subject=Promotion?">e-mail the admin</a> to ask for a promotion.<br />
 When you&#8217;re promoted, just reload this page and you&#8217;ll be able to blog. :)'), get_option('admin_email')); ?>
 </p>
@@ -57,7 +57,7 @@ include('edit-form-advanced.php');
 <?php if ( $is_NS4 || $is_gecko || $is_winIE ) { ?>
 <div id="wp-bookmarklet" class="wrap">
 <h3><?php _e('WordPress Bookmarklet'); ?></h3>
-<p><?php _e('Right click on the following link and choose "Add to favorites" to create a posting shortcut.'); ?></p>
+<p><?php _e('Right click on the following link and choose &#0147;Bookmark This Link...&#0148; or &#0147;Add to Favorites...&#0148; to create a posting shortcut.'); ?></p>
 <p>
 
 <?php
diff --git a/wp-admin/post.php b/wp-admin/post.php
index b67f6bc..3006773 100644
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -66,12 +66,6 @@ case 'edit':
 
 	include('edit-form-advanced.php');
 
-	?>
-	<div id='preview' class='wrap'>
-	<h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?></h2>
-		<iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
-	</div>
-	<?php
 	break;
 
 case 'editattachment':
diff --git a/wp-admin/profile.php b/wp-admin/profile.php
index 3cf24e5..7654868 100644
--- a/wp-admin/profile.php
+++ b/wp-admin/profile.php
@@ -46,16 +46,16 @@ $bookmarklet_height= 440;
 </label></p>
 
 <p><label><?php _e('First name:') ?><br />
-<input type="text" name="first_name" value="<?php echo $profileuser->first_name ?>" /></label></p>
+<input type="text" name="first_name" id="first_name" value="<?php echo $profileuser->first_name ?>" /></label></p>
 
 <p><label><?php _e('Last name:') ?><br />
-<input type="text" name="last_name"  value="<?php echo $profileuser->last_name ?>" /></label></p>
+<input type="text" name="last_name" id="last_name"  value="<?php echo $profileuser->last_name ?>" /></label></p>
 
 <p><label><?php _e('Nickname:') ?><br />
-<input type="text" name="nickname" value="<?php echo $profileuser->nickname ?>" /></label></p>
+<input type="text" name="nickname" id="nickname" value="<?php echo $profileuser->nickname ?>" /></label></p>
 
 <p><label><?php _e('Display name publicly as:') ?> <br />
-<select name="display_name">
+<select name="display_name" id="display_name">
 <option value="<?php echo $profileuser->display_name; ?>"><?php echo $profileuser->display_name; ?></option>
 <option value="<?php echo $profileuser->nickname ?>"><?php echo $profileuser->nickname ?></option>
 <option value="<?php echo $profileuser->user_login ?>"><?php echo $profileuser->user_login ?></option>
@@ -76,29 +76,29 @@ $bookmarklet_height= 440;
 <legend><?php _e('Contact Info'); ?></legend>
 
 <p><label><?php _e('E-mail: (required)') ?><br />
-<input type="text" name="email" value="<?php echo $profileuser->user_email ?>" /></label></p>
+<input type="text" name="email" id="email" value="<?php echo $profileuser->user_email ?>" /></label></p>
 
 <p><label><?php _e('Website:') ?><br />
-<input type="text" name="url" value="<?php echo $profileuser->user_url ?>" />
+<input type="text" name="url" id="url" value="<?php echo $profileuser->user_url ?>" />
 </label></p>
 
 <p><label><?php _e('AIM:') ?><br />
-<input type="text" name="aim" value="<?php echo $profileuser->aim ?>" />
+<input type="text" name="aim" id="aim" value="<?php echo $profileuser->aim ?>" />
 </label></p>
 
 <p><label><?php _e('Yahoo IM:') ?><br />
-<input type="text" name="yim" value="<?php echo $profileuser->yim ?>" />
+<input type="text" name="yim" id="yim" value="<?php echo $profileuser->yim ?>" />
 </label></p>
 
 <p><label><?php _e('Jabber / Google Talk:') ?><br />
-<input type="text" name="jabber" value="<?php echo $profileuser->jabber ?>" /></label>
+<input type="text" name="jabber" id="jabber" value="<?php echo $profileuser->jabber ?>" /></label>
 </p>
 </fieldset>
 <br clear="all" />
 <fieldset>
 <legend><?php _e('About Yourself'); ?></legend>
 <p class="desc"><?php _e('Share a little biographical information. '); ?></p>
-<p><textarea name="description" rows="5" cols="30"><?php echo $profileuser->description ?></textarea></p>
+<p><textarea name="description" id="description" rows="5" cols="30"><?php echo $profileuser->description ?></textarea></p>
 </fieldset>
 
 <?php
@@ -109,10 +109,10 @@ if ( $show_password_fields ) :
 <legend><?php _e('Update Your Password'); ?></legend>
 <p class="desc"><?php _e('If you would like to change your password type a new one twice below. Otherwise leave this blank.'); ?></p>
 <p><label><?php _e('New Password:'); ?><br />
-<input type="password" name="pass1" size="16" value="" />
+<input type="password" name="pass1" id="pass1" size="16" value="" />
 </label></p>
 <p><label><?php _e('Type it one more time:'); ?><br />
-<input type="password" name="pass2" size="16" value="" />
+<input type="password" name="pass2" id="pass2" size="16" value="" />
 </label></p>
 </fieldset>
 <?php endif; ?>
diff --git a/wp-admin/rtl.css b/wp-admin/rtl.css
index 3fdf6b5..2a83e48 100644
--- a/wp-admin/rtl.css
+++ b/wp-admin/rtl.css
@@ -14,7 +14,7 @@
 
 #wphead h1 { font-size: 2.4em; }
 
-#postdiv , #titlediv, #guiddiv { margin: 0 0 0 8px; }
+#postdiv, #titlediv, #guiddiv, #tagdiv { margin: 0 0 0 8px; }
 
 #ed_toolbar input { margin: 3px 0 2px 2px; }
 
@@ -196,3 +196,10 @@ a.dbx-toggle, a.dbx-toggle:visited {
 	margin-right: auto;
 	margin-left: 3px;
 }
+
+a.view-link {
+	right:auto;
+	left:5%;
+	margin-right:0;
+	margin-left:220px;
+}
diff --git a/wp-admin/themes.php b/wp-admin/themes.php
index 9f2c21f..0b7d64f 100644
--- a/wp-admin/themes.php
+++ b/wp-admin/themes.php
@@ -101,7 +101,7 @@ foreach ($theme_names as $theme_name) {
 	$activate_link = wp_nonce_url("themes.php?action=activate&amp;template=$template&amp;stylesheet=$stylesheet", 'switch-theme_' . $template);
 ?>
 <div class="available-theme">
-<h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>
+<h3><a href="<?php echo $activate_link; ?>"><?php echo $title; ?></a></h3>
 
 <a href="<?php echo $activate_link; ?>" class="screenshot">
 <?php if ( $screenshot ) : ?>
diff --git a/wp-admin/upgrade-functions.php b/wp-admin/upgrade-functions.php
index 35095d0..e3357ec 100644
--- a/wp-admin/upgrade-functions.php
+++ b/wp-admin/upgrade-functions.php
@@ -184,6 +184,12 @@ function upgrade_all() {
 
 	if ( $wp_current_db_version < 4351 )
 		upgrade_old_slugs();
+	
+	if ( $wp_current_db_version < 5200 ) {
+		upgrade_230();
+	}
+	
+	maybe_disable_automattic_widgets();
 
 	$wp_rewrite->flush_rules();
 
@@ -574,6 +580,14 @@ function upgrade_210() {
 	}
 }
 
+function upgrade_230() {
+	global $wp_current_db_version;
+	
+	if ( $wp_current_db_version < 5200 ) {
+		populate_roles_230();
+	}
+}
+
 function upgrade_old_slugs() {
 	// upgrade people who were using the Redirect Old Slugs plugin
 	global $wpdb;
@@ -666,7 +680,15 @@ function get_alloptions_110() {
 // Version of get_option that is private to install/upgrade.
 function __get_option($setting) {
 	global $wpdb;
-
+	
+	if ( $setting == 'home' && defined( 'WP_HOME' ) ) {
+		return preg_replace( '|/+$|', '', constant( 'WP_HOME' ) );
+	}
+	
+	if ( $setting == 'siteurl' && defined( 'WP_SITEURL' ) ) {
+		return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) );
+	}
+	
 	$option = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting'");
 
 	if ( 'home' == $setting && '' == $option )
@@ -1109,4 +1131,16 @@ function wp_check_mysql_version() {
 		die(sprintf(__('<strong>ERROR</strong>: WordPress %s requires MySQL 4.0.0 or higher'), $wp_version));
 }
 
-?>
+function maybe_disable_automattic_widgets() {
+	$plugins = __get_option( 'active_plugins' );
+	
+	foreach ( (array) $plugins as $plugin ) {
+		if ( basename( $plugin ) == 'widgets.php' ) {
+			array_splice( $plugins, array_search( $plugin, $plugins ), 1 );
+			update_option( 'active_plugins', $plugins );
+			break;
+		}
+	}
+}
+
+?>
\ No newline at end of file
diff --git a/wp-admin/upload-functions.php b/wp-admin/upload-functions.php
index 79060e2..31965bc 100644
--- a/wp-admin/upload-functions.php
+++ b/wp-admin/upload-functions.php
@@ -355,4 +355,5 @@ function wp_upload_admin_head() {
 		echo "</style>";
 	}
 }
+
 ?>
diff --git a/wp-admin/upload.css b/wp-admin/upload.css
index fbb41cd..009986c 100644
--- a/wp-admin/upload.css
+++ b/wp-admin/upload.css
@@ -44,6 +44,7 @@ body > #upload-menu { border-bottom: 7px solid #fff; }
 }
 
 #upload-menu li #current-tab-nav {
+	background: #f9fcfe;
 	float: left;
 	padding: 5px 5px 0 0;
 	margin-left: -5px;
diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index 562272c..2aa3f66 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -59,7 +59,7 @@ foreach ( $wp_upload_tabs as $t => $tab_array ) {
 
 if ( 'inline' == $style ) : ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
+<html xmlns="http://www.w3.org/1999/xhtml" <?php do_action('admin_xml_ns'); ?> <?php language_attributes(); ?>>
 <head>
 <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_option('blog_charset'); ?>" />
 <title><?php bloginfo('name') ?> &rsaquo; <?php _e('Uploads'); ?> &#8212; WordPress</title>
@@ -89,7 +89,7 @@ echo "<ul id='upload-menu'>\n";
 foreach ( $wp_upload_tabs as $t => $tab_array ) { // We've already done the current_user_can check
 	$href = add_query_arg( array('tab' => $t, 'ID' => '', 'action' => '', 'paged' => '') );
 	if ( isset($tab_array[4]) && is_array($tab_array[4]) )
-		add_query_arg( $tab_array[4], $href );
+		$href = add_query_arg( $tab_array[4], $href );
 	$_href = clean_url( $href);
 	$page_links = '';
 	$class = 'upload-tab alignleft';
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index 9760864..c025f62 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -61,7 +61,7 @@ include ('admin-header.php');
 <div id="message" class="updated fade">
 	<p><strong><?php _e('User updated.') ?></strong></p>
 	<?php if ( $wp_http_referer ) : ?>
-	<p><a href="<?php echo clean_url($wp_http_referer); ?>"><?php _e('&laquo; Back to Authors and Users'); ?></a></p>
+	<p><a href="users.php"><?php _e('&laquo; Back to Authors and Users'); ?></a></p>
 	<?php endif; ?>
 </div>
 <?php endif; ?>
@@ -89,6 +89,10 @@ include ('admin-header.php');
 <input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
 </p>
 
+<p><label for="rich_editing"><input name="rich_editing" type="checkbox" id="rich_editing" value="true" <?php checked('true', $profileuser->rich_editing); ?> /> <?php _e('Use the visual editor when writing'); ?></label></p>
+
+<p class="submit"><input type="submit" value="<?php _e('Update User &raquo;'); ?>" name="submit" /></p>
+
 <fieldset>
 <legend><?php _e('Name'); ?></legend>
 <p><label><?php _e('Username: (no editing)'); ?><br />
diff --git a/wp-admin/widgets-rtl.css b/wp-admin/widgets-rtl.css
new file mode 100644
index 0000000..805f39d
--- /dev/null
+++ b/wp-admin/widgets-rtl.css
@@ -0,0 +1,39 @@
+#sbreset, #lastmodule, #palettediv .module, .dropzone, .dropzone ul { float: right; }
+
+* .module, #lastmodule { text-align: right; }
+
+* html #palettediv ul { padding: 0 10px 0 0; }
+
+#palettediv ul { padding: 0 10px 0 0; }
+
+* .handle, #lastmodule span {
+	border-right: 1px solid #f2f2f2;
+	border-left: 1px solid #e8e8e8;
+}
+
+#sbadmin p.submit {
+	padding-right: 0;
+	padding-left: 10px;
+	clear: right;
+}
+
+#palettediv .module, #lastmodule, .dropzone {
+	margin-right: auto;
+	margin-left: 10px;
+}
+
+* .popper {
+	right: auto;
+	left: 3px;
+	background-position: 5px 0;
+}
+
+.controlcloser {
+	right: auto;
+	left: 8px;
+}
+
+#shadow {
+	left: auto;
+	right: 0px;
+}
\ No newline at end of file
diff --git a/wp-admin/widgets.css b/wp-admin/widgets.css
new file mode 100644
index 0000000..f78dbe5
--- /dev/null
+++ b/wp-admin/widgets.css
@@ -0,0 +1,214 @@
+body {
+	height: 100%;
+}
+
+#sbadmin #zones {
+	-moz-user-select: none;
+	-khtml-user-select: none;
+	user-select: none;
+}
+
+#sbreset {
+	float: left;
+	margin: 1px 0;
+}
+
+.dropzone {
+	float: left;
+	margin-right: 10px;
+	padding: 5px;
+	border: 1px solid #bbb;
+	background-color: #f0f8ff;
+}
+
+.dropzone h3 {
+	text-align: center;
+	color: #333;
+}
+
+.dropzone ul {
+	list-style-type: none;
+	width: 240px;
+	float: left;
+	margin: 0;
+	padding: 0;
+}
+
+* .module, #lastmodule {
+	width: 238px;
+	padding: 0;
+	margin: 5px 0;
+	cursor: move;
+	display: block;
+	border: 1px solid #ccc;
+	background-color: #fbfbfb;
+	text-align: left;
+	line-height: 25px;
+}
+
+* .handle, #lastmodule span {
+	display: block;
+	width: 216px;
+	padding: 0 10px;
+	border-top: 1px solid #f2f2f2;
+	border-right: 1px solid #e8e8e8;
+	border-bottom: 1px solid #e8e8e8;
+	border-left: 1px solid #f2f2f2;
+}
+
+* .popper {
+	margin: 0;
+	display: inline;
+	position: absolute;
+	top: 3px;
+	right: 3px;
+	overflow: hidden;
+	text-align: center;
+	height: 16px;
+	font-size: 18px;
+	line-height: 14px;
+	cursor: pointer;
+	padding: 0 3px 1px;
+	border-top: 4px solid #6da6d1;
+	background: url( images/fade-butt.png ) -5px 0px;
+}
+
+* html .popper {
+	padding: 1px 6px 0;
+	font-size: 16px;
+}
+
+#sbadmin p.submit {
+	padding-right: 10px;
+	clear: left;
+}
+
+.placematt {
+	cursor: default;
+	margin: 10px 0 0;
+	padding: 0;
+	width: 238px;
+	float:left;
+	background-color: #ffe;
+}
+
+* html .placematt {
+	margin-top: 5px;
+}
+
+.placematt h4 {
+	text-align: center;
+	margin-bottom: 5px;
+}
+
+.placematt span {
+	padding: 0 10px 10px;
+	text-align: justify;
+}
+
+
+#palettediv {
+	border: 1px solid #bbb;
+	background-color: #f0f8ff;
+	height:auto;
+	margin-top: 10px;
+}
+
+#palettediv h3 {
+	text-align: center;
+	color: #333;
+}
+
+#palettediv ul {
+	padding: 0 0 0 10px;
+}
+
+#palettediv .module, #lastmodule {
+	margin-right: 10px;
+	float: left;
+	width: 120px;
+}
+
+#palettediv .handle, #lastmodule span {
+	height: 40px;
+	font-size: 90%;
+	width: 110px;
+	padding: 0 5px;
+}
+
+#palettediv .popper {
+	visibility: hidden;
+}
+
+#lastmodule {
+	visibility: hidden;
+}
+
+* html #palettediv ul {
+	margin: 0;
+	padding: 0 0 0 10px;
+}
+
+* html #palettediv .module {
+	float: none;
+	display: inline;
+}
+
+#controls {
+	height: 0px;
+}
+
+.control {
+	position: absolute;
+	display: block;
+	background: #f9fcfe;
+	padding: 0;
+}
+
+.controlhandle {
+	cursor: move;
+	background-color: #6da6d1;
+	border-bottom: 2px solid #448abd;
+	color: #333;
+	display: block;
+	margin: 0 0 5px;
+	padding: 4px;
+	font-size: 120%;
+}
+
+.controlcloser {
+	cursor: pointer;
+	font-size: 120%;
+	display: block;
+	position: absolute;
+	top: 2px;
+	right: 8px;
+	padding: 0 3px;
+	font-weight: bold;
+}
+
+.controlform {
+	margin: 20px 30px;
+}
+
+.controlform p {
+	text-align: center;
+}
+
+.control .checkbox {
+	border: none;
+	background: transparent;
+}
+
+.hidden {
+	display: none;
+}
+
+#shadow {
+	background: black;
+	display: none;
+	position: absolute;
+	top: 0px;
+	left: 0px;
+	width: 100%;
+}
\ No newline at end of file
diff --git a/wp-admin/widgets.php b/wp-admin/widgets.php
new file mode 100644
index 0000000..a8d469e
--- /dev/null
+++ b/wp-admin/widgets.php
@@ -0,0 +1,390 @@
+<?php
+
+require_once 'admin.php';
+
+if ( ! current_user_can('switch_themes') )
+	wp_die( __( 'Cheatin&#8217; uh?' ));
+
+wp_enqueue_script( 'scriptaculous-effects' );
+wp_enqueue_script( 'scriptaculous-dragdrop' );
+
+function wp_widgets_admin_head() {
+	global $wp_registered_sidebars, $wp_registered_widgets, $wp_registered_widget_controls;
+	
+	define( 'WP_WIDGETS_WIDTH', 1 + 262 * ( count( $wp_registered_sidebars ) ) );
+	define( 'WP_WIDGETS_HEIGHT', 35 * ( count( $wp_registered_widgets ) ) );
+?>
+	<link rel="stylesheet" href="widgets.css?version=<?php bloginfo('version'); ?>" type="text/css" />
+	<!--[if IE 7]>
+	<style type="text/css">
+	#palette {float:left;}
+	</style>
+	<![endif]-->
+	<style type="text/css">
+		.dropzone ul { height: <?php echo constant( 'WP_WIDGETS_HEIGHT' ); ?>px; }
+		#sbadmin #zones { width: <?php echo constant( 'WP_WIDGETS_WIDTH' ); ?>px; }
+	</style>
+<?php
+	if ( get_bloginfo( 'text_direction' ) == 'rtl' ) { 
+?>
+	<link rel="stylesheet" href="widgets-rtl.css?version=<?php bloginfo('version'); ?>" type="text/css" />
+<?php
+	}
+	
+	$cols = array();
+	foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+		$cols[] = '\'' . $index . '\'';
+	}
+	$cols = implode( ', ', $cols );
+	
+	$widgets = array();
+	foreach ( $wp_registered_widgets as $name => $widget ) {
+		$widgets[] = '\'' . $widget['id'] . '\'';
+	}
+	$widgets = implode( ', ', $widgets );
+?>
+<script type="text/javascript">
+// <![CDATA[
+	var cols = [<?php echo $cols; ?>];
+	var widgets = [<?php echo $widgets; ?>];
+	var controldims = new Array;
+	<?php foreach ( $wp_registered_widget_controls as $name => $widget ) : ?>
+		controldims['<?php echo $widget['id']; ?>control'] = new Array;
+		controldims['<?php echo $widget['id']; ?>control']['width'] = <?php echo (int) $widget['width']; ?>;
+		controldims['<?php echo $widget['id']; ?>control']['height'] = <?php echo (int) $widget['height']; ?>;
+	<?php endforeach; ?>
+	function initWidgets() {
+	<?php foreach ( $wp_registered_widget_controls as $name => $widget ) : ?>
+		$('<?php echo $widget['id']; ?>popper').onclick = function() {popControl('<?php echo $widget['id']; ?>control');};
+		$('<?php echo $widget['id']; ?>closer').onclick = function() {unpopControl('<?php echo $widget['id']; ?>control');};
+		new Draggable('<?php echo $widget['id']; ?>control', {revert:false,handle:'controlhandle',starteffect:function(){},endeffect:function(){},change:function(o){dragChange(o);}});
+		if ( true && window.opera )
+			$('<?php echo $widget['id']; ?>control').style.border = '1px solid #bbb';
+	<?php endforeach; ?>
+		if ( true && window.opera )
+			$('shadow').style.background = 'transparent';
+		new Effect.Opacity('shadow', {to:0.0});
+		widgets.map(function(o) {o='widgetprefix-'+o; Position.absolutize(o); Position.relativize(o);} );
+		$A(Draggables.drags).map(function(o) {o.startDrag(null); o.finishDrag(null);});
+		//for ( var n in Draggables.drags ) {
+		for ( n=0; n<=Draggables.drags.length; n++ ) {
+			if ( Draggables.drags[n].element.id == 'lastmodule' ) {
+				Draggables.drags[n].destroy();
+				break;
+			}
+		}
+		resetPaletteHeight();
+	}
+	function resetDroppableHeights() {
+		var max = 6;
+		cols.map(function(o) {var c = $(o).childNodes.length; if ( c > max ) max = c;} );
+		var height = 35 * ( max + 1);
+		cols.map(function(o) {h = (($(o).childNodes.length + 1) * 35); $(o).style.height = (h > 280 ? h : 280) + 'px';} );
+	}
+	function resetPaletteHeight() {
+		var p = $('palette'), pd = $('palettediv'), last = $('lastmodule');
+		p.appendChild(last);
+		if ( Draggables.activeDraggable && last.id == Draggables.activeDraggable.element.id )
+			last = last.previousSibling;
+		var y1 = Position.cumulativeOffset(last)[1] + last.offsetHeight;
+		var y2 = Position.cumulativeOffset(pd)[1] + pd.offsetHeight;
+		var dy = y1 - y2;
+		pd.style.height = (pd.offsetHeight + dy + 9) + "px";
+	}
+	function maxHeight(elm) {
+		htmlheight = document.body.parentNode.clientHeight;
+		bodyheight = document.body.clientHeight;
+		var height = htmlheight > bodyheight ? htmlheight : bodyheight;
+		$(elm).style.height = height + 'px';
+	}
+	function dragChange(o) {
+		el = o.element ? o.element : $(o);
+		var p = Position.page(el);
+		var right = p[0];
+		var top = p[1];
+		var left = $('shadow').offsetWidth - (el.offsetWidth + right);
+		var bottom = $('shadow').offsetHeight - (el.offsetHeight + top);
+		if ( right < 1 ) el.style.left = 0;
+		if ( top < 1 ) el.style.top = 0;
+		if ( left < 1 ) el.style.left = (left + right) + 'px';
+		if ( bottom < 1 ) el.style.top = (top + bottom) + 'px';
+	}
+	function popControl(elm) {
+		el = $(elm);
+		el.style.width = controldims[elm]['width'] + 'px';
+		el.style.height = controldims[elm]['height'] + 'px';
+		var x = ( document.body.clientWidth - controldims[elm]['width'] ) / 2;
+		var y = ( document.body.parentNode.clientHeight - controldims[elm]['height'] ) / 2;
+		el.style.position = 'absolute';
+		el.style.right = '' + x + 'px';
+		el.style.top = '' + y + 'px';
+		el.style.zIndex = 1000;
+		el.className='control';
+		$('shadow').onclick = function() {unpopControl(elm);};
+	    window.onresize = function(){maxHeight('shadow');dragChange(elm);};
+		popShadow();
+	}
+	function popShadow() {
+		maxHeight('shadow');
+		var shadow = $('shadow');
+		shadow.style.zIndex = 999;
+		shadow.style.display = 'block';
+	    new Effect.Opacity('shadow', {duration:0.5, from:0.0, to:0.2});
+	}
+	function unpopShadow() {
+	    new Effect.Opacity('shadow', {to:0.0});
+		$('shadow').style.display = 'none';
+	}
+	function unpopControl(el) {
+		$(el).className='hidden';
+		unpopShadow();
+	}
+	function serializeAll() {
+	<?php foreach ( $wp_registered_sidebars as $index => $sidebar ) : ?>
+		$('<?php echo $index; ?>order').value = Sortable.serialize('<?php echo $index; ?>');
+	<?php endforeach; ?>
+	}
+	function updateAll() {
+		resetDroppableHeights();
+		resetPaletteHeight();
+		cols.map(function(o){
+			var pm = $(o+'placematt');
+			if ( $(o).childNodes.length == 0 ) {
+				pm.style.display = 'block';
+				//Position.absolutize(o+'placematt');
+			} else {
+				pm.style.display = 'none';
+			}
+		});
+	}
+	function noSelection(event) {
+		if ( document.selection ) {
+			var range = document.selection.createRange();
+			range.collapse(false);
+			range.select();
+			return false;
+		}
+	}
+	addLoadEvent(updateAll);
+	addLoadEvent(initWidgets);
+	Event.observe(window, 'resize', resetPaletteHeight);
+// ]]>
+</script>
+<?php
+}
+add_action( 'admin_head', 'wp_widgets_admin_head' );
+do_action( 'sidebar_admin_setup' );
+
+function wp_widget_draggable( $name ) {
+	global $wp_registered_widgets, $wp_registered_widget_controls;
+	
+	if ( !isset( $wp_registered_widgets[$name] ) ) {
+		return;
+	}
+	
+	$sanitized_name = sanitize_title( $wp_registered_widgets[$name]['id'] );
+	$link_title = __( 'Configure' );
+	$popper = ( isset( $wp_registered_widget_controls[$name] ) ) 
+		? ' <div class="popper" id="' . $sanitized_name . 'popper" title="' . $link_title . '">&#8801;</div>'
+		: '';
+	
+	$output = '<li class="module" id="widgetprefix-%1$s"><span class="handle">%2$s</span></li>';
+	
+	printf( $output, $sanitized_name, $wp_registered_widgets[$name]['name'] . $popper );
+}
+
+$title = __( 'Widgets' );
+$parent_file = 'themes.php';
+
+require_once 'admin-header.php';
+
+if ( count( $wp_registered_sidebars ) < 1 ) {
+?>
+	<div class="wrap">
+		<h2><?php _e( 'No Sidebars Defined' ); ?></h2>
+		
+		<p><?php _e( 'You are seeing this message because the theme you are currently using isn&#8217;t widget-aware, meaning that it has no sidebars that you are able to change. For information on making your theme widget-aware, please <a href="http://automattic.com/code/widgets/themes/">follow these instructions</a>.' ); /* TODO: article on codex */; ?></p>
+	</div>
+<?php
+	
+	require_once 'admin-footer.php';
+	exit;
+}
+
+$sidebars_widgets = wp_get_sidebars_widgets();
+
+if ( empty( $sidebars_widgets ) ) {
+	$sidebars_widgets = wp_get_widget_defaults();
+}
+
+if ( isset( $_POST['action'] ) ) {
+	check_admin_referer( 'widgets-save-widget-order' );
+	
+	switch ( $_POST['action'] ) {
+		case 'default' :
+			$sidebars_widgets = wp_get_widget_defaults();
+			wp_set_sidebars_widgets( $sidebars_widgets );
+		break;
+		
+		case 'save_widget_order' :
+			$sidebars_widgets = array();
+			
+			foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+				$postindex = $index . 'order';
+				
+				parse_str( $_POST[$postindex], $order );
+				
+				$new_order = $order[$index];
+				
+				if ( is_array( $new_order ) ) {
+					foreach ( $new_order as $sanitized_name ) {
+						foreach ( $wp_registered_widgets as $name => $widget ) {
+							if ( $sanitized_name == $widget['id'] ) {
+								$sidebars_widgets[$index][] = $name;
+							}
+						}
+					}
+				}
+			}
+			
+			wp_set_sidebars_widgets( $sidebars_widgets );
+		break;
+	}
+}
+
+ksort( $wp_registered_widgets );
+
+$inactive_widgets = array();
+
+foreach ( $wp_registered_widgets as $name => $widget ) {
+	$is_active = false;
+	
+	foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+		if ( is_array( $sidebars_widgets[$index] ) && in_array( $name, $sidebars_widgets[$index] ) ) {
+			$is_active = true;
+			break;
+		}
+	}
+	
+	if ( !$is_active ) {
+		$inactive_widgets[] = $name;
+	}
+}
+
+$containers = array( 'palette' );
+
+foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+	$containers[] = $index;
+}
+
+$c_string = '';
+
+foreach ( $containers as $container ) {
+	$c_string .= '"' . $container . '",';
+}
+
+$c_string = substr( $c_string, 0, -1 );
+
+if ( isset( $_POST['action'] ) ) {
+?>
+	<div class="fade updated" id="message">
+		<p><?php printf( __( 'Sidebar updated. <a href="%s">View site &raquo;</a>' ), get_bloginfo( 'url' ) . '/' ); ?></p>
+	</div>
+<?php
+}
+?>
+	<div class="wrap">
+		<h2><?php _e( 'Sidebar Arrangement' ); ?></h2>
+		
+		<p><?php _e( 'You can drag and drop widgets onto your sidebar below.' ); ?></p>
+		
+		<form id="sbadmin" method="post" onsubmit="serializeAll();">
+			<p class="submit">
+				<input type="submit" value="<?php _e( 'Save Changes &raquo;' ); ?>" />
+			</p>
+			<div id="zones">
+			<?php
+				foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+			?>
+				<input type="hidden" id="<?php echo $index; ?>order" name="<?php echo $index; ?>order" value="" />
+				
+				<div class="dropzone">
+					<h3><?php echo $sidebar['name']; ?></h3>
+					
+					<div id="<?php echo $index; ?>placematt" class="module placemat">
+						<span class="handle">
+							<h4><?php _e( 'Default Sidebar' ); ?></h4>
+							<?php _e( 'Your theme will display its usual sidebar when this box is empty. Dragging widgets into this box will replace the usual sidebar with your customized sidebar.' ); ?>
+						</span>
+					</div>
+					
+					<ul id="<?php echo $index; ?>">
+					<?php
+						if ( is_array( $sidebars_widgets[$index] ) ) {
+							foreach ( $sidebars_widgets[$index] as $name ) {
+								wp_widget_draggable( $name );
+							}
+						}
+					?>
+					</ul>
+				</div>
+			<?php
+				}
+			?>
+			
+			<br class="clear" />
+			
+			</div>
+		
+			<div id="palettediv">
+				<h3><?php _e( 'Available Widgets' ); ?></h3>
+			
+				<ul id="palette">
+				<?php
+					foreach ( $inactive_widgets as $name ) {
+						wp_widget_draggable( $name );
+					}
+				?>
+					<li id="lastmodule"><span></span></li>
+				</ul>
+			</div>
+		
+			<script type="text/javascript">
+			// <![CDATA[
+			<?php foreach ( $containers as $container ) { ?>
+				Sortable.create("<?php echo $container; ?>", {
+					dropOnEmpty: true, containment: [<?php echo $c_string; ?>], 
+					handle: 'handle', constraint: false, onUpdate: updateAll, 
+					format: /^widgetprefix-(.*)$/
+				});
+			<?php } ?>
+			// ]]>
+			</script>
+		
+			<p class="submit">
+			<?php wp_nonce_field( 'widgets-save-widget-order' ); ?>
+				<input type="hidden" name="action" id="action" value="save_widget_order" />
+				<input type="submit" value="<?php _e( 'Save Changes &raquo;' ); ?>" />
+			</p>
+		
+			<div id="controls">
+			<?php foreach ( $wp_registered_widget_controls as $name => $widget ) { ?>
+				<div class="hidden" id="<?php echo $widget['id']; ?>control">
+					<span class="controlhandle"><?php echo $widget['name']; ?></span>
+					<span id="<?php echo $widget['id']; ?>closer" class="controlcloser">&#215;</span>
+					<div class="controlform">
+					<?php call_user_func_array( $widget['callback'], $widget['params'] ); ?>
+					</div>
+				</div>
+			<?php } ?>
+			</div>
+		</form>
+		
+		<br class="clear" />
+	</div>
+	
+	<div id="shadow"> </div>
+	
+	<?php do_action( 'sidebar_admin_page' ); ?>
+
+<?php require_once 'admin-footer.php'; ?>
diff --git a/wp-admin/wp-admin.css b/wp-admin/wp-admin.css
index 6de69f4..14c93a2 100644
--- a/wp-admin/wp-admin.css
+++ b/wp-admin/wp-admin.css
@@ -120,7 +120,6 @@ a:visited {
 }
 
 a:hover {
-/*	border-bottom: 1px solid #3a75ae;*/
 	color: #069;
 }
 
@@ -132,7 +131,7 @@ body	{
 }
 
 body, td {
-	font: 13px "Lucida Grande", "Lucida Sans Unicode", Tahoma, Verdana;
+	font: 13px "Lucida Grande", "Lucida Sans Unicode", Tahoma, Verdana, sans-serif;
 }
 
 fieldset {
@@ -170,10 +169,10 @@ form, label input {
 }
 
 h2 {
-	border-bottom: .5em solid #e5f3ff;
 	color: #333;
-	font: normal 32px/5px serif;
+	font: normal 32px serif;
 	margin: 5px 10px;
+	background: url( images/heading-bg.gif ) repeat-x bottom;
 }
 
 img, #footer a {
@@ -437,7 +436,7 @@ form#upload #post_content {
 }
 
 .wrap h2 {
-	margin: .4em 0 .5em;
+	margin: 0 0 .5em;
 	clear: both;
 }
 
@@ -538,7 +537,7 @@ input.disabled, textarea.disabled {
 	border: none;
 }
 
-#postdiv, #titlediv, #guiddiv {
+#postdiv, #titlediv, #guiddiv, #tagdiv {
 	margin: 0 8px 0 0;
 	padding: 0;
 }
@@ -554,11 +553,11 @@ input.disabled, textarea.disabled {
 }
 
 #postdivrich #content {
-	padding: .7em;
+	padding: 5px;
 	line-height: 140%;
 }
 
-#titlediv input, #guiddiv input {
+#titlediv input, #guiddiv input, #tagdiv input {
 	margin: 0;
 	width: 100%;
 }
@@ -629,7 +628,7 @@ input.delete:hover {
 
 #title {
 	font-size: 1.7em;
-	padding: 4px;
+	padding: 4px 3px;
 }
 
 #postexcerpt div, #attachmentlinks div {
@@ -912,17 +911,13 @@ input.delete:hover {
 }
 
 #zeitgeist h2, fieldset legend a {
-	border-bottom: none;
+	background: none;
 }
 
 * html #zeitgeist h2 {
 	padding-top: 10px;
 }
 
-#zeitgeist h2 {
-	margin-top: .4em;
-}
-
 #zeitgeist h3 {
 	border-bottom: 1px solid #ccc;
 	font-size: 16px;
@@ -1332,3 +1327,10 @@ a.page-numbers:hover {
 	font-weight: bold;
 	margin: 0 6px;
 }
+
+a.view-link {
+	position: absolute;
+	right: 5%;
+	margin-right: 220px;
+	text-decoration:underline;
+}
-- 
cgit