Index: wp-login.php
===================================================================
--- wp-login.php	(.../2.0.5)	(revision 4701)
+++ wp-login.php	(.../2.0.6)	(revision 4701)
@@ -127,7 +127,7 @@
 case 'resetpass' :
 
 	// Generate something random for a password... md5'ing current time with a rand salt
-	$key = preg_replace('/a-z0-9/i', '', $_GET['key']);
+	$key = preg_replace('/[^a-z0-9]/i', '', $_GET['key']);
 	if ( empty($key) )
 		die( __('Sorry, that key does not appear to be valid.') );
 	$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
@@ -231,14 +231,14 @@
 ?>
 
 <form name="loginform" id="loginform" action="wp-login.php" method="post">
-<p><label><?php _e('Username:') ?><br /><input type="text" name="log" id="log" value="<?php echo wp_specialchars(stripslashes($user_login), 1); ?>" size="20" tabindex="1" /></label></p>
+<p><label><?php _e('Username:') ?><br /><input type="text" name="log" id="log" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="1" /></label></p>
 <p><label><?php _e('Password:') ?><br /> <input type="password" name="pwd" id="pwd" value="" size="20" tabindex="2" /></label></p>
 <p>
   <label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="3" /> 
   <?php _e('Remember me'); ?></label></p>
 <p class="submit">
 	<input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> &raquo;" tabindex="4" />
-	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" />
 </p>
 </form>
 <ul>
Index: wp-includes/template-functions-general.php
===================================================================
--- wp-includes/template-functions-general.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/template-functions-general.php	(.../2.0.6)	(revision 4701)
@@ -263,7 +263,7 @@
 /* link navigation hack by Orien http://icecode.com/ */
 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
 	$text = wptexturize($text);
-	$title_text = wp_specialchars($text, 1);
+	$title_text = attribute_escape($text);
 
 	if ('link' == $format)
 		return "\t<link rel='archives' title='$title_text' href='$url' />\n";
@@ -336,10 +336,10 @@
 			foreach ( $arcresults as $arcresult ) {
 				$url	= get_month_link($arcresult->year,	$arcresult->month);
 				if ( $show_post_count ) {
-					$text = sprintf('%s %d', $month[zeroise($arcresult->month,2)], $arcresult->year);
+					$text = sprintf(__('%1$s %2$d'), $month[zeroise($arcresult->month,2)], $arcresult->year);
 					$after = '&nbsp;('.$arcresult->posts.')' . $afterafter;
 				} else {
-					$text = sprintf('%s %d', $month[zeroise($arcresult->month,2)], $arcresult->year);
+					$text = sprintf(__('%1$s %2$d'), $month[zeroise($arcresult->month,2)], $arcresult->year);
 				}
 				echo get_archives_link($url, $text, $format, $before, $after);
 			}
@@ -349,7 +349,7 @@
 		if ( $arcresults ) {
 			foreach ( $arcresults as $arcresult ) {
 				$url	= get_day_link($arcresult->year, $arcresult->month, $arcresult->dayofmonth);
-				$date = sprintf("%d-%02d-%02d 00:00:00", $arcresult->year, $arcresult->month, $arcresult->dayofmonth);
+				$date = sprintf('%1$d-%2$02d-%3$02d 00:00:00', $arcresult->year, $arcresult->month, $arcresult->dayofmonth);
 				$text = mysql2date($archive_day_date_format, $date);
 				echo get_archives_link($url, $text, $format, $before, $after);
 			}
@@ -366,7 +366,7 @@
 						$arc_week = get_weekstartend($arcresult->yyyymmdd, get_settings('start_of_week'));
 						$arc_week_start = date_i18n($archive_week_start_date_format, $arc_week['start']);
 						$arc_week_end = date_i18n($archive_week_end_date_format, $arc_week['end']);
-						$url  = sprintf('%s/%s%sm%s%s%sw%s%d', get_settings('home'), '', '?', '=', $arc_year, '&amp;', '=', $arcresult->week);
+						$url  = sprintf('%1$s/%2$s%3$sm%4$s%5$s%6$sw%7$s%8$d', get_settings('home'), '', '?', '=', $arc_year, '&amp;', '=', $arcresult->week);
 						$text = $arc_week_start . $archive_week_separator . $arc_week_end;
 						echo get_archives_link($url, $text, $format, $before, $after);
 					}
Index: wp-includes/template-functions-category.php
===================================================================
--- wp-includes/template-functions-category.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/template-functions-category.php	(.../2.0.6)	(revision 4701)
@@ -323,9 +323,9 @@
 			$num_found++;
 			$link = '<a href="'.get_category_link($category->cat_ID).'" ';
 			if ( $use_desc_for_title == 0 || empty($category->category_description) )
-				$link .= 'title="'. sprintf(__("View all posts filed under %s"), wp_specialchars($category->cat_name)) . '"';
+				$link .= 'title="'. sprintf(__("View all posts filed under %s"), attribute_escape($category->cat_name)) . '"';
 			else
-				$link .= 'title="' . wp_specialchars(apply_filters('category_description',$category->category_description,$category)) . '"';
+				$link .= 'title="' . attribute_escape(apply_filters('category_description',$category->category_description,$category)) . '"';
 			$link .= '>';
 			$link .= apply_filters('list_cats', $category->cat_name, $category).'</a>';
 
Index: wp-includes/cache.php
===================================================================
--- wp-includes/cache.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/cache.php	(.../2.0.6)	(revision 4701)
@@ -30,9 +30,7 @@
 }
 
 function wp_cache_init() {
-	global $wp_object_cache;
-
-	$wp_object_cache = new WP_Object_Cache();
+	$GLOBALS['wp_object_cache'] =& new WP_Object_Cache();
 }
 
 function wp_cache_replace($key, $data, $flag = '', $expire = 0) {
Index: wp-includes/template-functions-post.php
===================================================================
--- wp-includes/template-functions-post.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/template-functions-post.php	(.../2.0.6)	(revision 4701)
@@ -158,7 +158,7 @@
 					if ( '' == get_settings('permalink_structure') )
 						echo '<a href="' . get_permalink() . '&amp;page=' . $i . '">';
 					else
-						echo '<a href="' . trailingslashit( get_permalink() ) . $i . '/">';
+						echo '<a href="' . trailingslashit(get_permalink()) . $i . '/">';
 				}
 				echo $j;
 				if ( ($i != $page) || ((!$more) && ($page==1)) )
@@ -173,14 +173,14 @@
 					if ( '' == get_settings('permalink_structure') )
 						echo '<a href="' . get_permalink() . '&amp;page=' . $i . '">'.$previouspagelink.'</a>';
 					else
-						echo '<a href="' . get_permalink() . $i . '/">'.$previouspagelink.'</a>';
+						echo '<a href="' . get_permalink() . $i . '/">' . $previouspagelink . '</a>';
 				}
 				$i = $page + 1;
 				if ( $i <= $numpages && $more ) {
 					if ( '' == get_settings('permalink_structure') )
-						echo '<a href="'.get_permalink() . '&amp;page=' . $i . '">'.$nextpagelink.'</a>';
+						echo '<a href="' . get_permalink() . '&amp;page=' . $i . '">' . $nextpagelink . '</a>';
 					else
-						echo '<a href="'.get_permalink().$i.'/">'.$nextpagelink.'</a>';
+						echo '<a href="' . trailingslashit(get_permalink()) . $i . '/">' . $nextpagelink . '</a>';
 				}
 				echo $after;
 			}
@@ -418,7 +418,7 @@
 
 	foreach ( $page_tree[$parent]['children'] as $page_id ) {
 		$cur_page = $page_tree[$page_id];
-		$title = wp_specialchars($cur_page['title']);
+		$title = attribute_escape($cur_page['title']);
 
 		$css_class = 'page_item';
 		if ( $page_id == $queried_obj->ID )
Index: wp-includes/wp-db.php
===================================================================
--- wp-includes/wp-db.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/wp-db.php	(.../2.0.6)	(revision 4701)
@@ -131,6 +131,11 @@
 	//	Basic Query	- see docs for more detail
 
 	function query($query) {
+		// filter the query, if filters are available
+		// NOTE: some queries are made before the plugins have been loaded, and thus cannot be filtered with this method
+		if ( function_exists('apply_filters') )
+			$query = apply_filters('query', $query);
+
 		// initialise return
 		$return_val = 0;
 		$this->flush();
Index: wp-includes/links.php
===================================================================
--- wp-includes/links.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/links.php	(.../2.0.6)	(revision 4701)
@@ -212,15 +212,15 @@
 
 		$the_link = '#';
 		if (!empty($row->link_url))
-			$the_link = wp_specialchars($row->link_url);
+			$the_link = attribute_escape($row->link_url);
 
 		$rel = $row->link_rel;
 		if ($rel != '') {
 			$rel = ' rel="' . $rel . '"';
 		}
 
-		$desc = wp_specialchars($row->link_description, ENT_QUOTES);
-		$name = wp_specialchars($row->link_name, ENT_QUOTES);
+		$desc = attribute_escape($row->link_description);
+		$name = attribute_escape($row->link_name);
 		$title = $desc;
 
 		if ($show_updated) {
Index: wp-includes/functions-formatting.php
===================================================================
--- wp-includes/functions-formatting.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/functions-formatting.php	(.../2.0.6)	(revision 4701)
@@ -399,26 +399,27 @@
 
 /*
  balanceTags
- 
+
  Balances Tags of string using a modified stack.
- 
+
  @param text      Text to be balanced
+ @param force     Forces balancing, ignoring the value of the option
  @return          Returns balanced text
  @author          Leonard Lin (leonard@acm.org)
  @version         v1.1
  @date            November 4, 2001
  @license         GPL v2.0
- @notes           
- @changelog       
+ @notes
+ @changelog
  ---  Modified by Scott Reilly (coffee2code) 02 Aug 2004
-             1.2  ***TODO*** Make better - change loop condition to $text
-             1.1  Fixed handling of append/stack pop order of end text
-                  Added Cleaning Hooks
-             1.0  First Version
+	1.2  ***TODO*** Make better - change loop condition to $text
+	1.1  Fixed handling of append/stack pop order of end text
+	     Added Cleaning Hooks
+	1.0  First Version
 */
-function balanceTags($text, $is_comment = 0) {
-	
-	if ( get_option('use_balanceTags') == 0)
+function balanceTags($text, $force = false) {
+
+	if ( !$force && get_option('use_balanceTags') == 0 )
 		return $text;
 
 	$tagstack = array(); $stacksize = 0; $tagqueue = ''; $newtext = '';
@@ -440,7 +441,7 @@
 		if ($regex[1][0] == "/") { // End Tag
 			$tag = strtolower(substr($regex[1],1));
 			// if too many closing tags
-			if($stacksize <= 0) { 
+			if($stacksize <= 0) {
 				$tag = '';
 				//or close to be safe $tag = '/' . $tag;
 			}
@@ -497,7 +498,7 @@
 		}
 		$newtext .= substr($text,0,$i) . $tag;
 		$text = substr($text,$i+$l);
-	}  
+	}
 
 	// Clear Tag Queue
 	$newtext .= $tagqueue;
@@ -518,7 +519,7 @@
 }
 
 function force_balance_tags($text) {
-	return balanceTags($text, 0, true);
+	return balanceTags($text, true);
 }
 
 function format_to_edit($content, $richedit = false) {
@@ -1044,10 +1045,33 @@
 	return apply_filters('richedit_pre', $output);
 }
 
+function clean_url( $url, $protocols = null ) {
+	if ('' == $url) return $url;
+	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%]|i', '', $url);
+	$strip = array('%0d', '%0a');
+	$url = str_replace($strip, '', $url);
+	$url = str_replace(';//', '://', $url);
+	$url = (!strstr($url, '://')) ? 'http://'.$url : $url;
+	$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
+	if ( !is_array($protocols) )
+		$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); 
+	if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
+		return '';
+	return $url;
+}
+
 // Escape single quotes, specialchar double quotes, and fix line endings.
 function js_escape($text) {
-	$text = wp_specialchars($text, 'double');
-	$text = str_replace('&#039;', "'", $text);
-	return preg_replace("/\r?\n/", "\\n", addslashes($text));
+	$safe_text = wp_specialchars($text, 'double');
+	$safe_text = str_replace('&#039;', "'", $safe_text);
+	$safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
+	return apply_filters('js_escape', $safe_text, $text);
 }
+
+// Escaping for HTML attributes
+function attribute_escape($text) {
+	$safe_text = wp_specialchars($text, true);
+	return apply_filters('attribute_escape', $safe_text, $text);
+}
+
 ?>
Index: wp-includes/gettext.php
===================================================================
--- wp-includes/gettext.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/gettext.php	(.../2.0.6)	(revision 4701)
@@ -63,10 +63,12 @@
   function readint() {
       if ($this->BYTEORDER == 0) {
         // low endian
-        return array_shift(unpack('V', $this->STREAM->read(4)));
+        $low_end = unpack('V', $this->STREAM->read(4));
+        return array_shift($low_end);
       } else {
         // big endian
-        return array_shift(unpack('N', $this->STREAM->read(4)));
+        $big_end = unpack('N', $this->STREAM->read(4));
+        return array_shift($big_end);
       }
     }
 
Index: wp-includes/version.php
===================================================================
--- wp-includes/version.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/version.php	(.../2.0.6)	(revision 4701)
@@ -2,7 +2,7 @@
 
 // This just holds the version number, in a separate file so we can bump it without cluttering the SVN
 
-$wp_version = '2.0.5';
+$wp_version = '2.0.6';
 $wp_db_version = 3441;
 
 ?>
Index: wp-includes/functions-post.php
===================================================================
--- wp-includes/functions-post.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/functions-post.php	(.../2.0.6)	(revision 4701)
@@ -24,6 +24,7 @@
 
 	// Get the basics.
 	$post_content    = apply_filters('content_save_pre',   $post_content);
+	$post_content_filtered = apply_filters('content_filtered_save_pre',   $post_content_filtered);
 	$post_excerpt    = apply_filters('excerpt_save_pre',   $post_excerpt);
 	$post_title      = apply_filters('title_save_pre',     $post_title);
 	$post_category   = apply_filters('category_save_pre',  $post_category);
@@ -221,6 +222,7 @@
 
 	// Get the basics.
 	$post_content    = apply_filters('content_save_pre',   $post_content);
+	$post_content_filtered = apply_filters('content_filtered_save_pre',   $post_content_filtered);
 	$post_excerpt    = apply_filters('excerpt_save_pre',   $post_excerpt);
 	$post_title      = apply_filters('title_save_pre',     $post_title);
 	$post_category   = apply_filters('category_save_pre',  $post_category);
@@ -302,6 +304,7 @@
 			post_date = '$post_date',
 			post_date_gmt = '$post_date_gmt',
 			post_content = '$post_content',
+			post_content_filtered = '$post_content_filtered',
 			post_title = '$post_title',
 			post_excerpt = '$post_excerpt',
 			post_status = '$post_status',
@@ -321,9 +324,9 @@
 	} else {
 		$wpdb->query(
 			"INSERT INTO $wpdb->posts
-			(post_author, post_date, post_date_gmt, post_content, post_title, post_excerpt,  post_status, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
+			(post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt,  post_status, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
 			VALUES
-			('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_title', '$post_excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
+			('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
 			$post_ID = $wpdb->insert_id;			
 	}
 	
@@ -549,6 +552,8 @@
 	if ( 'static' == $post->post_status )
 		$wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_status = 'static'");
 
+	$wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_status = 'attachment'");
+
 	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
 	
 	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
Index: wp-includes/classes.php
===================================================================
--- wp-includes/classes.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/classes.php	(.../2.0.6)	(revision 4701)
@@ -598,13 +598,13 @@
 		}
 
 		if ( $this->is_attachment ) {
-			$where .= ' AND (post_status = "attachment")';
+			$where .= " AND (post_status = 'attachment')";
 		} elseif ($this->is_page) {
-			$where .= ' AND (post_status = "static")';
+			$where .= " AND (post_status = 'static')";
 		} elseif ($this->is_single) {
-			$where .= ' AND (post_status != "static")';
+			$where .= " AND (post_status != 'static')";
 		} else {
-			$where .= ' AND (post_status = "publish"';
+			$where .= " AND (post_status = 'publish'";
 
 			if (isset($user_ID) && ('' != intval($user_ID)))
 				$where .= " OR post_author = $user_ID AND post_status != 'draft' AND post_status != 'static')";
@@ -613,7 +613,7 @@
 		}
 
 		if (! $this->is_attachment )
-			$where .= ' AND post_status != "attachment"';
+			$where .= " AND post_status != 'attachment'";
 
 		// Apply filters on where and join prior to paging so that any
 		// manipulations to them are reflected in the paging by day queries.
Index: wp-includes/kses.php
===================================================================
--- wp-includes/kses.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/kses.php	(.../2.0.6)	(revision 4701)
@@ -524,21 +524,34 @@
 }
 
 function kses_init_filters() {
-		add_filter('pre_comment_author', 'wp_filter_kses');
-		add_filter('pre_comment_content', 'wp_filter_kses');
-		add_filter('content_save_pre', 'wp_filter_post_kses');
-		add_filter('title_save_pre', 'wp_filter_kses');
+	// Normal filtering.
+	add_filter('pre_comment_content', 'wp_filter_kses');
+	add_filter('title_save_pre', 'wp_filter_kses');
+
+	// Post filtering
+	add_filter('content_save_pre', 'wp_filter_post_kses');
+	add_filter('excerpt_save_pre', 'wp_filter_post_kses');
+	add_filter('content_filtered_save_pre', 'wp_filter_post_kses');
 }
 
-function kses_init() {
-	remove_filter('pre_comment_author', 'wp_filter_kses');
+function kses_remove_filters() {
+	// Normal filtering.
 	remove_filter('pre_comment_content', 'wp_filter_kses');
-	remove_filter('content_save_pre', 'wp_filter_post_kses');
 	remove_filter('title_save_pre', 'wp_filter_kses');
 
+	// Post filtering
+	remove_filter('content_save_pre', 'wp_filter_post_kses');
+	remove_filter('excerpt_save_pre', 'wp_filter_post_kses');
+	remove_filter('content_filtered_save_pre', 'wp_filter_post_kses');
+}
+
+function kses_init() {
+	kses_remove_filters();
+
 	if (current_user_can('unfiltered_html') == false)
 		kses_init_filters();
 }
+
 add_action('init', 'kses_init');
 add_action('set_current_user', 'kses_init');
 ?>
Index: wp-includes/pluggable-functions.php
===================================================================
--- wp-includes/pluggable-functions.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/pluggable-functions.php	(.../2.0.6)	(revision 4701)
@@ -265,7 +265,8 @@
 	if ( $is_IIS ) {
 		header("Refresh: 0;url=$location");
 	} else {
-		status_header($status); // This causes problems on IIS
+		if ( php_sapi_name() != 'cgi-fcgi' )
+			status_header($status); // This causes problems on IIS and some FastCGI setups
 		header("Location: $location");
 	}
 }
Index: wp-includes/comment-functions.php
===================================================================
--- wp-includes/comment-functions.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/comment-functions.php	(.../2.0.6)	(revision 4701)
@@ -213,17 +213,6 @@
 	return true;
 }
 
-function clean_url( $url ) {
-	if ('' == $url) return $url;
-	$url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $url);
-	$strip = array('%0d', '%0a');
-	$url = str_replace($strip, '', $url);
-	$url = str_replace(';//', '://', $url);
-	$url = (!strstr($url, '://')) ? 'http://'.$url : $url;
-	$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
-	return $url;
-}
-
 function get_comments_number( $post_id = 0 ) {
 	global $wpdb, $comment_count_cache, $id;
 	$post_id = (int) $post_id;
@@ -315,7 +304,7 @@
 		if (!empty($CSSclass)) {
 			echo ' class="'.$CSSclass.'"';
 		}
-		$title = wp_specialchars(apply_filters('the_title', get_the_title()), true);
+		$title = attribute_escape(apply_filters('the_title', get_the_title()));
 		echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">';
 		comments_number($zero, $one, $more, $number);
 		echo '</a>';
@@ -897,21 +886,21 @@
 	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
 		$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
 		$comment_author = stripslashes($comment_author);
-		$comment_author = wp_specialchars($comment_author, true);
+		$comment_author = attribute_escape($comment_author);
 		$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
 	}
 
 	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
 		$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
 		$comment_author_email = stripslashes($comment_author_email);
-		$comment_author_email = wp_specialchars($comment_author_email, true);	
+		$comment_author_email = attribute_escape($comment_author_email);	
 		$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
 	}
 
 	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
 		$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
 		$comment_author_url = stripslashes($comment_author_url);
-		$comment_author_url = wp_specialchars($comment_author_url, true);
+		$comment_author_url = attribute_escape($comment_author_url);
 		$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
 	}
 }
Index: wp-includes/functions.php
===================================================================
--- wp-includes/functions.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/functions.php	(.../2.0.6)	(revision 4701)
@@ -349,7 +349,7 @@
 }
 
 function form_option($option) {
-	echo wp_specialchars( get_option($option), 1 );
+	echo attribute_escape( get_option($option));
 }
 
 function get_alloptions() {
@@ -2163,13 +2163,13 @@
 	return add_query_arg($key, '', $query);
 }
 
-function load_template($file) {
+function load_template($_template_file) {
 	global $posts, $post, $wp_did_header, $wp_did_template_redirect, $wp_query,
 		$wp_rewrite, $wpdb;
 
-	extract($wp_query->query_vars);
+	extract($wp_query->query_vars, EXTR_SKIP);
 
-	require_once($file);
+	require_once($_template_file);
 }
 
 function add_magic_quotes($array) {
@@ -2187,7 +2187,7 @@
 
 function wp_remote_fopen( $uri ) {
 	if ( ini_get('allow_url_fopen') ) {
-		$fp = fopen( $uri, 'r' );
+		$fp = @fopen( $uri, 'r' );
 		if ( !$fp )
 			return false;
 		$linea = '';
@@ -2228,8 +2228,10 @@
 	elseif ( 410 == $header )
 		$text = 'Gone';
 
-	@header("HTTP/1.1 $header $text");
-	@header("Status: $header $text");
+		if ( substr(php_sapi_name(), 0, 3) == 'cgi' )
+			@header("HTTP/1.1 $header $text");
+		else
+			@header("Status: $header $text");
 }
 
 function nocache_headers() {
@@ -2244,7 +2246,7 @@
 	$user_id = (int) $user_id;
 
 	if ( !empty($meta_key) ) {
-		$meta_key = preg_replace('|a-z0-9_|i', '', $meta_key);
+		$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
 		$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
 	} else {
 		$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
@@ -2360,16 +2362,16 @@
 }
 
 function wp_referer_field() {
-	$ref = wp_specialchars($_SERVER['REQUEST_URI']);
+	$ref = attribute_escape(stripslashes($_SERVER['REQUEST_URI']));
 	echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
 	if ( wp_get_original_referer() ) {
-		$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+		$original_ref = attribute_escape(stripslashes(wp_get_original_referer()));
 		echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
 	}
 }
 
 function wp_original_referer_field() {
-	echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+	echo '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
 }
 
 function wp_get_referer() {
@@ -2454,7 +2456,7 @@
 
 	$adminurl = get_settings('siteurl') . '/wp-admin';
 	if ( wp_get_referer() )
-		$adminurl = wp_get_referer();
+		$adminurl = attribute_escape(stripslashes(wp_get_referer()));
 
 	$title = __('WordPress Confirmation');
 	// Remove extra layer of slashes.
@@ -2466,12 +2468,12 @@
 		foreach ( (array) $q as $a ) {
 			$v = substr(strstr($a, '='), 1);
 			$k = substr($a, 0, -(strlen($v)+1));
-			$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
+			$html .= "\t\t<input type='hidden' name='" . attribute_escape( urldecode($k)) . "' value='" . attribute_escape( urldecode($v)) . "' />\n";
 		}
 		$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
 		$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
 	} else {
-		$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
+		$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
 	}
 	$html .= "</body>\n</html>";
 	wp_die($html, $title);
Index: wp-includes/template-functions-author.php
===================================================================
--- wp-includes/template-functions-author.php	(.../2.0.5)	(revision 4701)
+++ wp-includes/template-functions-author.php	(.../2.0.6)	(revision 4701)
@@ -131,7 +131,7 @@
 function the_author_posts_link($deprecated = '') {
 	global $authordata;
 
-	echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(get_the_author())) . '">' . get_the_author() . '</a>';
+	echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape(get_the_author())) . '">' . get_the_author() . '</a>';
 }
 
 function get_author_link($echo = false, $author_id, $author_nicename = '') {
@@ -183,7 +183,7 @@
 	$query = "SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name";
 	$authors = $wpdb->get_results($query);
 
-	foreach ( $authors as $author ) {
+	foreach ( (array) $authors as $author ) {
 		$author = get_userdata( $author->ID );
 		$posts = get_usernumposts($author->ID);
 		$name = $author->nickname;
@@ -197,7 +197,7 @@
 			if ( !$hide_empty )
 				$link = $name;
 		} else {
-			$link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars($author->display_name)) . '">' . $name . '</a>';
+			$link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape($author->display_name)) . '">' . $name . '</a>';
 
 			if ( (! empty($feed_image)) || (! empty($feed)) ) {
 				$link .= ' ';
@@ -235,4 +235,4 @@
 	}
 }
 
-?>
\ No newline at end of file
+?>
Index: wp-content/themes/classic/comments-popup.php
===================================================================
--- wp-content/themes/classic/comments-popup.php	(.../2.0.5)	(revision 4701)
+++ wp-content/themes/classic/comments-popup.php	(.../2.0.6)	(revision 4701)
@@ -60,7 +60,7 @@
 	  <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
 	   <label for="author"><?php _e("Name"); ?></label>
 	<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
-	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
 	</p>
 
 	<p>
Index: wp-content/themes/default/searchform.php
===================================================================
--- wp-content/themes/default/searchform.php	(.../2.0.5)	(revision 4701)
+++ wp-content/themes/default/searchform.php	(.../2.0.6)	(revision 4701)
@@ -1,5 +1,5 @@
 <form method="get" id="searchform" action="<?php bloginfo('home'); ?>/">
-<div><input type="text" value="<?php echo wp_specialchars($s, 1); ?>" name="s" id="s" />
+<div><input type="text" value="<?php echo attribute_escape($s); ?>" name="s" id="s" />
 <input type="submit" id="searchsubmit" value="Search" />
 </div>
 </form>
Index: wp-content/themes/default/comments-popup.php
===================================================================
--- wp-content/themes/default/comments-popup.php	(.../2.0.5)	(revision 4701)
+++ wp-content/themes/default/comments-popup.php	(.../2.0.6)	(revision 4701)
@@ -60,7 +60,7 @@
 	  <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
 	   <label for="author">Name</label>
 	<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
-	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
 	</p>
 
 	<p>
Index: wp-register.php
===================================================================
--- wp-register.php	(.../2.0.5)	(revision 4701)
+++ wp-register.php	(.../2.0.6)	(revision 4701)
@@ -113,8 +113,8 @@
 <?php endif; ?>
 <form method="post" action="wp-register.php" id="registerform">
 	<p><input type="hidden" name="action" value="register" />
-	<label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo wp_specialchars($user_login); ?>" /><br /></p>
-	<p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo wp_specialchars($user_email); ?>" /></p>
+	<label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo attribute_escape($user_login); ?>" /><br /></p>
+	<p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo attribute_escape($user_email); ?>" /></p>
 	<p><?php _e('A password will be emailed to you.') ?></p>
 	<p class="submit"><input type="submit" value="<?php _e('Register') ?> &raquo;" id="submit" name="submit" /></p>
 </form>
Index: wp-links-opml.php
===================================================================
--- wp-links-opml.php	(.../2.0.5)	(revision 4701)
+++ wp-links-opml.php	(.../2.0.6)	(revision 4701)
@@ -44,12 +44,12 @@
 <?php
              } // end if not first time
 ?>
-        <outline type="category" title="<?php echo wp_specialchars($result->cat_name); ?>">
+        <outline type="category" title="<?php echo attribute_escape($result->cat_name); ?>">
 <?php
              $prev_cat_id = $result->link_category;
         } // end if new category
 ?>
-            <outline text="<?php echo wp_specialchars($result->link_name); ?>" type="link" xmlUrl="<?php echo wp_specialchars($result->link_rss); ?>" htmlUrl="<?php echo wp_specialchars($result->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $result->link_updated) echo $result->link_updated; ?>" />
+            <outline text="<?php echo attribute_escape($result->link_name); ?>" type="link" xmlUrl="<?php echo attribute_escape($result->link_rss); ?>" htmlUrl="<?php echo attribute_escape($result->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $result->link_updated) echo $result->link_updated; ?>" />
 <?php
         } // end foreach
 ?>
Index: wp-trackback.php
===================================================================
--- wp-trackback.php	(.../2.0.5)	(revision 4701)
+++ wp-trackback.php	(.../2.0.6)	(revision 4701)
@@ -30,23 +30,30 @@
 	$tb_id = intval( $tb_id[ count($tb_id) - 1 ] );
 }
 
-$tb_url    = $_POST['url'];
-$title     = $_POST['title'];
-$excerpt   = $_POST['excerpt'];
-$blog_name = $_POST['blog_name'];
-$charset   = $_POST['charset'];
+$tb_url  = $_POST['url'];
+$charset = $_POST['charset'];
 
+// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
+$title     = stripslashes($_POST['title']);
+$excerpt   = stripslashes($_POST['excerpt']);
+$blog_name = stripslashes($_POST['blog_name']);
+
 if ($charset)
 	$charset = strtoupper( trim($charset) );
 else
 	$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
 
 if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
-	$title     = mb_convert_encoding($title, get_settings('blog_charset'), $charset);
-	$excerpt   = mb_convert_encoding($excerpt, get_settings('blog_charset'), $charset);
-	$blog_name = mb_convert_encoding($blog_name, get_settings('blog_charset'), $charset);
+	$title     = mb_convert_encoding($title, get_option('blog_charset'), $charset);
+	$excerpt   = mb_convert_encoding($excerpt, get_option('blog_charset'), $charset);
+	$blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset);
 }
 
+// Now that mb_convert_encoding() has been given a swing, we need to escape these three
+$title     = $wpdb->escape($title);
+$excerpt   = $wpdb->escape($excerpt);
+$blog_name = $wpdb->escape($blog_name);
+
 if ( is_single() || is_page() ) 
     $tb_id = $posts[0]->ID;
 
Index: wp-settings.php
===================================================================
--- wp-settings.php	(.../2.0.5)	(revision 4701)
+++ wp-settings.php	(.../2.0.6)	(revision 4701)
@@ -199,9 +199,10 @@
 
 do_action('sanitize_comment_cookies');
 
-$wp_query   = new WP_Query();
-$wp_rewrite = new WP_Rewrite();
-$wp         = new WP();
+$wp_the_query =& new WP_Query();
+$wp_query     =& $wp_the_query;
+$wp_rewrite   =& new WP_Rewrite();
+$wp           =& new WP();
 
 define('TEMPLATEPATH', get_template_directory());
 
@@ -224,4 +225,4 @@
 // Everything is loaded and initialized.
 do_action('init');
 
-?>
\ No newline at end of file
+?>
Index: wp-admin/edit-form-advanced.php
===================================================================
--- wp-admin/edit-form-advanced.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/edit-form-advanced.php	(.../2.0.6)	(revision 4701)
@@ -211,11 +211,11 @@
 ?>
 <input name="referredby" type="hidden" id="referredby" value="<?php 
 if ( !empty($_REQUEST['popupurl']) )
-	echo wp_specialchars($_REQUEST['popupurl']);
-else if ( url_to_postid(wp_get_referer()) == $post_ID )
+	echo attribute_escape(stripslashes($_REQUEST['popupurl']));
+else if ( url_to_postid(stripslashes(wp_get_referer())) == $post_ID )
 	echo 'redo';
 else
-	echo wp_specialchars(wp_get_referer());
+	echo attribute_escape(stripslashes(wp_get_referer()));
 ?>" /></p>
 
 <?php do_action('edit_form_advanced'); ?>
@@ -232,23 +232,23 @@
 
 <div id="advancedstuff" class="dbx-group" >
 
-<div class="dbx-box-wrapper">
+<div class="dbx-b-ox-wrapper">
 <fieldset id="postexcerpt" class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
 </div>
 </fieldset>
 </div>
 
-<div class="dbx-box-wrapper">
+<div class="dbx-b-ox-wrapper">
 <fieldset id="trackbacksdiv" class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
 <?php 
 if ( ! empty($pings) )
@@ -259,12 +259,12 @@
 </fieldset>
 </div>
 
-<div class="dbx-box-wrapper">
+<div class="dbx-b-ox-wrapper">
 <fieldset id="postcustom" class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div id="postcustomstuff" class="dbx-content">
 <?php 
 if($metadata = has_meta($post_ID)) {
Index: wp-admin/inline-uploading.php
===================================================================
--- wp-admin/inline-uploading.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/inline-uploading.php	(.../2.0.6)	(revision 4701)
@@ -240,7 +240,7 @@
 			$xpadding = (128 - $image['uwidth']) / 2;
 			$ypadding = (96 - $image['uheight']) / 2;
 			$style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
-			$title = wp_specialchars($image['post_title'], ENT_QUOTES);
+			$title = attribute_escape($image['post_title']);
 			$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
@@ -260,7 +260,7 @@
 </div>
 ";
 		} else {
-			$title = wp_specialchars($attachment['post_title'], ENT_QUOTES);
+			$title = attribute_escape($attachment['post_title']);
 			$filename = basename($attachment['guid']);
 			$icon = get_attachment_icon($ID);
 			$toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
Index: wp-admin/users.php
===================================================================
--- wp-admin/users.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/users.php	(.../2.0.6)	(revision 4701)
@@ -15,6 +15,7 @@
 
 	if (empty($_POST['users'])) {
 		wp_redirect('users.php');
+		exit();
 	}
 
 	if ( !current_user_can('edit_users') )
@@ -34,6 +35,7 @@
  	}
 		
 	wp_redirect('users.php?update=' . $update);
+	exit();
 
 break;
 
@@ -43,6 +45,7 @@
 
 	if ( empty($_POST['users']) ) {
 		wp_redirect('users.php');
+		exit();
 	}
 
 	if ( !current_user_can('edit_users') )
@@ -67,15 +70,17 @@
 	}
 
 	wp_redirect('users.php?update=' . $update);
-
+	exit();
 break;
 
 case 'delete':
 
 	check_admin_referer('bulk-users');
 
-	if ( empty($_POST['users']) )
+	if ( empty($_POST['users']) ) {
 		wp_redirect('users.php');
+		exit();
+	}
 
 	if ( !current_user_can('edit_users') )
 		$error['edit_users'] = __('You can&#8217;t delete users.');
@@ -135,9 +140,9 @@
 	
 	$errors = add_user();
 	
-	if(count($errors) == 0) {
+	if ( count($errors) == 0 ) {
 		wp_redirect('users.php?update=add');
-		die();
+		exit();
 	}
 
 default:
Index: wp-admin/edit-comments.php
===================================================================
--- wp-admin/edit-comments.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/edit-comments.php	(.../2.0.6)	(revision 4701)
@@ -7,7 +7,7 @@
 
 require_once('admin-header.php');
 if (empty($_GET['mode'])) $mode = 'view';
-else $mode = wp_specialchars($_GET['mode'], 1);
+else $mode = attribute_escape($_GET['mode']);
 ?>
 
 <script type="text/javascript">
@@ -30,7 +30,7 @@
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Show Comments That Contain...') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
   <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
   <?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
Index: wp-admin/wp-admin.css
===================================================================
--- wp-admin/wp-admin.css	(.../2.0.5)	(revision 4701)
+++ wp-admin/wp-admin.css	(.../2.0.6)	(revision 4701)
@@ -888,7 +888,7 @@
 	background: #2685af url(images/box-head-right.gif) no-repeat top right;
 }
 
-#advancedstuff div.dbx-handle-wrapper {
+#advancedstuff div.dbx-h-andle-wrapper {
 	margin: 0 0 0 -7px;
 	background: #fff url(images/box-head-left.gif) no-repeat top left;
 }
@@ -904,7 +904,7 @@
 	padding-right: 17px;
 }
 
-#advancedstuff div.dbx-content-wrapper {
+#advancedstuff div.dbx-c-ontent-wrapper {
 	margin-left: -7px;
 	margin-right: 0;
 	background: url(images/box-bg-left.gif) repeat-y left;
@@ -916,11 +916,11 @@
 	background: url(images/box-butt-right.gif) no-repeat bottom right;
 }
 
-#advancedstuff div.dbx-box-wrapper {
+#advancedstuff div.dbx-b-ox-wrapper {
 	background: url(images/box-butt-left.gif) no-repeat bottom left;
 }
 
-#advancedstuff .dbx-box-closed div.dbx-content-wrapper {
+#advancedstuff .dbx-box-closed div.dbx-c-ontent-wrapper {
 	padding-bottom: 2px;
 	background: url(images/box-butt-left.gif) no-repeat bottom left;
 }
Index: wp-admin/link-categories.php
===================================================================
--- wp-admin/link-categories.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/link-categories.php	(.../2.0.6)	(revision 4701)
@@ -124,7 +124,7 @@
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
 	<th width="33%" scope="row"><?php _e('Name:') ?></th>
-	<td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>
+	<td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($row->cat_name)?>" size="30" /></td>
 </tr>
 <tr>
 	<th scope="row"><?php _e('Show:') ?></th>
Index: wp-admin/edit.php
===================================================================
--- wp-admin/edit.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/edit.php	(.../2.0.6)	(revision 4701)
@@ -79,7 +79,7 @@
 <form name="searchform" action="" method="get" style="float: left; width: 16em; margin-right: 3em;"> 
   <fieldset> 
   <legend><?php _e('Search Posts&hellip;') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
   </fieldset>
 </form>
Index: wp-admin/post.php
===================================================================
--- wp-admin/post.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/post.php	(.../2.0.6)	(revision 4701)
@@ -81,7 +81,7 @@
 	?>
 	<div id='preview' class='wrap'>
 	<h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?> <small class="quickjump"><a href="#write-post"><?php _e('edit &uarr;'); ?></a></small></h2>
-		<iframe src="<?php echo wp_specialchars(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
+		<iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
 	</div>
 	<?php
 	break;
@@ -338,7 +338,7 @@
 	$location = ( empty($_POST['referredby']) ? "edit.php?p=$comment_post_ID&c=1" : $_POST['referredby'] ) . '#comment-' . $comment_ID;
 	$location = apply_filters('comment_edit_redirect', $location, $comment_ID);
 	wp_redirect($location);
-
+	exit();
 	break;
 
 default:
Index: wp-admin/theme-editor.php
===================================================================
--- wp-admin/theme-editor.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/theme-editor.php	(.../2.0.6)	(revision 4701)
@@ -101,7 +101,7 @@
 		$theme_name = $a_theme['Name'];
 		if ($theme_name == $theme) $selected = " selected='selected'";
 		else $selected = '';
-		$theme_name = wp_specialchars($theme_name, true);
+		$theme_name = attribute_escape($theme_name);
 		echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
 	}
 ?>
Index: wp-admin/upgrade.php
===================================================================
--- wp-admin/upgrade.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/upgrade.php	(.../2.0.6)	(revision 4701)
@@ -67,7 +67,7 @@
 switch($step) {
 
 	case 0:
-	$goback = wp_specialchars(wp_get_referer());
+	$goback = attribute_escape(stripslashes(wp_get_referer()));
 ?> 
 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
 	<h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
@@ -86,7 +86,7 @@
 	if ( empty( $_GET['backto'] ) )
 		$backto = __get_option('home');
 	else
-		$backto = wp_specialchars( $_GET['backto'] , 1 );
+		$backto = attribute_escape(stripslashes($_GET['backto']));
 ?> 
 <h2><?php _e('Step 1'); ?></h2> 
 	<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"),  $backto); ?></p>
Index: wp-admin/options.php
===================================================================
--- wp-admin/options.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/options.php	(.../2.0.6)	(revision 4701)
@@ -182,7 +182,7 @@
 ?>
   </table>
 <?php $options_to_update = implode(',', $options_to_update); ?>
-<p class="submit"><input type="hidden" name="page_options" value="<?php echo wp_specialchars($options_to_update, true); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
   </form>
 </div>
 
Index: wp-admin/admin-functions.php
===================================================================
--- wp-admin/admin-functions.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/admin-functions.php	(.../2.0.6)	(revision 4701)
@@ -289,7 +289,7 @@
 	else if ( !empty($post_title) ) {
 		$text       = wp_specialchars(stripslashes(urldecode($_REQUEST['text'])));
 		$text       = funky_javascript_fix($text);
-		$popupurl   = wp_specialchars($_REQUEST['popupurl']);
+		$popupurl   = attribute_escape(stripslashes($_REQUEST['popupurl']));
         $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
     }
 
@@ -337,17 +337,17 @@
 
 function get_user_to_edit($user_id) {
 	$user = new WP_User($user_id);
-	$user->user_login = wp_specialchars($user->user_login, 1);
-	$user->user_email = wp_specialchars($user->user_email, 1);
-	$user->user_url = wp_specialchars($user->user_url, 1);
-	$user->first_name = wp_specialchars($user->first_name, 1);
-	$user->last_name = wp_specialchars($user->last_name, 1);
-	$user->display_name = wp_specialchars($user->display_name, 1);
-	$user->nickname = wp_specialchars($user->nickname, 1);
-	$user->aim = wp_specialchars($user->aim, 1);
-	$user->yim = wp_specialchars($user->yim, 1);
-	$user->jabber = wp_specialchars($user->jabber, 1);
-	$user->description = wp_specialchars($user->description);
+	$user->user_login   = attribute_escape($user->user_login);
+	$user->user_email   = attribute_escape($user->user_email);
+	$user->user_url     = attribute_escape($user->user_url);
+	$user->first_name   = attribute_escape($user->first_name);
+	$user->last_name    = attribute_escape($user->last_name);
+	$user->display_name = attribute_escape($user->display_name);
+	$user->nickname     = attribute_escape($user->nickname);
+	$user->aim          = attribute_escape($user->aim);
+	$user->yim          = attribute_escape($user->yim);
+	$user->jabber       = attribute_escape($user->jabber);
+	$user->description  =  wp_specialchars($user->description);
 
 	return $user;
 }
@@ -467,26 +467,26 @@
 function get_link_to_edit($link_id) {
 	$link = get_link($link_id);
 
-	$link->link_url = wp_specialchars($link->link_url, 1);
-	$link->link_name = wp_specialchars($link->link_name, 1);
-	$link->link_image = wp_specialchars($link->link_image, 1);
-	$link->link_description = wp_specialchars($link->link_description, 1);
-	$link->link_notes = wp_specialchars($link->link_notes);
-	$link->link_rss = wp_specialchars($link->link_rss, 1);
-	$link->link_rel = wp_specialchars($link->link_rel, 1);
-	$link->post_category = $link->link_category;
+	$link->link_url         = attribute_escape($link->link_url);
+	$link->link_name        = attribute_escape($link->link_name);
+	$link->link_image       = attribute_escape($link->link_image);
+	$link->link_description = attribute_escape($link->link_description);
+	$link->link_rss         = attribute_escape($link->link_rss);
+	$link->link_rel         = attribute_escape($link->link_rel);
+	$link->link_notes       =  wp_specialchars($link->link_notes);
+	$link->post_category    = $link->link_category;
 
 	return $link;
 }
 
 function get_default_link_to_edit() {
 	if ( isset($_GET['linkurl']) )
-		$link->link_url = wp_specialchars($_GET['linkurl'], 1);
+		$link->link_url = attribute_escape($_GET['linkurl']);
 	else
 		$link->link_url = '';
 	
 	if ( isset($_GET['name']) )
-		$link->link_name = wp_specialchars($_GET['name'], 1);
+		$link->link_name = attribute_escape($_GET['name']);
 	else
 		$link->link_name = '';
 		
@@ -860,8 +860,8 @@
 			}
 		}
 
-		$entry['meta_key'] = wp_specialchars( $entry['meta_key'], true );
-		$entry['meta_value'] = wp_specialchars( $entry['meta_value'], true );
+		$entry['meta_key'] = attribute_escape( $entry['meta_key']);
+		$entry['meta_value'] = attribute_escape( $entry['meta_value']);
 		echo "
 			<tr class='$style'>
 				<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>
@@ -912,7 +912,7 @@
 <?php
 
 	foreach ($keys as $key) {
-		$key = wp_specialchars($key, 1);
+		$key = attribute_escape($key);
 		echo "\n\t<option value='$key'>$key</option>";
 	}
 ?>
@@ -1121,15 +1121,13 @@
 }
 
 function the_quicktags() {
-	// Browser detection sucks, but until Safari supports the JS needed for this to work people just assume it's a bug in WP
-	if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Safari'))
 		echo '
 		<div id="quicktags">
 			<script src="../wp-includes/js/quicktags.js" type="text/javascript"></script>
 			<script type="text/javascript">if ( typeof tinyMCE == "undefined" || tinyMCE.configs.length < 1 ) edToolbar();</script>
 		</div>
 ';
-	else echo '
+	echo '
 <script type="text/javascript">
 function edInsertContent(myField, myValue) {
 	//IE support
Index: wp-admin/templates.php
===================================================================
--- wp-admin/templates.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/templates.php	(.../2.0.6)	(revision 4701)
@@ -111,7 +111,7 @@
 <?php
 echo '<ol>';
 foreach ($recents as $recent) :
-	echo "<li><a href='templates.php?file=" . wp_specialchars($recent, true) . "'>" . get_file_description(basename($recent)) . "</a></li>";
+	echo "<li><a href='templates.php?file=" . attribute_escape($recent) . "'>" . wp_specialchars(get_file_description(basename($recent))) . "</a></li>";
 endforeach;
 echo '</ol>';
 endif;
Index: wp-admin/edit-page-form.php
===================================================================
--- wp-admin/edit-page-form.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/edit-page-form.php	(.../2.0.6)	(revision 4701)
@@ -14,11 +14,10 @@
 	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
-$sendto = wp_get_referer();
+$sendto = attribute_escape(wp_get_referer());
 
 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
  	$sendto = 'redo';
-$sendto = wp_specialchars( $sendto );
 
 ?>
 
Index: wp-admin/moderation.php
===================================================================
--- wp-admin/moderation.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/moderation.php	(.../2.0.6)	(revision 4701)
@@ -152,10 +152,10 @@
 <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a> | 
 <?php 
 echo " <a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment-<?php echo $comment->comment_ID; ?>-approve"><?php _e('Approve') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment-<?php echo $comment->comment_ID; ?>-spam"><?php _e('Spam') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment-<?php echo $comment->comment_ID; ?>-delete"><?php _e('Delete') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment-<?php echo $comment->comment_ID; ?>-nothing"><?php _e('Defer until later') ?></label>
 	</p>
 
 	</li>
Index: wp-admin/link-manager.php
===================================================================
--- wp-admin/link-manager.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/link-manager.php	(.../2.0.6)	(revision 4701)
@@ -63,6 +63,7 @@
     $q = $wpdb->query("update $wpdb->links SET link_owner='$newowner' WHERE link_id IN ($all_links)");
 
     wp_redirect($this_file);
+    exit;
     break;
   }
   case 'visibility':
@@ -100,6 +101,7 @@
     }
 
     wp_redirect($this_file);
+    exit;
     break;
   }
   case 'move':
@@ -120,6 +122,7 @@
     $q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)");
 
     wp_redirect($this_file);
+    exit();
     break;
   }
 
@@ -130,6 +133,7 @@
 	add_link();
 	
     wp_redirect(wp_get_referer() . '?added=true');
+    exit;
     break;
   } // end Add
 
@@ -151,6 +155,7 @@
 	
     setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
     wp_redirect($this_file);
+    exit;
     break;
   } // end Save
 
@@ -174,6 +179,7 @@
     $links_show_cat_id = $cat_id;
     setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
     wp_redirect($this_file);
+    exit;
     break;
   } // end Delete
 
@@ -321,7 +327,7 @@
     <?php wp_nonce_field('bulk-bookmarks') ?>
     <input type="hidden" name="link_id" value="" />
     <input type="hidden" name="action" value="" />
-    <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+    <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
     <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
   <table id="the-list-x" width="100%" cellpadding="3" cellspacing="3">
     <tr>
@@ -351,10 +357,10 @@
     $links = $wpdb->get_results($sql);
     if ($links) {
         foreach ($links as $link) {
-      	    $link->link_name = wp_specialchars($link->link_name);
+      	    $link->link_name = attribute_escape($link->link_name);
       	    $link->link_category = wp_specialchars($link->link_category);
       	    $link->link_description = wp_specialchars($link->link_description);
-            $link->link_url = wp_specialchars($link->link_url);
+            $link->link_url = attribute_escape($link->link_url);
             $short_url = str_replace('http://', '', $link->link_url);
             $short_url = str_replace('www.', '', $short_url);
             if ('/' == substr($short_url, -1))
Index: wp-admin/bookmarklet.php
===================================================================
--- wp-admin/bookmarklet.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/bookmarklet.php	(.../2.0.6)	(revision 4701)
@@ -37,7 +37,7 @@
 	
   
 $content  = wp_specialchars($_REQUEST['content']);
-$popupurl = wp_specialchars($_REQUEST['popupurl']);
+$popupurl = attribute_escape(stripslashes($_REQUEST['popupurl']));
     if ( !empty($content) ) {
         $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
     } else {
Index: wp-admin/options-permalink.php
===================================================================
--- wp-admin/options-permalink.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/options-permalink.php	(.../2.0.6)	(revision 4701)
@@ -148,7 +148,7 @@
 </label>
 <br />
 </p>
-<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo wp_specialchars($permalink_structure, 1); ?>" size="50" /></p>
+<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo attribute_escape($permalink_structure); ?>" size="50" /></p>
 
 <h3><?php _e('Optional'); ?></h3>
 <?php if ($is_apache) : ?>
@@ -157,7 +157,7 @@
 	<p><?php _e('If you like, you may enter a custom prefix for your category URIs here. For example, <code>/index.php/taxonomy/tags</code> would make your category links like <code>http://example.org/index.php/taxonomy/tags/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
 <?php endif; ?>
 	<p> 
-  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo wp_specialchars($category_base, 1); ?>" size="30" /> 
+  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo attribute_escape($category_base); ?>" size="30" /> 
      </p> 
     <p class="submit"> 
       <input type="submit" name="submit" value="<?php _e('Update Permalink Structure &raquo;') ?>" /> 
Index: wp-admin/edit-link-form.php
===================================================================
--- wp-admin/edit-link-form.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/edit-link-form.php	(.../2.0.6)	(revision 4701)
@@ -230,7 +230,7 @@
 <?php if ( $editing ) : ?>
           <input type="hidden" name="action" value="editlink" />
           <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
-          <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+          <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
           <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
 <?php else: ?>
        	<input type="hidden" name="action" value="Add" />
Index: wp-admin/edit-pages.php
===================================================================
--- wp-admin/edit-pages.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/edit-pages.php	(.../2.0.6)	(revision 4701)
@@ -13,7 +13,7 @@
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Search Pages&hellip;') ?></legend>
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
   </fieldset>
 </form>
Index: wp-admin/import/blogger.php
===================================================================
--- wp-admin/import/blogger.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/import/blogger.php	(.../2.0.6)	(revision 4701)
@@ -7,14 +7,15 @@
 
 	// Shows the welcome screen and the magic iframe.
 	function greet() {
-		$title = __('Import Blogger');
-		$welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
+		$title = __('Import Old Blogger');
+		$welcome = __('Howdy! This importer allows you to import posts and comments from your Old Blogger account into your WordPress blog.');
 		$noiframes = __('This feature requires iframe support.');
 		$warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?');
 		$reset = __('Reset this importer');
 		$incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');
 
 		echo "<div class='wrap'><h2>$title</h2><p>$welcome</p>";
+		echo "<p>" . __('Please note that this importer <em>does not work with Blogger (using your Google account)</em>.') . "</p>";
 		if ( function_exists('curl_init') )
 			echo "<iframe src='admin.php?import=blogger&amp;noheader=true' height='350px' width = '99%'>$noiframes</iframe><p><a href='admin.php?import=blogger&amp;restart=true&amp;noheader=true' onclick='return confirm(\"$warning\")'>$reset</a></p>";
 		else
@@ -662,6 +663,6 @@
 
 $blogger_import = new Blogger_Import();
 
-register_importer('blogger', __('Blogger and Blogspot'), __('Import <strong>posts and comments</strong> from your Blogger account'), array ($blogger_import, 'start'));
+register_importer('blogger', __('Old Blogger'), __('Import <strong>posts and comments</strong> from your Old Blogger account'), array ($blogger_import, 'start'));
 
 ?>
Index: wp-admin/options-misc.php
===================================================================
--- wp-admin/options-misc.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/options-misc.php	(.../2.0.6)	(revision 4701)
@@ -17,7 +17,7 @@
 <table class="editform optiontable">
 <tr valign="top">
 <th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
-<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo wp_specialchars(str_replace(ABSPATH, '', get_settings('upload_path')), 1); ?>" size="40" />
+<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_settings('upload_path'))); ?>" size="40" />
 <br />
 <?php _e('Default is <code>wp-content/uploads</code>'); ?>
 </td>
Index: wp-admin/categories.php
===================================================================
--- wp-admin/categories.php	(.../2.0.5)	(revision 4701)
+++ wp-admin/categories.php	(.../2.0.6)	(revision 4701)
@@ -33,6 +33,7 @@
 	wp_insert_category($_POST);
 
 	wp_redirect('categories.php?message=1#addcat');
+	exit;
 break;
 
 case 'delete':
@@ -51,7 +52,7 @@
 	wp_delete_category($cat_ID);
 
 	wp_redirect('categories.php?message=2');
-
+	exit;
 break;
 
 case 'edit':
@@ -68,12 +69,12 @@
 	  <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 		<tr>
 		  <th width="33%" scope="row"><?php _e('Category name:') ?></th>
-		  <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
+		  <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
 <input type="hidden" name="cat_ID" value="<?php echo $category->cat_ID ?>" /></td>
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Category slug:') ?></th>
-			<td><input name="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>
+			<td><input name="category_nicename" type="text" value="<?php echo attribute_escape($category->category_nicename); ?>" size="40" /></td>
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Category parent:') ?></th>
@@ -85,7 +86,7 @@
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Description:') ?></th>
-			<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description, 1); ?></textarea></td>
+			<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td>
 		</tr>
 		</table>
 	  <p class="submit"><input type="submit" name="submit" value="<?php _e('Edit category') ?> &raquo;" /></p>
@@ -106,6 +107,7 @@
 	wp_update_category($_POST);
 
 	wp_redirect('categories.php?message=3');
+	exit;
 break;
 
 default: