Index: wp-includes/query.php =================================================================== --- wp-includes/query.php (.../2.1.1) (revision 5900) +++ wp-includes/query.php (.../2.1.2) (revision 5900) @@ -765,9 +765,11 @@ $searchand = ' AND '; } $term = addslashes_gpc($q['s']); - if (!$q['sentence'] && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] ) $search .= " OR (post_title LIKE '{$n}{$term}{$n}') OR (post_content LIKE '{$n}{$term}{$n}')"; - - $search = " AND ({$search}) "; + if (!$q['sentence'] && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] ) + $search .= " OR (post_title LIKE '{$n}{$term}{$n}') OR (post_content LIKE '{$n}{$term}{$n}')"; + + if ( !empty($search) ) + $search = " AND ({$search}) "; } // Category stuff @@ -794,16 +796,16 @@ $in_cats = substr($in_cats, 0, -2); $out_cats = substr($out_cats, 0, -2); if ( strlen($in_cats) > 0 ) - $in_cats = " AND category_id IN ($in_cats)"; + $in_cats = " AND $wpdb->post2cat.category_id IN ($in_cats)"; if ( strlen($out_cats) > 0 ) { - $ids = $wpdb->get_col("SELECT post_id FROM $wpdb->post2cat WHERE category_id IN ($out_cats)"); + $ids = $wpdb->get_col("SELECT post_id FROM $wpdb->post2cat WHERE $wpdb->post2cat.category_id IN ($out_cats)"); if ( is_array($ids) && count($ids > 0) ) { foreach ( $ids as $id ) $out_posts .= "$id, "; $out_posts = substr($out_posts, 0, -2); } if ( strlen($out_posts) > 0 ) - $out_cats = " AND ID NOT IN ($out_posts)"; + $out_cats = " AND $wpdb->posts.ID NOT IN ($out_posts)"; else $out_cats = ''; } Index: wp-includes/version.php =================================================================== --- wp-includes/version.php (.../2.1.1) (revision 5900) +++ wp-includes/version.php (.../2.1.2) (revision 5900) @@ -2,7 +2,7 @@ // This holds the version number in a separate file so we can bump it without cluttering the SVN -$wp_version = '2.1.1'; +$wp_version = '2.1.2'; $wp_db_version = 4773; ?> Index: wp-includes/js/tinymce/tiny_mce_config.php =================================================================== --- wp-includes/js/tinymce/tiny_mce_config.php (.../2.1.1) (revision 5900) +++ wp-includes/js/tinymce/tiny_mce_config.php (.../2.1.2) (revision 5900) @@ -1,5 +1,6 @@ ", valid_elements : "", Index: wp-includes/functions.php =================================================================== --- wp-includes/functions.php (.../2.1.1) (revision 5900) +++ wp-includes/functions.php (.../2.1.2) (revision 5900) @@ -1190,7 +1190,7 @@ $adminurl = get_option('siteurl') . '/wp-admin'; if ( wp_get_referer() ) - $adminurl = wp_get_referer(); + $adminurl = attribute_escape(wp_get_referer()); $title = __('WordPress Confirmation'); // Remove extra layer of slashes. @@ -1207,7 +1207,7 @@ $html .= "\t\t\n"; $html .= "\t\t
\n\t\t

" . wp_specialchars(wp_explain_nonce($action)) . "

\n\t\t

" . __('No') . "

\n\t\t
\n\t\n"; } else { - $html .= "\t
\n\t

" . wp_specialchars(wp_explain_nonce($action)) . "

\n\t

" . __('No') . " " . __('Yes') . "

\n\t
\n"; + $html .= "\t
\n\t

" . wp_specialchars(wp_explain_nonce($action)) . "

\n\t

" . __('No') . " " . __('Yes') . "

\n\t
\n"; } $html .= "\n"; wp_die($html, $title); Index: wp-includes/script-loader.php =================================================================== --- wp-includes/script-loader.php (.../2.1.1) (revision 5900) +++ wp-includes/script-loader.php (.../2.1.2) (revision 5900) @@ -17,7 +17,7 @@ $this->add( 'colorpicker', '/wp-includes/js/colorpicker.js', false, '3517' ); $this->add( 'tiny_mce', '/wp-includes/js/tinymce/tiny_mce_gzip.php', false, '20061113' ); $mce_config = apply_filters('tiny_mce_config_url', '/wp-includes/js/tinymce/tiny_mce_config.php'); - $this->add( 'wp_tiny_mce', $mce_config, array('tiny_mce'), '20061113' ); + $this->add( 'wp_tiny_mce', $mce_config, array('tiny_mce'), '20070225' ); $this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.5.0'); $this->add( 'autosave', '/wp-includes/js/autosave-js.php', array('prototype', 'sack'), '20070116'); $this->add( 'wp-ajax', '/wp-includes/js/wp-ajax-js.php', array('prototype'), '20070118'); Index: xmlrpc.php =================================================================== --- xmlrpc.php (.../2.1.1) (revision 5900) +++ xmlrpc.php (.../2.1.2) (revision 5900) @@ -535,7 +535,9 @@ $post_content = $post_content . "\n\n" . $post_more; } - $to_ping = $content_struct['mt_tb_ping_urls']; + $to_ping = $content_struct['mt_tb_ping_urls']; + if ( is_array($to_ping) ) + $to_ping = implode(' ', $to_ping); // Do some timestamp voodoo $dateCreatedd = $content_struct['dateCreated']; @@ -633,8 +635,10 @@ $post_content = $post_content . "\n\n" . $post_more; } - $to_ping = $content_struct['mt_tb_ping_urls']; - + $to_ping = $content_struct['mt_tb_ping_urls']; + if ( is_array($to_ping) ) + $to_ping = implode(' ', $to_ping); + $comment_status = (empty($content_struct['mt_allow_comments'])) ? get_option('default_comment_status') : $content_struct['mt_allow_comments']; Index: wp-admin/custom-header.php =================================================================== --- wp-admin/custom-header.php (.../2.1.1) (revision 5900) +++ wp-admin/custom-header.php (.../2.1.2) (revision 5900) @@ -286,8 +286,7 @@ // cleanup $file = get_attached_file( $_POST['attachment_id'] ); $medium = str_replace(basename($file), 'midsize-'.basename($file), $file); - @unlink( $medium ); - apply_filters( 'wp_delete_file', $medium ); + @unlink( apply_filters( 'wp_delete_file', $medium ) ); wp_delete_attachment( $_POST['attachment_id'] ); return $this->finished(); Index: wp-admin/edit.php =================================================================== --- wp-admin/edit.php (.../2.1.1) (revision 5900) +++ wp-admin/edit.php (.../2.1.2) (revision 5900) @@ -283,13 +283,13 @@ comment_post_ID) ) { echo " " . __('Edit') . ''; - echo ' | comment_author)) . "', theCommentList );\">" . __('Delete') . ' '; + echo ' | comment_author)) . "', theCommentList );\">" . __('Delete') . ' '; if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { - echo ' | ' . __('Unapprove') . ' '; - echo ' | ' . __('Approve') . ' '; + echo ' | ' . __('Unapprove') . ' '; + echo ' | ' . __('Approve') . ' '; } - echo " | comment_post_ID."&c=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), js_escape( $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . " ]"; -} // end if any comments to show + echo " | comment_post_ID . "&c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), $comment->comment_author)) . "', theCommentList );\">" . __('Spam') . " "; +} ?>

Index: wp-admin/edit-pages.php =================================================================== --- wp-admin/edit-pages.php (.../2.1.1) (revision 5900) +++ wp-admin/edit-pages.php (.../2.1.2) (revision 5900) @@ -19,7 +19,7 @@