]> scripts.mit.edu Git - autoinstalls/wordpress.git/blobdiff - wp-admin/includes/media.php
Wordpress 2.9
[autoinstalls/wordpress.git] / wp-admin / includes / media.php
index d91ffc2398827107eb75a45a6fec907e31724e89..1bfe3e2760c3a01c7da52120da91640a69193e15 100644 (file)
@@ -1,23 +1,54 @@
 <?php
-
+/**
+ * WordPress Administration Media API.
+ *
+ * @package WordPress
+ * @subpackage Administration
+ */
+
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
 function media_upload_tabs() {
        $_default_tabs = array(
-               'type' => __('Choose File'), // handler action suffix => tab text
+               'type' => __('From Computer'), // handler action suffix => tab text
+               'type_url' => __('From URL'),
                'gallery' => __('Gallery'),
-               'library' => __('Media Library'),
+               'library' => __('Media Library')
        );
 
        return apply_filters('media_upload_tabs', $_default_tabs);
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $tabs
+ * @return unknown
+ */
 function update_gallery_tab($tabs) {
        global $wpdb;
+
        if ( !isset($_REQUEST['post_id']) ) {
                unset($tabs['gallery']);
                return $tabs;
        }
-       if ( intval($_REQUEST['post_id']) )
-               $attachments = intval($wpdb->get_var($wpdb->prepare("SELECT count(*) FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $_REQUEST['post_id'])));
+
+       $post_id = intval($_REQUEST['post_id']);
+
+       if ( $post_id )
+               $attachments = intval( $wpdb->get_var( $wpdb->prepare( "SELECT count(*) FROM $wpdb->posts WHERE post_type = 'attachment' AND post_status != 'trash' AND post_parent = %d", $post_id ) ) );
+
+       if ( empty($attachments) ) {
+               unset($tabs['gallery']);
+               return $tabs;
+       }
 
        $tabs['gallery'] = sprintf(__('Gallery (%s)'), "<span id='attachments-count'>$attachments</span>");
 
@@ -25,6 +56,11 @@ function update_gallery_tab($tabs) {
 }
 add_filter('media_upload_tabs', 'update_gallery_tab');
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ */
 function the_media_upload_tabs() {
        global $redir_tab;
        $tabs = media_upload_tabs();
@@ -35,79 +71,139 @@ function the_media_upload_tabs() {
                        $current = $redir_tab;
                elseif ( isset($_GET['tab']) && array_key_exists($_GET['tab'], $tabs) )
                        $current = $_GET['tab'];
-               else {
-                       $keys = array_keys($tabs);
-                       $current = array_shift($keys);
-               }
+               else
+                       $current = apply_filters('media_upload_default_tab', 'type');
+
                foreach ( $tabs as $callback => $text ) {
                        $class = '';
                        if ( $current == $callback )
                                $class = " class='current'";
                        $href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false));
-                       $link = "<a href='" . clean_url($href) . "'$class>$text</a>";
-                       echo "\t<li id='" . attribute_escape("tab-$callback") . "'>$link</li>\n";
+                       $link = "<a href='" . esc_url($href) . "'$class>$text</a>";
+                       echo "\t<li id='" . esc_attr("tab-$callback") . "'>$link</li>\n";
                }
                echo "</ul>\n";
        }
 }
 
-function get_image_send_to_editor($id, $alt, $title, $align, $url='', $rel = false, $size='medium') {
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $id
+ * @param unknown_type $alt
+ * @param unknown_type $title
+ * @param unknown_type $align
+ * @param unknown_type $url
+ * @param unknown_type $rel
+ * @param unknown_type $size
+ * @return unknown
+ */
+function get_image_send_to_editor($id, $caption, $title, $align, $url='', $rel = false, $size='medium', $alt = '') {
 
        $html = get_image_tag($id, $alt, $title, $align, $size);
 
-       $rel = $rel ? ' rel="attachment wp-att-'.attribute_escape($id).'"' : '';
+       $rel = $rel ? ' rel="attachment wp-att-' . esc_attr($id).'"' : '';
 
        if ( $url )
-               $html = '<a href="' . clean_url($url) . "\"$rel>$html</a>";
+               $html = '<a href="' . esc_attr($url) . "\"$rel>$html</a>";
 
-       $html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size );
+       $html = apply_filters( 'image_send_to_editor', $html, $id, $caption, $title, $align, $url, $size, $alt );
 
        return $html;
 }
 
-function image_add_caption( $html, $id, $alt, $title, $align, $url, $size ) {
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $html
+ * @param unknown_type $id
+ * @param unknown_type $alt
+ * @param unknown_type $title
+ * @param unknown_type $align
+ * @param unknown_type $url
+ * @param unknown_type $size
+ * @return unknown
+ */
+function image_add_caption( $html, $id, $caption, $title, $align, $url, $size, $alt = '' ) {
+
+       if ( empty($caption) || apply_filters( 'disable_captions', '' ) )
+               return $html;
 
-       if ( empty($alt) || apply_filters( 'disable_captions', '' ) ) return $html;
        $id = ( 0 < (int) $id ) ? 'attachment_' . $id : '';
 
-       preg_match( '/width="([0-9]+)/', $html, $matches );
-       if ( ! isset($matches[1]) ) return $html;
+       if ( ! preg_match( '/width="([0-9]+)/', $html, $matches ) )
+               return $html;
+
        $width = $matches[1];
 
-       $html = preg_replace( '/align[^\s\'"]+\s?/', '', $html );
-       if ( empty($align) ) $align = 'none';
+       $html = preg_replace( '/(class=["\'][^\'"]*)align(none|left|right|center)\s?/', '$1', $html );
+       if ( empty($align) )
+               $align = 'none';
 
        $shcode = '[caption id="' . $id . '" align="align' . $align
-       . '" width="' . $width . '" caption="' . $alt . '"]' . $html . '[/caption]';
+       . '" width="' . $width . '" caption="' . addslashes($caption) . '"]' . $html . '[/caption]';
 
        return apply_filters( 'image_add_caption_shortcode', $shcode, $html );
 }
-add_filter( 'image_send_to_editor', 'image_add_caption', 20, 7 );
-
+add_filter( 'image_send_to_editor', 'image_add_caption', 20, 8 );
+
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $html
+ */
 function media_send_to_editor($html) {
-       ?>
+?>
 <script type="text/javascript">
 /* <![CDATA[ */
 var win = window.dialogArguments || opener || parent || top;
 win.send_to_editor('<?php echo addslashes($html); ?>');
 /* ]]> */
 </script>
-       <?php
+<?php
        exit;
 }
 
-// this handles the file upload POST itself, creating the attachment post
+/**
+ * {@internal Missing Short Description}}
+ *
+ * This handles the file upload POST itself, creating the attachment post.
+ *
+ * @since unknown
+ *
+ * @param unknown_type $file_id
+ * @param unknown_type $post_id
+ * @param unknown_type $post_data
+ * @return unknown
+ */
 function media_handle_upload($file_id, $post_id, $post_data = array()) {
        $overrides = array('test_form'=>false);
-       $file = wp_handle_upload($_FILES[$file_id], $overrides);
+
+       $time = current_time('mysql');
+       if ( $post = get_post($post_id) ) {
+               if ( substr( $post->post_date, 0, 4 ) > 0 )
+                       $time = $post->post_date;
+       }
+
+       $name = $_FILES[$file_id]['name'];
+       $file = wp_handle_upload($_FILES[$file_id], $overrides, $time);
 
        if ( isset($file['error']) )
                return new WP_Error( 'upload_error', $file['error'] );
 
+       $name_parts = pathinfo($name);
+       $name = trim( substr( $name, 0, -(1 + strlen($name_parts['extension'])) ) );
+
        $url = $file['url'];
        $type = $file['type'];
        $file = $file['file'];
-       $title = preg_replace('/\.[^.]+$/', '', basename($file));
+       $title = $name;
        $content = '';
 
        // use image exif/iptc data for title and caption defaults if possible
@@ -128,7 +224,7 @@ function media_handle_upload($file_id, $post_id, $post_data = array()) {
        ), $post_data );
 
        // Save the data
-       $id = wp_insert_attachment($attachment, $file, $post_parent);
+       $id = wp_insert_attachment($attachment, $file, $post_id);
        if ( !is_wp_error($id) ) {
                wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
        }
@@ -137,10 +233,21 @@ function media_handle_upload($file_id, $post_id, $post_data = array()) {
 
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $file_array
+ * @param unknown_type $post_id
+ * @param unknown_type $desc
+ * @param unknown_type $post_data
+ * @return unknown
+ */
 function media_handle_sideload($file_array, $post_id, $desc = null, $post_data = array()) {
        $overrides = array('test_form'=>false);
-       $file = wp_handle_sideload($file_array, $overrides);
 
+       $file = wp_handle_sideload($file_array, $overrides);
        if ( isset($file['error']) )
                return new WP_Error( 'upload_error', $file['error'] );
 
@@ -169,8 +276,8 @@ function media_handle_sideload($file_array, $post_id, $desc = null, $post_data =
                'post_content' => $content,
        ), $post_data );
 
-       // Save the data
-       $id = wp_insert_attachment($attachment, $file, $post_parent);
+       // Save the attachment metadata
+       $id = wp_insert_attachment($attachment, $file, $post_id);
        if ( !is_wp_error($id) ) {
                wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
                return $url;
@@ -178,9 +285,16 @@ function media_handle_sideload($file_array, $post_id, $desc = null, $post_data =
        return $id;
 }
 
-
-// wrap iframe content (produced by $content_func) in a doctype, html head/body etc
-// any additional function args will be passed to content_func
+/**
+ * {@internal Missing Short Description}}
+ *
+ * Wrap iframe content (produced by $content_func) in a doctype, html head/body
+ * etc any additional function args will be passed to content_func.
+ *
+ * @since unknown
+ *
+ * @param unknown_type $content_func
+ */
 function wp_iframe($content_func /* ... */) {
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -194,17 +308,24 @@ wp_enqueue_style( 'wp-admin' );
 wp_enqueue_style( 'colors' );
 if ( 0 === strpos( $content_func, 'media' ) )
        wp_enqueue_style( 'media' );
-
+wp_enqueue_style( 'ie' );
 ?>
 <script type="text/javascript">
 //<![CDATA[
-function addLoadEvent(func) {if ( typeof wpOnload!='function'){wpOnload=func;}else{ var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}
+addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
+var userSettings = {'url':'<?php echo SITECOOKIEPATH; ?>','uid':'<?php if ( ! isset($current_user) ) $current_user = wp_get_current_user(); echo $current_user->ID; ?>','time':'<?php echo time(); ?>'};
+var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup';
 //]]>
 </script>
 <?php
+do_action('admin_enqueue_scripts', 'media-upload-popup');
+do_action('admin_print_styles-media-upload-popup');
 do_action('admin_print_styles');
+do_action('admin_print_scripts-media-upload-popup');
 do_action('admin_print_scripts');
+do_action('admin_head-media-upload-popup');
 do_action('admin_head');
+
 if ( is_string($content_func) )
        do_action( "admin_head_{$content_func}" );
 ?>
@@ -214,16 +335,24 @@ if ( is_string($content_func) )
        $args = func_get_args();
        $args = array_slice($args, 1);
        call_user_func_array($content_func, $args);
+
+       do_action('admin_print_footer_scripts');
 ?>
+<script type="text/javascript">if(typeof wpOnload=='function')wpOnload();</script>
 </body>
 </html>
 <?php
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ */
 function media_buttons() {
        global $post_ID, $temp_ID;
        $uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID);
-       $context = apply_filters('media_buttons_context', __('Add media: %s'));
+       $context = apply_filters('media_buttons_context', __('Upload/Insert %s'));
        $media_upload_iframe_src = "media-upload.php?post_id=$uploading_iframe_ID";
        $media_title = __('Add Media');
        $image_upload_iframe_src = apply_filters('image_upload_iframe_src', "$media_upload_iframe_src&amp;type=image");
@@ -234,20 +363,33 @@ function media_buttons() {
        $audio_title = __('Add Audio');
        $out = <<<EOF
 
-       <a href="{$image_upload_iframe_src}&amp;TB_iframe=true" id="add_image" class="thickbox" title='$image_title'><img src='images/media-button-image.gif' alt='$image_title' /></a>
-       <a href="{$video_upload_iframe_src}&amp;TB_iframe=true" id="add_video" class="thickbox" title='$video_title'><img src='images/media-button-video.gif' alt='$video_title' /></a>
-       <a href="{$audio_upload_iframe_src}&amp;TB_iframe=true" id="add_audio" class="thickbox" title='$audio_title'><img src='images/media-button-music.gif' alt='$audio_title' /></a>
-       <a href="{$media_upload_iframe_src}&amp;TB_iframe=true" id="add_media" class="thickbox" title='$media_title'><img src='images/media-button-other.gif' alt='$media_title' /></a>
+       <a href="{$image_upload_iframe_src}&amp;TB_iframe=true" id="add_image" class="thickbox" title='$image_title' onclick="return false;"><img src='images/media-button-image.gif' alt='$image_title' /></a>
+       <a href="{$video_upload_iframe_src}&amp;TB_iframe=true" id="add_video" class="thickbox" title='$video_title' onclick="return false;"><img src='images/media-button-video.gif' alt='$video_title' /></a>
+       <a href="{$audio_upload_iframe_src}&amp;TB_iframe=true" id="add_audio" class="thickbox" title='$audio_title' onclick="return false;"><img src='images/media-button-music.gif' alt='$audio_title' /></a>
+       <a href="{$media_upload_iframe_src}&amp;TB_iframe=true" id="add_media" class="thickbox" title='$media_title' onclick="return false;"><img src='images/media-button-other.gif' alt='$media_title' /></a>
 
 EOF;
        printf($context, $out);
 }
 add_action( 'media_buttons', 'media_buttons' );
-add_action('media_upload_media', 'media_upload_handler');
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
 function media_upload_form_handler() {
        check_admin_referer('media-form');
 
+       $errors = null;
+
+       if ( isset($_POST['send']) ) {
+               $keys = array_keys($_POST['send']);
+               $send_id = (int) array_shift($keys);
+       }
+
        if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
                $post = $_post = get_post($attachment_id, ARRAY_A);
                if ( isset($attachment['post_content']) )
@@ -259,8 +401,22 @@ function media_upload_form_handler() {
                if ( isset($attachment['menu_order']) )
                        $post['menu_order'] = $attachment['menu_order'];
 
+               if ( isset($send_id) && $attachment_id == $send_id ) {
+                       if ( isset($attachment['post_parent']) )
+                               $post['post_parent'] = $attachment['post_parent'];
+               }
+
                $post = apply_filters('attachment_fields_to_save', $post, $attachment);
 
+               if ( isset($attachment['image_alt']) && !empty($attachment['image_alt']) ) {
+                       $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true);
+                       if ( $image_alt != stripslashes($attachment['image_alt']) ) {
+                               $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true );
+                               // update_meta expects slashed
+                               update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) );
+                       }
+               }
+
                if ( isset($post['errors']) ) {
                        $errors[$attachment_id] = $post['errors'];
                        unset($post['errors']);
@@ -269,24 +425,33 @@ function media_upload_form_handler() {
                if ( $post != $_post )
                        wp_update_post($post);
 
-               foreach ( get_attachment_taxonomies($post) as $t )
+               foreach ( get_attachment_taxonomies($post) as $t ) {
                        if ( isset($attachment[$t]) )
                                wp_set_object_terms($attachment_id, array_map('trim', preg_split('/,+/', $attachment[$t])), $t, false);
+               }
        }
 
-       if ( isset($_POST['insert-gallery']) )
-               return media_send_to_editor('[gallery]');
+       if ( isset($_POST['insert-gallery']) || isset($_POST['update-gallery']) ) { ?>
+               <script type="text/javascript">
+               /* <![CDATA[ */
+               var win = window.dialogArguments || opener || parent || top;
+               win.tb_remove();
+               /* ]]> */
+               </script>
+               <?php
+               exit;
+       }
 
-       if ( isset($_POST['send']) ) {
-               $keys = array_keys($_POST['send']);
-               $send_id = (int) array_shift($keys);
+       if ( isset($send_id) ) {
                $attachment = stripslashes_deep( $_POST['attachments'][$send_id] );
+
                $html = $attachment['post_title'];
                if ( !empty($attachment['url']) ) {
                        if ( strpos($attachment['url'], 'attachment_id') || false !== strpos($attachment['url'], get_permalink($_POST['post_id'])) )
-                               $rel = " rel='attachment wp-att-".attribute_escape($send_id)."'";
+                               $rel = " rel='attachment wp-att-" . esc_attr($send_id)."'";
                        $html = "<a href='{$attachment['url']}'$rel>$html</a>";
                }
+
                $html = apply_filters('media_send_to_editor', $html, $send_id, $attachment);
                return media_send_to_editor($html);
        }
@@ -294,7 +459,17 @@ function media_upload_form_handler() {
        return $errors;
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
 function media_upload_image() {
+       $errors = array();
+       $id = 0;
+
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
@@ -306,16 +481,20 @@ function media_upload_image() {
        }
 
        if ( !empty($_POST['insertonlybutton']) ) {
+               $alt = $align = '';
+
                $src = $_POST['insertonly']['src'];
                if ( !empty($src) && !strpos($src, '://') )
                        $src = "http://$src";
-               $alt = attribute_escape($_POST['insertonly']['alt']);
+               $alt = esc_attr($_POST['insertonly']['alt']);
                if ( isset($_POST['insertonly']['align']) ) {
-                       $align = attribute_escape($_POST['insertonly']['align']);
+                       $align = esc_attr($_POST['insertonly']['align']);
                        $class = " class='align$align'";
                }
                if ( !empty($src) )
-                       $html = "<img src='$src' alt='$alt'$class />";
+                       $html = "<img src='" . esc_url($src) . "' alt='$alt'$class />";
+
+               $html = apply_filters('image_send_to_editor_url', $html, esc_url_raw($src), $alt, $align);
                return media_send_to_editor($html);
        }
 
@@ -333,24 +512,51 @@ function media_upload_image() {
                return media_upload_gallery();
        }
 
+       if ( isset($_GET['tab']) && $_GET['tab'] == 'type_url' )
+               return wp_iframe( 'media_upload_type_url_form', 'image', $errors, $id );
+
        return wp_iframe( 'media_upload_type_form', 'image', $errors, $id );
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $file
+ * @param unknown_type $post_id
+ * @param unknown_type $desc
+ * @return unknown
+ */
 function media_sideload_image($file, $post_id, $desc = null) {
        if (!empty($file) ) {
-               $file_array['name'] = basename($file);
-               $file_array['tmp_name'] = download_url($file);
-               $desc = @$desc;
+               // Download file to temp location
+               $tmp = download_url($file);
+
+               // Set variables for storage
+               // fix file filename for query strings
+               preg_match('/[^\?]+\.(jpg|JPG|jpe|JPE|jpeg|JPEG|gif|GIF|png|PNG)/', $file, $matches);
+               $file_array['name'] = basename($matches[0]);
+               $file_array['tmp_name'] = $tmp;
 
-               $id = media_handle_sideload($file_array, $post_id, $desc);
+               // If error storing temporarily, unlink
+               if ( is_wp_error($tmp) ) {
+                       @unlink($file_array['tmp_name']);
+                       $file_array['tmp_name'] = '';
+               }
+
+               // do the validation and storage stuff
+               $id = media_handle_sideload($file_array, $post_id, @$desc);
                $src = $id;
 
+               // If error storing permanently, unlink
                if ( is_wp_error($id) ) {
                        @unlink($file_array['tmp_name']);
                        return $id;
                }
        }
 
+       // Finally check to make sure the file has been saved, then return the html
        if ( !empty($src) ) {
                $alt = @$desc;
                $html = "<img src='$src' alt='$alt' />";
@@ -358,7 +564,17 @@ function media_sideload_image($file, $post_id, $desc = null) {
        }
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
 function media_upload_audio() {
+       $errors = array();
+       $id = 0;
+
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
@@ -373,11 +589,16 @@ function media_upload_audio() {
                $href = $_POST['insertonly']['href'];
                if ( !empty($href) && !strpos($href, '://') )
                        $href = "http://$href";
-               $title = attribute_escape($_POST['insertonly']['title']);
+
+               $title = esc_attr($_POST['insertonly']['title']);
                if ( empty($title) )
-                       $title = basename($href);
+            $title = esc_attr( basename($href) );
+
                if ( !empty($title) && !empty($href) )
-                       $html = "<a href='$href' >$title</a>";
+            $html = "<a href='" . esc_url($href) . "' >$title</a>";
+
+               $html = apply_filters('audio_send_to_editor_url', $html, $href, $title);
+
                return media_send_to_editor($html);
        }
 
@@ -395,10 +616,23 @@ function media_upload_audio() {
                return media_upload_gallery();
        }
 
+       if ( isset($_GET['tab']) && $_GET['tab'] == 'type_url' )
+               return wp_iframe( 'media_upload_type_url_form', 'audio', $errors, $id );
+
        return wp_iframe( 'media_upload_type_form', 'audio', $errors, $id );
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
 function media_upload_video() {
+       $errors = array();
+       $id = 0;
+
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
@@ -413,11 +647,16 @@ function media_upload_video() {
                $href = $_POST['insertonly']['href'];
                if ( !empty($href) && !strpos($href, '://') )
                        $href = "http://$href";
-               $title = attribute_escape($_POST['insertonly']['title']);
-               if ( empty($title) )
-                       $title = basename($href);
+
+               $title = esc_attr($_POST['insertonly']['title']);
+        if ( empty($title) )
+            $title = esc_attr( basename($href) );
+
                if ( !empty($title) && !empty($href) )
-                       $html = "<a href='$href' >$title</a>";
+            $html = "<a href='" . esc_url($href) . "' >$title</a>";
+
+               $html = apply_filters('video_send_to_editor_url', $html, $href, $title);
+
                return media_send_to_editor($html);
        }
 
@@ -435,10 +674,23 @@ function media_upload_video() {
                return media_upload_gallery();
        }
 
+       if ( isset($_GET['tab']) && $_GET['tab'] == 'type_url' )
+               return wp_iframe( 'media_upload_type_url_form', 'video', $errors, $id );
+
        return wp_iframe( 'media_upload_type_form', 'video', $errors, $id );
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
 function media_upload_file() {
+       $errors = array();
+       $id = 0;
+
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
@@ -453,11 +705,13 @@ function media_upload_file() {
                $href = $_POST['insertonly']['href'];
                if ( !empty($href) && !strpos($href, '://') )
                        $href = "http://$href";
-               $title = attribute_escape($_POST['insertonly']['title']);
+
+               $title = esc_attr($_POST['insertonly']['title']);
                if ( empty($title) )
                        $title = basename($href);
                if ( !empty($title) && !empty($href) )
-                       $html = "<a href='$href' >$title</a>";
+                       $html = "<a href='" . esc_url($href) . "' >$title</a>";
+               $html = apply_filters('file_send_to_editor_url', $html, esc_url_raw($href), $title);
                return media_send_to_editor($html);
        }
 
@@ -475,10 +729,22 @@ function media_upload_file() {
                return media_upload_gallery();
        }
 
+       if ( isset($_GET['tab']) && $_GET['tab'] == 'type_url' )
+               return wp_iframe( 'media_upload_type_url_form', 'file', $errors, $id );
+
        return wp_iframe( 'media_upload_type_form', 'file', $errors, $id );
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
 function media_upload_gallery() {
+       $errors = array();
+
        if ( !empty($_POST) ) {
                $return = media_upload_form_handler();
 
@@ -492,7 +758,15 @@ function media_upload_gallery() {
        return wp_iframe( 'media_upload_gallery_form', $errors );
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
 function media_upload_library() {
+       $errors = array();
        if ( !empty($_POST) ) {
                $return = media_upload_form_handler();
 
@@ -505,52 +779,187 @@ function media_upload_library() {
        return wp_iframe( 'media_upload_library_form', $errors );
 }
 
+/**
+ * Retrieve HTML for the image alignment radio buttons with the specified one checked.
+ *
+ * @since unknown
+ *
+ * @param unknown_type $post
+ * @param unknown_type $checked
+ * @return unknown
+ */
+function image_align_input_fields( $post, $checked = '' ) {
+
+       if ( empty($checked) )
+               $checked = get_user_setting('align', 'none');
+
+       $alignments = array('none' => __('None'), 'left' => __('Left'), 'center' => __('Center'), 'right' => __('Right'));
+       if ( !array_key_exists( (string) $checked, $alignments ) )
+               $checked = 'none';
+
+       $out = array();
+       foreach ( $alignments as $name => $label ) {
+               $name = esc_attr($name);
+               $out[] = "<input type='radio' name='attachments[{$post->ID}][align]' id='image-align-{$name}-{$post->ID}' value='$name'".
+                       ( $checked == $name ? " checked='checked'" : "" ) .
+                       " /><label for='image-align-{$name}-{$post->ID}' class='align image-align-{$name}-label'>$label</label>";
+       }
+       return join("\n", $out);
+}
+
+/**
+ * Retrieve HTML for the size radio buttons with the specified one checked.
+ *
+ * @since unknown
+ *
+ * @param unknown_type $post
+ * @param unknown_type $checked
+ * @return unknown
+ */
+function image_size_input_fields( $post, $check = '' ) {
+
+               // get a list of the actual pixel dimensions of each possible intermediate version of this image
+               $size_names = array('thumbnail' => __('Thumbnail'), 'medium' => __('Medium'), 'large' => __('Large'), 'full' => __('Full size'));
+
+               if ( empty($check) )
+                       $check = get_user_setting('imgsize', 'medium');
+
+               foreach ( $size_names as $size => $label ) {
+                       $downsize = image_downsize($post->ID, $size);
+                       $checked = '';
+
+                       // is this size selectable?
+                       $enabled = ( $downsize[3] || 'full' == $size );
+                       $css_id = "image-size-{$size}-{$post->ID}";
+                       // if this size is the default but that's not available, don't select it
+                       if ( $size == $check ) {
+                               if ( $enabled )
+                                       $checked = " checked='checked'";
+                               else
+                                       $check = '';
+                       } elseif ( !$check && $enabled && 'thumbnail' != $size ) {
+                               // if $check is not enabled, default to the first available size that's bigger than a thumbnail
+                               $check = $size;
+                               $checked = " checked='checked'";
+                       }
+
+                       $html = "<div class='image-size-item'><input type='radio' " . ( $enabled ? '' : "disabled='disabled' " ) . "name='attachments[$post->ID][image-size]' id='{$css_id}' value='{$size}'$checked />";
+
+                       $html .= "<label for='{$css_id}'>$label</label>";
+                       // only show the dimensions if that choice is available
+                       if ( $enabled )
+                               $html .= " <label for='{$css_id}' class='help'>" . sprintf( __("(%d&nbsp;&times;&nbsp;%d)"), $downsize[1], $downsize[2] ). "</label>";
+
+                       $html .= '</div>';
+
+                       $out[] = $html;
+               }
+
+               return array(
+                       'label' => __('Size'),
+                       'input' => 'html',
+                       'html'  => join("\n", $out),
+               );
+}
+
+/**
+ * Retrieve HTML for the Link URL buttons with the default link type as specified.
+ *
+ * @since unknown
+ *
+ * @param unknown_type $post
+ * @param unknown_type $url_type
+ * @return unknown
+ */
+function image_link_input_fields($post, $url_type = '') {
+
+       $file = wp_get_attachment_url($post->ID);
+       $link = get_attachment_link($post->ID);
+
+       if ( empty($url_type) )
+               $url_type = get_user_setting('urlbutton', 'post');
+
+       $url = '';
+       if ( $url_type == 'file' )
+               $url = $file;
+       elseif ( $url_type == 'post' )
+               $url = $link;
+
+       return "
+       <input type='text' class='text urlfield' name='attachments[$post->ID][url]' value='" . esc_attr($url) . "' /><br />
+       <button type='button' class='button urlnone' title=''>" . __('None') . "</button>
+       <button type='button' class='button urlfile' title='" . esc_attr($file) . "'>" . __('File URL') . "</button>
+       <button type='button' class='button urlpost' title='" . esc_attr($link) . "'>" . __('Post URL') . "</button>
+";
+}
+
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $form_fields
+ * @param unknown_type $post
+ * @return unknown
+ */
 function image_attachment_fields_to_edit($form_fields, $post) {
        if ( substr($post->post_mime_type, 0, 5) == 'image' ) {
-               $form_fields['post_title']['required'] = true;
+               $alt = get_post_meta($post->ID, '_wp_attachment_image_alt', true);
+               if ( empty($alt) )
+                       $alt = '';
 
-               $form_fields['post_excerpt']['label'] = __('Caption');
-               $form_fields['post_excerpt']['helps'][] = __('Also used as alternate text for the image');
-
-               $form_fields['post_content']['label'] = __('Description');
+               $form_fields['post_title']['required'] = true;
 
-               $thumb = wp_get_attachment_thumb_url($post->ID);
+               $form_fields['image_alt'] = array(
+                       'value' => $alt,
+                       'label' => __('Alternate text'),
+                       'helps' => __('Alt text for the image, e.g. &#8220;The Mona Lisa&#8221;')
+               );
 
                $form_fields['align'] = array(
                        'label' => __('Alignment'),
                        'input' => 'html',
-                       'html'  => "
-                               <input type='radio' name='attachments[$post->ID][align]' id='image-align-none-$post->ID' value='none' checked='checked' />
-                               <label for='image-align-none-$post->ID' class='align image-align-none-label'>" . __('None') . "</label>
-                               <input type='radio' name='attachments[$post->ID][align]' id='image-align-left-$post->ID' value='left' />
-                               <label for='image-align-left-$post->ID' class='align image-align-left-label'>" . __('Left') . "</label>
-                               <input type='radio' name='attachments[$post->ID][align]' id='image-align-center-$post->ID' value='center' />
-                               <label for='image-align-center-$post->ID' class='align image-align-center-label'>" . __('Center') . "</label>
-                               <input type='radio' name='attachments[$post->ID][align]' id='image-align-right-$post->ID' value='right' />
-                               <label for='image-align-right-$post->ID' class='align image-align-right-label'>" . __('Right') . "</label>\n",
-               );
-               $form_fields['image-size'] = array(
-                       'label' => __('Size'),
-                       'input' => 'html',
-                       'html'  => "
-                               " . ( $thumb ? "<input type='radio' name='attachments[$post->ID][image-size]' id='image-size-thumb-$post->ID' value='thumbnail' />
-                               <label for='image-size-thumb-$post->ID'>" . __('Thumbnail') . "</label>
-                               " : '' ) . "<input type='radio' name='attachments[$post->ID][image-size]' id='image-size-medium-$post->ID' value='medium' checked='checked' />
-                               <label for='image-size-medium-$post->ID'>" . __('Medium') . "</label>
-                               <input type='radio' name='attachments[$post->ID][image-size]' id='image-size-full-$post->ID' value='full' />
-                               <label for='image-size-full-$post->ID'>" . __('Full size') . "</label>",
+                       'html'  => image_align_input_fields($post, get_option('image_default_align')),
                );
+
+               $form_fields['image-size'] = image_size_input_fields( $post, get_option('image_default_size', 'medium') );
+
+       } else {
+               unset( $form_fields['image_alt'] );
        }
        return $form_fields;
 }
 
 add_filter('attachment_fields_to_edit', 'image_attachment_fields_to_edit', 10, 2);
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $form_fields
+ * @param unknown_type $post
+ * @return unknown
+ */
 function media_single_attachment_fields_to_edit( $form_fields, $post ) {
        unset($form_fields['url'], $form_fields['align'], $form_fields['image-size']);
        return $form_fields;
 }
 
+function media_post_single_attachment_fields_to_edit( $form_fields, $post ) {
+       unset($form_fields['image_url']);
+       return $form_fields;
+}
+
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $post
+ * @param unknown_type $attachment
+ * @return unknown
+ */
 function image_attachment_fields_to_save($post, $attachment) {
        if ( substr($post['post_mime_type'], 0, 5) == 'image' ) {
                if ( strlen(trim($post['post_title'])) == 0 ) {
@@ -564,24 +973,26 @@ function image_attachment_fields_to_save($post, $attachment) {
 
 add_filter('attachment_fields_to_save', 'image_attachment_fields_to_save', 10, 2);
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $html
+ * @param unknown_type $attachment_id
+ * @param unknown_type $attachment
+ * @return unknown
+ */
 function image_media_send_to_editor($html, $attachment_id, $attachment) {
        $post =& get_post($attachment_id);
        if ( substr($post->post_mime_type, 0, 5) == 'image' ) {
                $url = $attachment['url'];
-
-               if ( isset($attachment['align']) )
-                       $align = $attachment['align'];
-               else
-                       $align = 'none';
-
-               if ( !empty($attachment['image-size']) )
-                       $size = $attachment['image-size'];
-               else
-                       $size = 'medium';
-
+               $align = !empty($attachment['align']) ? $attachment['align'] : 'none';
+               $size = !empty($attachment['image-size']) ? $attachment['image-size'] : 'medium';
+               $alt = !empty($attachment['image_alt']) ? $attachment['image_alt'] : '';
                $rel = ( $url == get_attachment_link($attachment_id) );
 
-               return get_image_send_to_editor($attachment_id, $attachment['post_excerpt'], $attachment['post_title'], $align, $url, $rel, $size);
+               return get_image_send_to_editor($attachment_id, $attachment['post_excerpt'], $attachment['post_title'], $align, $url, $rel, $size, $alt);
        }
 
        return $html;
@@ -589,47 +1000,57 @@ function image_media_send_to_editor($html, $attachment_id, $attachment) {
 
 add_filter('media_send_to_editor', 'image_media_send_to_editor', 10, 3);
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $post
+ * @param unknown_type $errors
+ * @return unknown
+ */
 function get_attachment_fields_to_edit($post, $errors = null) {
        if ( is_int($post) )
                $post =& get_post($post);
        if ( is_array($post) )
                $post = (object) $post;
 
+       $image_url = wp_get_attachment_url($post->ID);
+
        $edit_post = sanitize_post($post, 'edit');
-       $file = wp_get_attachment_url($post->ID);
-       $link = get_attachment_link($post->ID);
 
        $form_fields = array(
                'post_title'   => array(
                        'label'      => __('Title'),
-                       'value'      => $edit_post->post_title,
+                       'value'      => $edit_post->post_title
                ),
+               'image_alt'   => array(),
                'post_excerpt' => array(
                        'label'      => __('Caption'),
-                       'value'      => $edit_post->post_excerpt,
+                       'value'      => $edit_post->post_excerpt
                ),
                'post_content' => array(
                        'label'      => __('Description'),
                        'value'      => $edit_post->post_content,
-                       'input'      => 'textarea',
+                       'input'      => 'textarea'
                ),
                'url'          => array(
                        'label'      => __('Link URL'),
                        'input'      => 'html',
-                       'html'       => "
-                               <input type='text' name='attachments[$post->ID][url]' value='" . attribute_escape($file) . "' /><br />
-                               <button type='button' class='button url-$post->ID' value=''>" . __('None') . "</button>
-                               <button type='button' class='button url-$post->ID' value='" . attribute_escape($file) . "'>" . __('File URL') . "</button>
-                               <button type='button' class='button url-$post->ID' value='" . attribute_escape($link) . "'>" . __('Post URL') . "</button>
-                               <script type='text/javascript'>
-                               jQuery('button.url-$post->ID').bind('click', function(){jQuery(this).siblings('input').val(this.value);});
-                               </script>\n",
-                       'helps'      => __('Enter a link URL or click above for presets.'),
+                       'html'       => image_link_input_fields($post, get_option('image_default_link_type')),
+                       'helps'      => __('Enter a link URL or click above for presets.')
                ),
-       'menu_order'   => array(
+               'menu_order'   => array(
                        'label'      => __('Order'),
                        'value'      => $edit_post->menu_order
                ),
+               'image_url'     => array(
+                       'label'      => __('File URL'),
+                       'input'      => 'html',
+                       'html'       => "<input type='text' class='text urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . esc_attr($image_url) . "' /><br />",
+                       'value'      => wp_get_attachment_url($post->ID),
+                       'helps'      => __('Location of the uploaded file.')
+               )
        );
 
        foreach ( get_attachment_taxonomies($post) as $taxonomy ) {
@@ -661,6 +1082,19 @@ function get_attachment_fields_to_edit($post, $errors = null) {
        return $form_fields;
 }
 
+/**
+ * Retrieve HTML for media items of post gallery.
+ *
+ * The HTML markup retrieved will be created for the progress of SWF Upload
+ * component. Will also create link for showing and hiding the form to modify
+ * the image attachment.
+ *
+ * @since unknown
+ *
+ * @param int $post_id Optional. Post ID.
+ * @param array $errors Errors for attachment, if any.
+ * @return string
+ */
 function get_media_items( $post_id, $errors ) {
        if ( $post_id ) {
                $post = get_post($post_id);
@@ -674,32 +1108,37 @@ function get_media_items( $post_id, $errors ) {
                                $attachments[$attachment->ID] = $attachment;
        }
 
-       if ( empty($attachments) )
-               return '';
-
-       foreach ( $attachments as $id => $attachment )
+       $output = '';
+       foreach ( (array) $attachments as $id => $attachment ) {
+               if ( $attachment->post_status == 'trash' )
+                       continue;
                if ( $item = get_media_item( $id, array( 'errors' => isset($errors[$id]) ? $errors[$id] : null) ) )
                        $output .= "\n<div id='media-item-$id' class='media-item child-of-$attachment->post_parent preloaded'><div class='progress'><div class='bar'></div></div><div id='media-upload-error-$id'></div><div class='filename'></div>$item\n</div>";
+       }
 
        return $output;
 }
 
+/**
+ * Retrieve HTML form for modifying the image attachment.
+ *
+ * @since unknown
+ *
+ * @param int $attachment_id Attachment ID for modification.
+ * @param string|array $args Optional. Override defaults.
+ * @return string HTML form for attachment.
+ */
 function get_media_item( $attachment_id, $args = null ) {
        global $redir_tab;
 
-       $default_args = array( 'errors' => null, 'send' => true, 'delete' => true, 'toggle' => true );
-       $args = wp_parse_args( $args, $default_args );
-       extract( $args, EXTR_SKIP );
-
-       global $post_mime_types;
        if ( ( $attachment_id = intval($attachment_id) ) && $thumb_url = get_attachment_icon_src( $attachment_id ) )
                $thumb_url = $thumb_url[0];
        else
                return false;
 
-       $title_label = __('Title');
-       $description_label = __('Description');
-       $tags_label = __('Tags');
+       $default_args = array( 'errors' => null, 'send' => true, 'delete' => true, 'toggle' => true, 'show_title' => true );
+       $args = wp_parse_args( $args, $default_args );
+       extract( $args, EXTR_SKIP );
 
        $toggle_on = __('Show');
        $toggle_off = __('Hide');
@@ -707,19 +1146,18 @@ function get_media_item( $attachment_id, $args = null ) {
        $post = get_post($attachment_id);
 
        $filename = basename($post->guid);
-       $title = attribute_escape($post->post_title);
-       $description = attribute_escape($post->post_content);
+       $title = esc_attr($post->post_title);
+
        if ( $_tags = get_the_tags($attachment_id) ) {
                foreach ( $_tags as $tag )
                        $tags[] = $tag->name;
-               $tags = attribute_escape(join(', ', $tags));
+               $tags = esc_attr(join(', ', $tags));
        }
 
-       if ( isset($post_mime_types) ) {
-               $keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type));
-               $type = array_shift($keys);
-               $type = "<input type='hidden' id='type-of-$attachment_id' value='" . attribute_escape( $type ) . "' />";
-       }
+       $post_mime_types = get_post_mime_types();
+       $keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type));
+       $type = array_shift($keys);
+       $type_html = "<input type='hidden' id='type-of-$attachment_id' value='" . esc_attr( $type ) . "' />";
 
        $form_fields = get_attachment_fields_to_edit($post, $errors);
 
@@ -734,7 +1172,7 @@ function get_media_item( $attachment_id, $args = null ) {
        }
 
        $display_title = ( !empty( $title ) ) ? $title : $filename; // $title shouldn't ever be empty, but just in case
-       $display_title = wp_html_excerpt($display_title, 60);
+       $display_title = $show_title ? "<div class='filename new'><span class='title'>" . wp_html_excerpt($display_title, 60) . "</span></div>" : '';
 
        $gallery = ( (isset($_REQUEST['tab']) && 'gallery' == $_REQUEST['tab']) || (isset($redir_tab) && 'gallery' == $redir_tab) ) ? true : false;
        $order = '';
@@ -751,22 +1189,41 @@ function get_media_item( $attachment_id, $args = null ) {
                }
        }
 
+       $media_dims = '';
+       $meta = wp_get_attachment_metadata($post->ID);
+       if ( is_array($meta) && array_key_exists('width', $meta) && array_key_exists('height', $meta) )
+               $media_dims .= "<span id='media-dims-{$post->ID}'>{$meta['width']}&nbsp;&times;&nbsp;{$meta['height']}</span> ";
+       $media_dims = apply_filters('media_meta', $media_dims, $post);
+
+       $image_edit_button = '';
+       if ( gd_edit_image_support($post->post_mime_type) ) {
+               $nonce = wp_create_nonce("image_editor-$post->ID");
+               $image_edit_button = "<input type='button' id='imgedit-open-btn-{$post->ID}' onclick='imageEdit.open($post->ID, \"$nonce\")' class='button' value='" . esc_attr__( 'Edit image' ) . "' /> <img src='images/wpspin_light.gif' class='imgedit-wait-spin' alt='' />";
+       }
+
        $item = "
-       $type
+       $type_html
        $toggle_links
        $order
-       <div class='filename new'>$display_title</div>
+       $display_title
        <table class='slidetoggle describe $class'>
-               <thead class='media-item-info'>
+               <thead class='media-item-info' id='media-head-$post->ID'>
                <tr>
-                       <td class='A1B1' rowspan='4'><img class='thumbnail' src='$thumb_url' alt='' /></td>
-                       <td>$filename</td>
+                       <td class='A1B1' id='thumbnail-head-$post->ID' rowspan='5'><img class='thumbnail' src='$thumb_url' alt='' /></td>
+                       <td><strong>" . __('File name:') . "</strong> $filename</td>
                </tr>
-               <tr><td>$post->post_mime_type</td></tr>
-               <tr><td>" . mysql2date($post->post_date, get_option('time_format')) . "</td></tr>
-               <tr><td>" . apply_filters('media_meta', '', $post) . "</td></tr>
+               <tr><td><strong>" . __('File type:') . "</strong> $post->post_mime_type</td></tr>
+               <tr><td><strong>" . __('Upload date:') . "</strong> " . mysql2date( get_option('date_format'), $post->post_date ) . "</td></tr>\n";
+
+       if ( !empty($media_dims) )
+               $item .= "<tr><td><strong>" . __('Dimensions:') . "</strong> $media_dims</td></tr>\n";
+
+       $item .= "
+               <tr><td class='A1B1'>$image_edit_button</td></tr>
                </thead>
-               <tbody>\n";
+               <tbody>
+               <tr><td colspan='2' class='imgedit-response' id='imgedit-response-$post->ID'></td></tr>
+               <tr><td style='display:none' colspan='2' class='image-editor' id='image-editor-$post->ID'></td></tr>\n";
 
        $defaults = array(
                'input'      => 'text',
@@ -775,15 +1232,31 @@ function get_media_item( $attachment_id, $args = null ) {
                'extra_rows' => array(),
        );
 
-       $delete_href = wp_nonce_url("post.php?action=delete-post&amp;post=$attachment_id", 'delete-post_' . $attachment_id);
        if ( $send )
-               $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attribute_escape( __( 'Insert into Post' ) ) . "' />";
-       if ( $delete )
-               $delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>";
-       if ( ( $send || $delete ) && !isset($form_fields['buttons']) )
-               $form_fields['buttons'] = array('tr' => "\t\t<tr class='submit'><td></td><td class='savesend'>$send $delete
-               <div id=\"del_attachment_$attachment_id\" class=\"del-attachment\" style=\"display:none;\">" . sprintf(__("You are about to delete <strong>%s</strong>."), $filename) . " <a href=\"$delete_href\" id=\"del[$attachment_id]\" class=\"delete\">" . __('Continue') . "</a>
-               <a href=\"#\" class=\"del-link\" onclick=\"this.parentNode.style.display='none';return false;\">" . __('Cancel') . "</a></div></td></tr>\n");
+               $send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . esc_attr__( 'Insert into Post' ) . "' />";
+       if ( $delete && current_user_can('delete_post', $attachment_id) ) {
+               if ( !EMPTY_TRASH_DAYS ) {
+                       $delete = "<a href=\"" . wp_nonce_url("post.php?action=delete&amp;post=$attachment_id", 'delete-post_' . $attachment_id) . "\" id=\"del[$attachment_id]\" class=\"delete\">" . __('Delete Permanently') . "</a>";
+               } elseif ( !MEDIA_TRASH ) {
+                       $delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a> <div id=\"del_attachment_$attachment_id\" class=\"del-attachment\" style=\"display:none;\">" . sprintf(__("You are about to delete <strong>%s</strong>."), $filename) . " <a href=\"" . wp_nonce_url("post.php?action=delete&amp;post=$attachment_id", 'delete-post_' . $attachment_id) . "\" id=\"del[$attachment_id]\" class=\"button\">" . __('Continue') . "</a> <a href=\"#\" class=\"button\" onclick=\"this.parentNode.style.display='none';return false;\">" . __('Cancel') . "</a></div>";
+               } else {
+                       $delete = "<a href=\"" . wp_nonce_url("post.php?action=trash&amp;post=$attachment_id", 'trash-post_' . $attachment_id) . "\" id=\"del[$attachment_id]\" class=\"delete\">" . __('Move to Trash') . "</a> <a href=\"" . wp_nonce_url("post.php?action=untrash&amp;post=$attachment_id", 'untrash-post_' . $attachment_id) . "\" id=\"undo[$attachment_id]\" class=\"undo hidden\">" . __('Undo') . "</a>";
+               }
+       } else {
+               $delete = '';
+       }
+
+       $thumbnail = '';
+       $calling_post_id = 0;
+       if ( isset( $_GET['post_id'] ) )
+               $calling_post_id = $_GET['post_id'];
+       elseif ( isset( $_POST ) && count( $_POST ) ) // Like for async-upload where $_GET['post_id'] isn't set
+               $calling_post_id = $post->post_parent;
+       if ( 'image' == $type && $calling_post_id && current_theme_supports( 'post-thumbnails', get_post_type( $calling_post_id ) ) && get_post_thumbnail_id( $calling_post_id ) != $attachment_id )
+               $thumbnail = "<a class='wp-post-thumbnail' id='wp-post-thumbnail-" . $attachment_id . "' href='#' onclick='WPSetAsThumbnail(\"$attachment_id\");return false;'>" . esc_html__( "Use as thumbnail" ) . "</a>";
+
+       if ( ( $send || $thumbnail || $delete ) && !isset($form_fields['buttons']) )
+               $form_fields['buttons'] = array('tr' => "\t\t<tr class='submit'><td></td><td class='savesend'>$send $thumbnail $delete</td></tr>\n");
 
        $hidden_fields = array();
 
@@ -813,9 +1286,9 @@ function get_media_item( $attachment_id, $args = null ) {
                if ( !empty($field[$field['input']]) )
                        $item .= $field[$field['input']];
                elseif ( $field['input'] == 'textarea' ) {
-                       $item .= "<textarea type='text' id='$name' name='$name'>" . attribute_escape( $field['value'] ) . $aria_required . "</textarea>";
+                       $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . esc_html( $field['value'] ) . "</textarea>";
                } else {
-                       $item .= "<input type='text' id='$name' name='$name' value='" . attribute_escape( $field['value'] ) . "'" . $aria_required . "/>";
+                       $item .= "<input type='text' class='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "'" . $aria_required . "/>";
                }
                if ( !empty($field['helps']) )
                        $item .= "<p class='help'>" . join( "</p>\n<p class='help'>", array_unique((array) $field['helps']) ) . '</p>';
@@ -843,11 +1316,23 @@ function get_media_item( $attachment_id, $args = null ) {
        $item .= "\t</table>\n";
 
        foreach ( $hidden_fields as $name => $value )
-               $item .= "\t<input type='hidden' name='$name' id='$name' value='" . attribute_escape( $value ) . "' />\n";
+               $item .= "\t<input type='hidden' name='$name' id='$name' value='" . esc_attr( $value ) . "' />\n";
+
+       if ( $post->post_parent < 1 && isset($_REQUEST['post_id']) ) {
+               $parent = (int) $_REQUEST['post_id'];
+               $parent_name = "attachments[$attachment_id][post_parent]";
+
+               $item .= "\t<input type='hidden' name='$parent_name' id='$parent_name' value='" . $parent . "' />\n";
+       }
 
        return $item;
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ */
 function media_upload_header() {
        ?>
        <script type="text/javascript">post_id = <?php echo intval($_REQUEST['post_id']); ?>;</script>
@@ -857,6 +1342,13 @@ function media_upload_header() {
        <?php
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $errors
+ */
 function media_upload_form( $errors = null ) {
        global $type, $tab;
 
@@ -868,9 +1360,19 @@ function media_upload_form( $errors = null ) {
                $flash = false;
 
        $flash = apply_filters('flash_uploader', $flash);
-       $post_id = intval($_REQUEST['post_id']);
+       $post_id = isset($_REQUEST['post_id']) ? intval($_REQUEST['post_id']) : 0;
 
 ?>
+<script type="text/javascript">
+//<![CDATA[
+var uploaderMode = 0;
+jQuery(document).ready(function($){
+       uploaderMode = getUserSetting('uploader');
+       $('.upload-html-bypass a').click(function(){deleteUserSetting('uploader');uploaderMode=0;swfuploadPreLoad();return false;});
+       $('.upload-flash-bypass a').click(function(){setUserSetting('uploader', '1');uploaderMode=1;swfuploadPreLoad();return false;});
+});
+//]]>
+</script>
 <div id="media-upload-notice">
 <?php if (isset($errors['upload_notice']) ) { ?>
        <?php echo $errors['upload_notice']; ?>
@@ -886,24 +1388,31 @@ function media_upload_form( $errors = null ) {
 
 <?php if ( $flash ) : ?>
 <script type="text/javascript">
-<!--
-jQuery(function($){
-       swfu = new SWFUpload({
-                       upload_url : "<?php echo attribute_escape( $flash_action_url ); ?>",
-                       flash_url : "<?php echo includes_url('js/swfupload/swfupload_f9.swf'); ?>",
+//<![CDATA[
+var swfu;
+SWFUpload.onload = function() {
+       var settings = {
+                       button_text: '<span class="button"><?php _e('Select Files'); ?></span>',
+                       button_text_style: '.button { text-align: center; font-weight: bold; font-family:"Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif; }',
+                       button_height: "24",
+                       button_width: "132",
+                       button_text_top_padding: 2,
+                       button_image_url: '<?php echo includes_url('images/upload.png'); ?>',
+                       button_placeholder_id: "flash-browse-button",
+                       upload_url : "<?php echo esc_attr( $flash_action_url ); ?>",
+                       flash_url : "<?php echo includes_url('js/swfupload/swfupload.swf'); ?>",
                        file_post_name: "async-upload",
                        file_types: "<?php echo apply_filters('upload_file_glob', '*.*'); ?>",
                        post_params : {
                                "post_id" : "<?php echo $post_id; ?>",
                                "auth_cookie" : "<?php if ( is_ssl() ) echo $_COOKIE[SECURE_AUTH_COOKIE]; else echo $_COOKIE[AUTH_COOKIE]; ?>",
+                               "logged_in_cookie": "<?php echo $_COOKIE[LOGGED_IN_COOKIE]; ?>",
                                "_wpnonce" : "<?php echo wp_create_nonce('media-form'); ?>",
                                "type" : "<?php echo $type; ?>",
                                "tab" : "<?php echo $tab; ?>",
                                "short" : "1"
                        },
                        file_size_limit : "<?php echo wp_max_upload_size(); ?>b",
-                       swfupload_element_id : "flash-upload-ui", // id of the element displayed when swfupload is available
-                       degraded_element_id : "html-upload-ui",   // when swfupload is unavailable
                        file_dialog_start_handler : fileDialogStart,
                        file_queued_handler : fileQueued,
                        upload_start_handler : uploadStart,
@@ -913,38 +1422,57 @@ jQuery(function($){
                        upload_complete_handler : uploadComplete,
                        file_queue_error_handler : fileQueueError,
                        file_dialog_complete_handler : fileDialogComplete,
-
+                       swfupload_pre_load_handler: swfuploadPreLoad,
+                       swfupload_load_failed_handler: swfuploadLoadFailed,
+                       custom_settings : {
+                               degraded_element_id : "html-upload-ui", // id of the element displayed when swfupload is unavailable
+                               swfupload_element_id : "flash-upload-ui" // id of the element displayed when swfupload is available
+                       },
                        debug: false
-               });
-       $("#flash-browse-button").bind( "click", function(){swfu.selectFiles();});
-});
-//-->
+               };
+               swfu = new SWFUpload(settings);
+};
+//]]>
 </script>
 
 <div id="flash-upload-ui">
 <?php do_action('pre-flash-upload-ui'); ?>
-       <p><input id="flash-browse-button" type="button" value="<?php echo attribute_escape( __( 'Choose files to upload' ) ); ?>" class="button" /></p>
+
+       <div>
+       <?php _e( 'Choose files to upload' ); ?>
+       <div id="flash-browse-button"></div>
+       <span><input id="cancel-upload" disabled="disabled" onclick="cancelUpload()" type="button" value="<?php esc_attr_e('Cancel Upload'); ?>" class="button" /></span>
+       </div>
 <?php do_action('post-flash-upload-ui'); ?>
        <p class="howto"><?php _e('After a file has been uploaded, you can add titles and descriptions.'); ?></p>
 </div>
-
 <?php endif; // $flash ?>
 
 <div id="html-upload-ui">
 <?php do_action('pre-html-upload-ui'); ?>
-       <p>
-       <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attribute_escape(__('Upload')); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
+       <p id="async-upload-wrap">
+       <label class="screen-reader-text" for="async-upload"><?php _e('Upload'); ?></label>
+       <input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php esc_attr_e('Upload'); ?>" /> <a href="#" onclick="try{top.tb_remove();}catch(e){}; return false;"><?php _e('Cancel'); ?></a>
        </p>
-       <br class="clear" />
+       <div class="clear"></div>
        <?php if ( is_lighttpd_before_150() ): ?>
        <p><?php _e('If you want to use all capabilities of the uploader, like uploading multiple files at once, please upgrade to lighttpd 1.5.'); ?></p>
        <?php endif;?>
-<?php do_action('post-html-upload-ui'); ?>
+<?php do_action('post-html-upload-ui', $flash); ?>
 </div>
 <?php do_action('post-upload-ui'); ?>
 <?php
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $type
+ * @param unknown_type $errors
+ * @param unknown_type $id
+ */
 function media_upload_type_form($type = 'file', $errors = null, $id = null) {
        media_upload_header();
 
@@ -952,18 +1480,19 @@ function media_upload_type_form($type = 'file', $errors = null, $id = null) {
 
        $form_action_url = admin_url("media-upload.php?type=$type&tab=type&post_id=$post_id");
        $form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type);
-
-       $callback = "type_form_$type";
 ?>
 
-<form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
+<input type="submit" class="hidden" name="save" value="" />
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 <?php wp_nonce_field('media-form'); ?>
-<h3><?php _e('From Computer'); ?></h3>
+
+<h3 class="media-title"><?php _e('Add media files from your computer'); ?></h3>
+
 <?php media_upload_form( $errors ); ?>
 
 <script type="text/javascript">
-<!--
+//<![CDATA[
 jQuery(function($){
        var preloaded = $(".media-item.preloaded");
        if ( preloaded.length > 0 ) {
@@ -971,20 +1500,54 @@ jQuery(function($){
        }
        updateMediaForm();
 });
--->
+//]]>
 </script>
-<?php if ( $id && !is_wp_error($id) ) : ?>
 <div id="media-items">
-<?php echo get_media_items( $id, $errors ); ?>
+<?php
+if ( $id ) {
+       if ( !is_wp_error($id) ) {
+               add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2);
+               echo get_media_items( $id, $errors );
+       } else {
+               echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div>';
+               exit;
+       }
+}
+?>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
+<p class="savebutton ml-submit">
+<input type="submit" class="button" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
+</p>
+<?php
+}
+
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $type
+ * @param unknown_type $errors
+ * @param unknown_type $id
+ */
+function media_upload_type_url_form($type = 'file', $errors = null, $id = null) {
+       media_upload_header();
 
-<?php elseif ( is_callable($callback) ) : ?>
+       $post_id = intval($_REQUEST['post_id']);
 
-<div class="media-blank">
-<p style="text-align:center"><?php _e('&mdash; OR &mdash;'); ?></p>
-<h3><?php _e('From URL'); ?></h3>
-</div>
+       $form_action_url = admin_url("media-upload.php?type=$type&tab=type&post_id=$post_id");
+       $form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type);
+
+       $callback = "type_url_form_$type";
+?>
+
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
+<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
+<?php wp_nonce_field('media-form'); ?>
+
+<?php if ( is_callable($callback) ) { ?>
+
+<h3 class="media-title"><?php _e('Add media file from URL'); ?></h3>
 
 <script type="text/javascript">
 //<![CDATA[
@@ -995,21 +1558,23 @@ var addExtImage = {
        align : 'alignnone',
 
        insert : function() {
-               var t = this, html, f = document.forms[0], cls, title = '', alt = '', caption = null;
+               var t = this, html, f = document.forms[0], cls, title = '', alt = '', caption = '';
 
-               if ( '' == f.src.value || '' == t.width ) return false;
+               if ( '' == f.src.value || '' == t.width )
+                       return false;
 
                if ( f.title.value ) {
-                       title = f.title.value.replace(/['"<>]+/g, '');
+                       title = f.title.value.replace(/'/g, '&#039;').replace(/"/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
                        title = ' title="'+title+'"';
                }
 
-               if ( f.alt.value ) {
-                       alt = f.alt.value.replace(/['"<>]+/g, '');
+               if ( f.alt.value )
+                       alt = f.alt.value.replace(/'/g, '&#039;').replace(/"/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+
 <?php if ( ! apply_filters( 'disable_captions', '' ) ) { ?>
-                       caption = f.alt.value.replace(/'/g, '&#39;').replace(/"/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+               if ( f.caption.value )
+                       caption = f.caption.value.replace(/'/g, '&#039;').replace(/"/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
 <?php } ?>
-               }
 
                cls = caption ? '' : ' class="'+t.align+'"';
 
@@ -1023,6 +1588,7 @@ var addExtImage = {
 
                var win = window.dialogArguments || opener || parent || top;
                win.send_to_editor(html);
+               return false;
        },
 
        resetImageData : function() {
@@ -1031,8 +1597,8 @@ var addExtImage = {
                t.width = t.height = '';
                document.getElementById('go_button').style.color = '#bbb';
                if ( ! document.forms[0].src.value )
-                       document.getElementById('status_img').src = 'images/required.gif';
-               else document.getElementById('status_img').src = 'images/no.png';
+                       document.getElementById('status_img').innerHTML = '*';
+               else document.getElementById('status_img').innerHTML = '<img src="images/no.png" alt="" />';
        },
 
        updateImageData : function() {
@@ -1041,7 +1607,7 @@ var addExtImage = {
                t.width = t.preloadImg.width;
                t.height = t.preloadImg.height;
                document.getElementById('go_button').style.color = '#333';
-               document.getElementById('status_img').src = 'images/yes.png';
+               document.getElementById('status_img').innerHTML = '<img src="images/yes.png" alt="" />';
        },
 
        getImageData : function() {
@@ -1051,7 +1617,7 @@ var addExtImage = {
                        t.resetImageData();
                        return false;
                }
-               document.getElementById('status_img').src = 'images/loading.gif';
+               document.getElementById('status_img').innerHTML = '<img src="images/wpspin_light.gif" alt="" />';
                t.preloadImg = new Image();
                t.preloadImg.onload = t.updateImageData;
                t.preloadImg.onerror = t.resetImageData;
@@ -1063,23 +1629,32 @@ var addExtImage = {
 
 <div id="media-items">
 <div class="media-item media-blank">
-<?php echo call_user_func($callback); ?>
+<?php echo apply_filters($callback, call_user_func($callback)); ?>
 </div>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
 </form>
 <?php
-       endif;
+       } else {
+               wp_die( __('Unknown action.') );
+       }
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $errors
+ */
 function media_upload_gallery_form($errors) {
-       global $redir_tab;
+       global $redir_tab, $type;
 
        $redir_tab = 'gallery';
        media_upload_header();
 
        $post_id = intval($_REQUEST['post_id']);
-       $form_action_url = admin_url("media-upload.php?type={$GLOBALS['type']}&tab=gallery&post_id=$post_id");
+       $form_action_url = admin_url("media-upload.php?type=$type&tab=gallery&post_id=$post_id");
+       $form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type);
 ?>
 
 <script type="text/javascript">
@@ -1093,30 +1668,125 @@ jQuery(function($){
 });
 -->
 </script>
-
-<form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
+<div id="sort-buttons" class="hide-if-no-js">
+<span>
+<?php _e('All Tabs:'); ?>
+<a href="#" id="showall"><?php _e('Show'); ?></a>
+<a href="#" id="hideall" style="display:none;"><?php _e('Hide'); ?></a>
+</span>
+<?php _e('Sort Order:'); ?>
+<a href="#" id="asc"><?php _e('Ascending'); ?></a> |
+<a href="#" id="desc"><?php _e('Descending'); ?></a> |
+<a href="#" id="clear"><?php echo _x('Clear', 'verb'); ?></a>
+</div>
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
 <?php wp_nonce_field('media-form'); ?>
 <?php //media_upload_form( $errors ); ?>
-<table class="widefat">
+<table class="widefat" cellspacing="0">
 <thead><tr>
 <th><?php _e('Media'); ?></th>
 <th class="order-head"><?php _e('Order'); ?></th>
+<th class="actions-head"><?php _e('Actions'); ?></th>
 </tr></thead>
 </table>
 <div id="media-items">
+<?php add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2); ?>
 <?php echo get_media_items($post_id, $errors); ?>
 </div>
+
 <p class="ml-submit">
-<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
-<input type="submit" class="button insert-gallery" name="insert-gallery" value="<?php echo attribute_escape( __( 'Insert gallery into post' ) ); ?>" />
+<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
-<input type="hidden" name="type" value="<?php echo attribute_escape( $GLOBALS['type'] ); ?>" />
-<input type="hidden" name="tab" value="<?php echo attribute_escape( $GLOBALS['tab'] ); ?>" />
+<input type="hidden" name="type" value="<?php echo esc_attr( $GLOBALS['type'] ); ?>" />
+<input type="hidden" name="tab" value="<?php echo esc_attr( $GLOBALS['tab'] ); ?>" />
 </p>
+
+<div id="gallery-settings" style="display:none;">
+<div class="title"><?php _e('Gallery Settings'); ?></div>
+<table id="basic" class="describe"><tbody>
+       <tr>
+       <th scope="row" class="label">
+               <label>
+               <span class="alignleft"><?php _e('Link thumbnails to:'); ?></span>
+               </label>
+       </th>
+       <td class="field">
+               <input type="radio" name="linkto" id="linkto-file" value="file" />
+               <label for="linkto-file" class="radio"><?php _e('Image File'); ?></label>
+
+               <input type="radio" checked="checked" name="linkto" id="linkto-post" value="post" />
+               <label for="linkto-post" class="radio"><?php _e('Attachment Page'); ?></label>
+       </td>
+       </tr>
+
+       <tr>
+       <th scope="row" class="label">
+               <label>
+               <span class="alignleft"><?php _e('Order images by:'); ?></span>
+               </label>
+       </th>
+       <td class="field">
+               <select id="orderby" name="orderby">
+                       <option value="menu_order" selected="selected"><?php _e('Menu order'); ?></option>
+                       <option value="title"><?php _e('Title'); ?></option>
+                       <option value="ID"><?php _e('Date/Time'); ?></option>
+                       <option value="rand"><?php _e('Random'); ?></option>
+               </select>
+       </td>
+       </tr>
+
+       <tr>
+       <th scope="row" class="label">
+               <label>
+               <span class="alignleft"><?php _e('Order:'); ?></span>
+               </label>
+       </th>
+       <td class="field">
+               <input type="radio" checked="checked" name="order" id="order-asc" value="asc" />
+               <label for="order-asc" class="radio"><?php _e('Ascending'); ?></label>
+
+               <input type="radio" name="order" id="order-desc" value="desc" />
+               <label for="order-desc" class="radio"><?php _e('Descending'); ?></label>
+       </td>
+       </tr>
+
+       <tr>
+       <th scope="row" class="label">
+               <label>
+               <span class="alignleft"><?php _e('Gallery columns:'); ?></span>
+               </label>
+       </th>
+       <td class="field">
+               <select id="columns" name="columns">
+                       <option value="2"><?php _e('2'); ?></option>
+                       <option value="3" selected="selected"><?php _e('3'); ?></option>
+                       <option value="4"><?php _e('4'); ?></option>
+                       <option value="5"><?php _e('5'); ?></option>
+                       <option value="6"><?php _e('6'); ?></option>
+                       <option value="7"><?php _e('7'); ?></option>
+                       <option value="8"><?php _e('8'); ?></option>
+                       <option value="9"><?php _e('9'); ?></option>
+               </select>
+       </td>
+       </tr>
+</tbody></table>
+
+<p class="ml-submit">
+<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php esc_attr_e( 'Insert gallery' ); ?>" />
+<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php esc_attr_e( 'Update gallery settings' ); ?>" />
+</p>
+</div>
 </form>
 <?php
 }
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $errors
+ */
 function media_upload_library_form($errors) {
        global $wpdb, $wp_query, $wp_locale, $type, $tab, $post_mime_types;
 
@@ -1124,9 +1794,10 @@ function media_upload_library_form($errors) {
 
        $post_id = intval($_REQUEST['post_id']);
 
-       $form_action_url = admin_url("media-upload.php?type={$GLOBALS['type']}&tab=library&post_id=$post_id");
+       $form_action_url = admin_url("media-upload.php?type=$type&tab=library&post_id=$post_id");
+       $form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type);
 
-       $_GET['paged'] = intval($_GET['paged']);
+       $_GET['paged'] = isset( $_GET['paged'] ) ? intval($_GET['paged']) : 0;
        if ( $_GET['paged'] < 1 )
                $_GET['paged'] = 1;
        $start = ( $_GET['paged'] - 1 ) * 10;
@@ -1139,16 +1810,16 @@ function media_upload_library_form($errors) {
 ?>
 
 <form id="filter" action="" method="get">
-<input type="hidden" name="type" value="<?php echo attribute_escape( $type ); ?>" />
-<input type="hidden" name="tab" value="<?php echo attribute_escape( $tab ); ?>" />
+<input type="hidden" name="type" value="<?php echo esc_attr( $type ); ?>" />
+<input type="hidden" name="tab" value="<?php echo esc_attr( $tab ); ?>" />
 <input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" />
-<input type="hidden" name="post_mime_type" value="<?php echo attribute_escape( $_GET['post_mime_type'] ); ?>" />
+<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? esc_attr( $_GET['post_mime_type'] ) : ''; ?>" />
 
-<div id="search-filter">
-       <label class="hidden" for="post-search-input"><?php _e('Search Media');?>:</label>
-       <input type="text" id="post-search-input" name="s" value="<?php the_search_query(); ?>" />
-       <input type="submit" value="<?php echo attribute_escape( __( 'Search Media' ) ); ?>" class="button" />
-</div>
+<p id="media-search" class="search-box">
+       <label class="screen-reader-text" for="media-search-input"><?php _e('Search Media');?>:</label>
+       <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
+       <input type="submit" value="<?php esc_attr_e( 'Search Media' ); ?>" class="button" />
+</p>
 
 <ul class="subsubsub">
 <?php
@@ -1157,7 +1828,10 @@ $_num_posts = (array) wp_count_attachments();
 $matches = wp_match_mime_types(array_keys($post_mime_types), array_keys($_num_posts));
 foreach ( $matches as $_type => $reals )
        foreach ( $reals as $real )
-               $num_posts[$_type] += $_num_posts[$real];
+               if ( isset($num_posts[$_type]) )
+                       $num_posts[$_type] += $_num_posts[$real];
+               else
+                       $num_posts[$_type] = $_num_posts[$real];
 // If available type specified by media button clicked, filter by that type
 if ( empty($_GET['post_mime_type']) && !empty($num_posts[$type]) ) {
        $_GET['post_mime_type'] = $type;
@@ -1165,17 +1839,19 @@ if ( empty($_GET['post_mime_type']) && !empty($num_posts[$type]) ) {
 }
 if ( empty($_GET['post_mime_type']) || $_GET['post_mime_type'] == 'all' )
        $class = ' class="current"';
-$type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>";
+else
+       $class = '';
+$type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>";
 foreach ( $post_mime_types as $mime_type => $label ) {
        $class = '';
 
        if ( !wp_match_mime_types($mime_type, $avail_post_mime_types) )
                continue;
 
-       if ( wp_match_mime_types($mime_type, $_GET['post_mime_type']) )
+       if ( isset($_GET['post_mime_type']) && wp_match_mime_types($mime_type, $_GET['post_mime_type']) )
                $class = ' class="current"';
 
-       $type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(__ngettext($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>';
+       $type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(_n($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>';
 }
 echo implode(' | </li>', $type_links) . '</li>';
 unset($type_links);
@@ -1188,6 +1864,8 @@ unset($type_links);
 $page_links = paginate_links( array(
        'base' => add_query_arg( 'paged', '%#%' ),
        'format' => '',
+       'prev_text' => __('&laquo;'),
+       'next_text' => __('&raquo;'),
        'total' => ceil($wp_query->found_posts / 10),
        'current' => $_GET['paged']
 ));
@@ -1196,7 +1874,7 @@ if ( $page_links )
        echo "<div class='tablenav-pages'>$page_links</div>";
 ?>
 
-<div class="alignleft">
+<div class="alignleft actions">
 <?php
 
 $arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_type = 'attachment' ORDER BY post_date DESC";
@@ -1214,20 +1892,20 @@ foreach ($arc_result as $arc_row) {
                continue;
        $arc_row->mmonth = zeroise( $arc_row->mmonth, 2 );
 
-       if ( $arc_row->yyear . $arc_row->mmonth == $_GET['m'] )
+       if ( isset($_GET['m']) && ( $arc_row->yyear . $arc_row->mmonth == $_GET['m'] ) )
                $default = ' selected="selected"';
        else
                $default = '';
 
-       echo "<option$default value='" . attribute_escape( $arc_row->yyear . $arc_row->mmonth ) . "'>";
-       echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
+       echo "<option$default value='" . esc_attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
+       echo esc_html( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
        echo "</option>\n";
 }
 ?>
 </select>
 <?php } ?>
 
-<input type="submit" id="post-query-submit" value="<?php echo attribute_escape( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
+<input type="submit" id="post-query-submit" value="<?php echo esc_attr( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
 
 </div>
 
@@ -1235,7 +1913,7 @@ foreach ($arc_result as $arc_row) {
 </div>
 </form>
 
-<form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form validate" id="library-form">
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="library-form">
 
 <?php wp_nonce_field('media-form'); ?>
 <?php //media_upload_form( $errors ); ?>
@@ -1253,32 +1931,50 @@ jQuery(function($){
 </script>
 
 <div id="media-items">
+<?php add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2); ?>
 <?php echo get_media_items(null, $errors); ?>
 </div>
 <p class="ml-submit">
-<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
+<input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 </p>
 </form>
 <?php
 }
 
-function type_form_image() {
-
-       if ( apply_filters( 'disable_captions', '' ) ) {
-               $alt = __('Alternate Text');
-               $alt_help = __('Alt text for the image, e.g. "The Mona Lisa"');
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
+function type_url_form_image() {
+
+       if ( !apply_filters( 'disable_captions', '' ) ) {
+               $caption = '
+               <tr>
+                       <th valign="top" scope="row" class="label">
+                               <span class="alignleft"><label for="caption">' . __('Image Caption') . '</label></span>
+                       </th>
+                       <td class="field"><input id="caption" name="caption" value="" type="text" /></td>
+               </tr>
+';
        } else {
-               $alt = __('Image Caption');
-               $alt_help = __('Also used as alternate text for the image');
+               $caption = '';
        }
 
+       $default_align = get_option('image_default_align');
+       if ( empty($default_align) )
+               $default_align = 'none';
+
        return '
+       <h4 class="media-sub-title">' . __('Insert an image from another web site') . '</h4>
        <table class="describe"><tbody>
                <tr>
-                       <th valign="top" scope="row" class="label" style="width:120px;">
-                               <span class="alignleft"><label for="src">' . __('Source') . '</label></span>
-                               <span class="alignright"><img id="status_img" src="images/required.gif" title="required" alt="required" /></span>
+                       <th valign="top" scope="row" class="label" style="width:130px;">
+                               <span class="alignleft"><label for="src">' . __('Image URL') . '</label></span>
+                               <span class="alignright"><abbr id="status_img" title="required" class="required">*</abbr></span>
                        </th>
                        <td class="field"><input id="src" name="src" value="" type="text" aria-required="true" onblur="addExtImage.getImageData()" /></td>
                </tr>
@@ -1288,34 +1984,34 @@ function type_form_image() {
                                <span class="alignleft"><label for="title">' . __('Image Title') . '</label></span>
                                <span class="alignright"><abbr title="required" class="required">*</abbr></span>
                        </th>
-                       <td class="field"><p><input id="title" name="title" value="" type="text" aria-required="true" /></p></td>
+                       <td class="field"><input id="title" name="title" value="" type="text" aria-required="true" /></td>
                </tr>
 
                <tr>
                        <th valign="top" scope="row" class="label">
-                               <span class="alignleft"><label for="alt">' . $alt . '</label></span>
+                               <span class="alignleft"><label for="alt">' . __('Alternate Text') . '</label></span>
                        </th>
                        <td class="field"><input id="alt" name="alt" value="" type="text" aria-required="true" />
-                       <p class="help">' . $alt_help . '</p></td>
+                       <p class="help">' . __('Alt text for the image, e.g. &#8220;The Mona Lisa&#8221;') . '</p></td>
                </tr>
-
+               ' . $caption . '
                <tr class="align">
                        <th valign="top" scope="row" class="label"><p><label for="align">' . __('Alignment') . '</label></p></th>
                        <td class="field">
-                               <input name="align" id="align-none" value="alignnone" onclick="addExtImage.align=this.value" type="radio" checked="checked" />
+                               <input name="align" id="align-none" value="none" onclick="addExtImage.align=\'align\'+this.value" type="radio"' . ($default_align == 'none' ? ' checked="checked"' : '').' />
                                <label for="align-none" class="align image-align-none-label">' . __('None') . '</label>
-                               <input name="align" id="align-left" value="alignleft" onclick="addExtImage.align=this.value" type="radio" />
+                               <input name="align" id="align-left" value="left" onclick="addExtImage.align=\'align\'+this.value" type="radio"' . ($default_align == 'left' ? ' checked="checked"' : '').' />
                                <label for="align-left" class="align image-align-left-label">' . __('Left') . '</label>
-                               <input name="align" id="align-center" value="aligncenter" onclick="addExtImage.align=this.value" type="radio" />
+                               <input name="align" id="align-center" value="center" onclick="addExtImage.align=\'align\'+this.value" type="radio"' . ($default_align == 'center' ? ' checked="checked"' : '').' />
                                <label for="align-center" class="align image-align-center-label">' . __('Center') . '</label>
-                               <input name="align" id="align-right" value="alignright" onclick="addExtImage.align=this.value" type="radio" />
+                               <input name="align" id="align-right" value="right" onclick="addExtImage.align=\'align\'+this.value" type="radio"' . ($default_align == 'right' ? ' checked="checked"' : '').' />
                                <label for="align-right" class="align image-align-right-label">' . __('Right') . '</label>
                        </td>
                </tr>
 
                <tr>
                        <th valign="top" scope="row" class="label">
-                               <span class="alignleft"><label for="url">' . __('Link URL') . '</label></span>
+                               <span class="alignleft"><label for="url">' . __('Link Image To:') . '</label></span>
                        </th>
                        <td class="field"><input id="url" name="url" value="" type="text" /><br />
 
@@ -1327,7 +2023,7 @@ function type_form_image() {
                <tr>
                        <td></td>
                        <td>
-                               <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . attribute_escape(__('Insert into Post')) . '" />
+                               <input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . esc_attr__('Insert into Post') . '" />
                        </td>
                </tr>
        </tbody></table>
@@ -1335,7 +2031,14 @@ function type_form_image() {
 
 }
 
-function type_form_audio() {
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
+function type_url_form_audio() {
        return '
        <table class="describe"><tbody>
                <tr>
@@ -1352,18 +2055,25 @@ function type_form_audio() {
                        </th>
                        <td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text" aria-required="true"></td>
                </tr>
-               <tr><td></td><td class="help">' . __('Link text, e.g. "Still Alive by Jonathan Coulton"') . '</td></tr>
+               <tr><td></td><td class="help">' . __('Link text, e.g. &#8220;Still Alive by Jonathan Coulton&#8221;') . '</td></tr>
                <tr>
                        <td></td>
                        <td>
-                               <input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
+                               <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
                        </td>
                </tr>
        </tbody></table>
 ';
 }
 
-function type_form_video() {
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
+function type_url_form_video() {
        return '
        <table class="describe"><tbody>
                <tr>
@@ -1380,18 +2090,25 @@ function type_form_video() {
                        </th>
                        <td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text" aria-required="true"></td>
                </tr>
-               <tr><td></td><td class="help">' . __('Link text, e.g. "Lucy on YouTube"') . '</td></tr>
+               <tr><td></td><td class="help">' . __('Link text, e.g. &#8220;Lucy on YouTube&#8220;') . '</td></tr>
                <tr>
                        <td></td>
                        <td>
-                               <input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
+                               <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
                        </td>
                </tr>
        </tbody></table>
 ';
 }
 
-function type_form_file() {
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @return unknown
+ */
+function type_url_form_file() {
        return '
        <table class="describe"><tbody>
                <tr>
@@ -1408,60 +2125,83 @@ function type_form_file() {
                        </th>
                        <td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text" aria-required="true"></td>
                </tr>
-               <tr><td></td><td class="help">' . __('Link text, e.g. "Ransom Demands (PDF)"') . '</td></tr>
+               <tr><td></td><td class="help">' . __('Link text, e.g. &#8220;Ransom Demands (PDF)&#8221;') . '</td></tr>
                <tr>
                        <td></td>
                        <td>
-                               <input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
+                               <input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
                        </td>
                </tr>
        </tbody></table>
 ';
 }
 
-// support a GET parameter for disabling the flash uploader
+/**
+ * {@internal Missing Short Description}}
+ *
+ * Support a GET parameter for disabling the flash uploader.
+ *
+ * @since unknown
+ *
+ * @param unknown_type $flash
+ * @return unknown
+ */
 function media_upload_use_flash($flash) {
-        if ( array_key_exists('flash', $_REQUEST) )
-                $flash = !empty($_REQUEST['flash']);
-        return $flash;
+       if ( array_key_exists('flash', $_REQUEST) )
+               $flash = !empty($_REQUEST['flash']);
+       return $flash;
 }
 
 add_filter('flash_uploader', 'media_upload_use_flash');
 
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ */
 function media_upload_flash_bypass() {
-        echo '<p class="upload-flash-bypass">';
-        printf( __('You are using the Flash uploader.  Problems?  Try the <a href="%s">Browser uploader</a> instead.'), clean_url(add_query_arg('flash', 0)) );
-        echo '</p>';
+       echo '<p class="upload-flash-bypass">';
+       printf( __('You are using the Flash uploader.  Problems?  Try the <a href="%s">Browser uploader</a> instead.'), esc_url(add_query_arg('flash', 0)) );
+       echo '</p>';
 }
 
-add_action('post-flash-upload-ui', 'media_upload_flash_bypass');
-
-function media_upload_html_bypass() {
-        echo '<p class="upload-html-bypass">';
-        if ( array_key_exists('flash', $_REQUEST) )
-                // the user manually selected the browser uploader, so let them switch back to Flash
-                printf( __('You are using the Browser uploader.  Try the <a href="%s">Flash uploader</a> instead.'), clean_url(add_query_arg('flash', 1)) );
-        else
-                // the user probably doesn't have Flash
-                printf( __('You are using the Browser uploader.') );
-
-        echo '</p>';
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ */
+function media_upload_html_bypass($flash = true) {
+       echo '<p class="upload-html-bypass">';
+       _e('You are using the Browser uploader.');
+       if ( $flash ) {
+               // the user manually selected the browser uploader, so let them switch back to Flash
+               echo ' ';
+               printf( __('Try the <a href="%s">Flash uploader</a> instead.'), esc_url(add_query_arg('flash', 1)) );
+       }
+       echo "</p>\n";
 }
 
 add_action('post-flash-upload-ui', 'media_upload_flash_bypass');
 add_action('post-html-upload-ui', 'media_upload_html_bypass');
 
-// make sure the GET parameter sticks when we submit a form
+/**
+ * {@internal Missing Short Description}}
+ *
+ * Make sure the GET parameter sticks when we submit a form.
+ *
+ * @since unknown
+ *
+ * @param unknown_type $url
+ * @return unknown
+ */
 function media_upload_bypass_url($url) {
-        if ( array_key_exists('flash', $_REQUEST) )
-                $url = add_query_arg('flash', intval($_REQUEST['flash']));
-        return $url;
+       if ( array_key_exists('flash', $_REQUEST) )
+               $url = add_query_arg('flash', intval($_REQUEST['flash']));
+       return $url;
 }
 
 add_filter('media_upload_form_url', 'media_upload_bypass_url');
 
-
-
 add_filter('async_upload_image', 'get_media_item', 10, 2);
 add_filter('async_upload_audio', 'get_media_item', 10, 2);
 add_filter('async_upload_video', 'get_media_item', 10, 2);
@@ -1476,4 +2216,3 @@ add_filter('media_upload_gallery', 'media_upload_gallery');
 
 add_filter('media_upload_library', 'media_upload_library');
 
-?>