From b137f4ce021b4022c56f452c2eafa7abfcef0a7c Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <ezyang@mit.edu>
Date: Sun, 17 Jul 2011 09:11:59 -0400
Subject: [PATCH 1/1] Wordpress 3.1.4

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---
 readme.html                                   |  2 +-
 wp-admin/custom-header.php                    |  3 +-
 wp-admin/includes/deprecated.php              |  4 +-
 wp-admin/includes/media.php                   | 13 +++++
 wp-admin/includes/post.php                    | 25 ++++++++-
 wp-admin/includes/update-core.php             |  2 +-
 wp-admin/js/user-profile.dev.js               | 56 ++++++++++---------
 wp-admin/js/user-profile.js                   |  2 +-
 wp-admin/options-general.php                  |  2 +-
 .../themes/twentyten/languages/twentyten.pot  | 12 +++-
 wp-includes/bookmark.php                      | 20 +++++--
 wp-includes/formatting.php                    | 16 +++++-
 wp-includes/post.php                          | 42 ++++++++++++++
 wp-includes/query.php                         | 16 ++++--
 wp-includes/script-loader.php                 |  2 +-
 wp-includes/taxonomy.php                      |  6 ++
 wp-includes/version.php                       |  2 +-
 wp-includes/wp-db.php                         |  1 +
 wp-settings.php                               |  2 +-
 19 files changed, 175 insertions(+), 53 deletions(-)

diff --git a/readme.html b/readme.html
index 0939107c..4b4f36ce 100644
--- a/readme.html
+++ b/readme.html
@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo">
 	<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" width="250" height="68" /></a>
-	<br /> Version 3.1.3
+	<br /> Version 3.1.4
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
diff --git a/wp-admin/custom-header.php b/wp-admin/custom-header.php
index bf5f4157..cdd58fa9 100644
--- a/wp-admin/custom-header.php
+++ b/wp-admin/custom-header.php
@@ -596,7 +596,8 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>
 		'post_content' => $url,
 		'post_mime_type' => $type,
 		'guid' => $url,
-		'context' => 'custom-header');
+		'context' => 'custom-header'
+		);
 
 		// Save the data
 		$id = wp_insert_attachment($object, $file);
diff --git a/wp-admin/includes/deprecated.php b/wp-admin/includes/deprecated.php
index b91c64fc..a318f0ee 100644
--- a/wp-admin/includes/deprecated.php
+++ b/wp-admin/includes/deprecated.php
@@ -454,7 +454,7 @@ class WP_User_Search {
 	function WP_User_Search ($search_term = '', $page = '', $role = '') {
 		_deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' );
 
-		$this->search_term = $search_term;
+		$this->search_term = stripslashes( $search_term );
 		$this->raw_page = ( '' == $page ) ? false : (int) $page;
 		$this->page = (int) ( '' == $page ) ? 1 : $page;
 		$this->role = $role;
@@ -485,7 +485,7 @@ class WP_User_Search {
 			$searches = array();
 			$search_sql = 'AND (';
 			foreach ( array('user_login', 'user_nicename', 'user_email', 'user_url', 'display_name') as $col )
-				$searches[] = $col . " LIKE '%$this->search_term%'";
+				$searches[] = $wpdb->prepare( $col . ' LIKE %s', '%' . like_escape($this->search_term) . '%' );
 			$search_sql .= implode(' OR ', $searches);
 			$search_sql .= ')';
 		}
diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index 7e27ded1..99deac5a 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -228,6 +228,10 @@ function media_handle_upload($file_id, $post_id, $post_data = array(), $override
 		'post_content' => $content,
 	), $post_data );
 
+	// This should never be set as it would then overwrite an existing attachment.
+	if ( isset( $attachment['ID'] ) )
+		unset( $attachment['ID'] );
+
 	// Save the data
 	$id = wp_insert_attachment($attachment, $file, $post_id);
 	if ( !is_wp_error($id) ) {
@@ -281,6 +285,10 @@ function media_handle_sideload($file_array, $post_id, $desc = null, $post_data =
 		'post_content' => $content,
 	), $post_data );
 
+	// This should never be set as it would then overwrite an existing attachment.
+	if ( isset( $attachment['ID'] ) )
+		unset( $attachment['ID'] );
+
 	// Save the attachment metadata
 	$id = wp_insert_attachment($attachment, $file, $post_id);
 	if ( !is_wp_error($id) )
@@ -419,6 +427,11 @@ function media_upload_form_handler() {
 
 	if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
 		$post = $_post = get_post($attachment_id, ARRAY_A);
+		$post_type_object = get_post_type_object( $post[ 'post_type' ] );
+
+		if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
+			continue;
+
 		if ( isset($attachment['post_content']) )
 			$post['post_content'] = $attachment['post_content'];
 		if ( isset($attachment['post_title']) )
diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php
index bb6f469f..3f4d6f11 100644
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -135,6 +135,9 @@ function edit_post( $post_data = null ) {
 	if ( empty($post_data) )
 		$post_data = &$_POST;
 
+	// Clear out any data in internal vars.
+	unset( $post_data['filter'] );
+
 	$post_ID = (int) $post_data['post_ID'];
 	$post = get_post( $post_ID );
 	$post_data['post_type'] = $post->post_type;
@@ -341,7 +344,8 @@ function bulk_edit_posts( $post_data = null ) {
 			continue;
 		}
 
-		$tax_names = get_object_taxonomies( get_post($post_ID) );
+		$post = get_post( $post_ID );
+		$tax_names = get_object_taxonomies( $post );
 		foreach ( $tax_names as $tax_name ) {
 			$taxonomy_obj = get_taxonomy($tax_name);
 			if (  isset( $tax_input[$tax_name]) && current_user_can( $taxonomy_obj->cap->assign_terms ) )
@@ -363,6 +367,9 @@ function bulk_edit_posts( $post_data = null ) {
 			unset( $post_data['tax_input']['category'] );
 		}
 
+		$post_data['post_mime_type'] = $post->post_mime_type;
+		$post_data['guid'] = $post->guid;
+
 		$post_data['ID'] = $post_ID;
 		$updated[] = wp_update_post( $post_data );
 
@@ -534,6 +541,9 @@ function wp_write_post() {
 
 	$_POST['post_mime_type'] = '';
 
+	// Clear out any data in internal vars.
+	unset( $_POST['filter'] );
+
 	// Check for autosave collisions
 	// Does this need to be updated? ~ Mark
 	$temp_id = false;
@@ -553,6 +563,15 @@ function wp_write_post() {
 		}
 	}
 
+	// Edit don't write if we have a post id.
+	if ( isset( $_POST['ID'] ) ) {
+		$_POST['post_ID'] = $_POST['ID'];
+		unset ( $_POST['ID'] );
+	}
+	if ( isset( $_POST['post_ID'] ) ) {
+		return edit_post();
+	}
+
 	$translated = _wp_translate_postdata( false );
 	if ( is_wp_error($translated) )
 		return $translated;
@@ -997,9 +1016,9 @@ function wp_edit_attachments_query( $q = false ) {
 	$q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0;
 	$q['post_type'] = 'attachment';
 	$post_type = get_post_type_object( 'attachment' );
-	$states = array( 'inherit' );
+	$states = 'inherit';
 	if ( current_user_can( $post_type->cap->read_private_posts ) )
-		$states[] = 'private';
+		$states .= ',private';
 
 	$q['post_status'] = isset( $q['status'] ) && 'trash' == $q['status'] ? 'trash' : $states;
 	$media_per_page = (int) get_user_option( 'upload_per_page' );
diff --git a/wp-admin/includes/update-core.php b/wp-admin/includes/update-core.php
index 0673363b..6fceb8bd 100644
--- a/wp-admin/includes/update-core.php
+++ b/wp-admin/includes/update-core.php
@@ -294,7 +294,7 @@ function update_core($from, $to) {
 	$mysql_version  = $wpdb->db_version();
 	$required_php_version = '4.3';
 	$required_mysql_version = '4.1.2';
-	$wp_version = '3.1.3';
+	$wp_version = '3.1.4';
 	$php_compat     = version_compare( $php_version, $required_php_version, '>=' );
 	$mysql_compat   = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
 
diff --git a/wp-admin/js/user-profile.dev.js b/wp-admin/js/user-profile.dev.js
index 4a2f39d6..adffa951 100644
--- a/wp-admin/js/user-profile.dev.js
+++ b/wp-admin/js/user-profile.dev.js
@@ -29,37 +29,39 @@
 		}
 	}
 
-	$(document).ready( function() {
+	$(document).ready(function() {
 		$('#pass1').val('').keyup( check_pass_strength );
 		$('#pass2').val('').keyup( check_pass_strength );
 		$('#pass-strength-result').show();
-		$('.color-palette').click(function(){$(this).siblings('input[name=admin_color]').attr('checked', 'checked')});
-		$('#nickname').blur(function(){
-			var str = $(this).val() || $('#user_login').val();
-			var select = $('#display_name');
-			var sel = select.children('option:selected').attr('id');
-			select.children('#display_nickname').remove();
-			if ( ! select.children('option[value=' + str + ']').length )
-				select.append('<option id="display_nickname" value="' + str + '">' + str + '</option>');
-			$('#'+sel).attr('selected', 'selected');
-		});
-		$('#first_name, #last_name').blur(function(){
-			var select = $('#display_name');
-			var first = $('#first_name').val(), last = $('#last_name').val();
-			var sel = select.children('option:selected').attr('id');
-			$('#display_firstname, #display_lastname, #display_firstlast, #display_lastfirst').remove();
-			if ( first && ! select.children('option[value=' + first + ']').length )
-				select.append('<option id="display_firstname" value="' + first + '">' + first + '</option>');
-			if ( last && ! select.children('option[value=' + last + ']').length )
-				select.append('<option id="display_lastname" value="' + last + '">' + last + '</option>');
-			if ( first && last ) {
-				if ( ! select.children('option[value=' + first + ' ' + last + ']').length )
-					select.append('<option id="display_firstlast" value="' + first + ' ' + last + '">' + first + ' ' + last + '</option>');
-				if ( ! select.children('option[value=' + last + ' ' + first + ']').length )
-					select.append('<option id="display_lastfirst" value="' + last + ' ' + first + '">' + last + ' ' + first + '</option>');
+		$('.color-palette').click(function(){$(this).siblings('input[name="admin_color"]').prop('checked', true)});
+		$('#first_name, #last_name, #nickname').blur(function(){
+			var select = $('#display_name'), current = select.find('option:selected').attr('id'), dub = [],
+				inputs = {
+					display_nickname : $('#nickname').val(),
+					display_username : $('#user_login').val(),
+					display_firstname : $('#first_name').val(),
+					display_lastname : $('#last_name').val()
+				};
+
+			if ( inputs.display_firstname && inputs.display_lastname ) {
+				inputs['display_firstlast'] = inputs.display_firstname + ' ' + inputs.display_lastname;
+				inputs['display_lastfirst'] = inputs.display_lastname + ' ' + inputs.display_firstname;
 			}
-			$('#'+sel).attr('selected', 'selected');
+
+			$('option', select).remove();
+			$.each(inputs, function( id, value ) {
+				var val = value.replace(/<\/?[a-z][^>]*>/gi, ''); 
+
+				if ( inputs[id].length && $.inArray( val, dub ) == -1 ) {
+					dub.push(val);
+					$('<option />', {
+					  	'id': id,
+						'text': val,
+						'selected': (id == current)
+					}).appendTo( select );
+				}
+			});
 		});
-    });
+	});
 
 })(jQuery);
diff --git a/wp-admin/js/user-profile.js b/wp-admin/js/user-profile.js
index e04139a1..9f36f78f 100644
--- a/wp-admin/js/user-profile.js
+++ b/wp-admin/js/user-profile.js
@@ -1 +1 @@
-(function(a){function b(){var e=a("#pass1").val(),d=a("#user_login").val(),c=a("#pass2").val(),f;a("#pass-strength-result").removeClass("short bad good strong");if(!e){a("#pass-strength-result").html(pwsL10n.empty);return}f=passwordStrength(e,d,c);switch(f){case 2:a("#pass-strength-result").addClass("bad").html(pwsL10n.bad);break;case 3:a("#pass-strength-result").addClass("good").html(pwsL10n.good);break;case 4:a("#pass-strength-result").addClass("strong").html(pwsL10n.strong);break;case 5:a("#pass-strength-result").addClass("short").html(pwsL10n.mismatch);break;default:a("#pass-strength-result").addClass("short").html(pwsL10n["short"])}}a(document).ready(function(){a("#pass1").val("").keyup(b);a("#pass2").val("").keyup(b);a("#pass-strength-result").show();a(".color-palette").click(function(){a(this).siblings("input[name=admin_color]").attr("checked","checked")});a("#nickname").blur(function(){var e=a(this).val()||a("#user_login").val();var c=a("#display_name");var d=c.children("option:selected").attr("id");c.children("#display_nickname").remove();if(!c.children("option[value="+e+"]").length){c.append('<option id="display_nickname" value="'+e+'">'+e+"</option>")}a("#"+d).attr("selected","selected")});a("#first_name, #last_name").blur(function(){var c=a("#display_name");var f=a("#first_name").val(),d=a("#last_name").val();var e=c.children("option:selected").attr("id");a("#display_firstname, #display_lastname, #display_firstlast, #display_lastfirst").remove();if(f&&!c.children("option[value="+f+"]").length){c.append('<option id="display_firstname" value="'+f+'">'+f+"</option>")}if(d&&!c.children("option[value="+d+"]").length){c.append('<option id="display_lastname" value="'+d+'">'+d+"</option>")}if(f&&d){if(!c.children("option[value="+f+" "+d+"]").length){c.append('<option id="display_firstlast" value="'+f+" "+d+'">'+f+" "+d+"</option>")}if(!c.children("option[value="+d+" "+f+"]").length){c.append('<option id="display_lastfirst" value="'+d+" "+f+'">'+d+" "+f+"</option>")}}a("#"+e).attr("selected","selected")})})})(jQuery);
\ No newline at end of file
+(function(a){function b(){var e=a("#pass1").val(),d=a("#user_login").val(),c=a("#pass2").val(),f;a("#pass-strength-result").removeClass("short bad good strong");if(!e){a("#pass-strength-result").html(pwsL10n.empty);return}f=passwordStrength(e,d,c);switch(f){case 2:a("#pass-strength-result").addClass("bad").html(pwsL10n.bad);break;case 3:a("#pass-strength-result").addClass("good").html(pwsL10n.good);break;case 4:a("#pass-strength-result").addClass("strong").html(pwsL10n.strong);break;case 5:a("#pass-strength-result").addClass("short").html(pwsL10n.mismatch);break;default:a("#pass-strength-result").addClass("short").html(pwsL10n["short"])}}a(document).ready(function(){a("#pass1").val("").keyup(b);a("#pass2").val("").keyup(b);a("#pass-strength-result").show();a(".color-palette").click(function(){a(this).siblings('input[name="admin_color"]').prop("checked",true)});a("#first_name, #last_name, #nickname").blur(function(){var c=a("#display_name"),e=c.find("option:selected").attr("id"),f=[],d={display_nickname:a("#nickname").val(),display_username:a("#user_login").val(),display_firstname:a("#first_name").val(),display_lastname:a("#last_name").val()};if(d.display_firstname&&d.display_lastname){d.display_firstlast=d.display_firstname+" "+d.display_lastname;d.display_lastfirst=d.display_lastname+" "+d.display_firstname}a("option",c).remove();a.each(d,function(i,g){var h=g.replace(/<\/?[a-z][^>]*>/gi,"");if(d[i].length&&a.inArray(h,f)==-1){f.push(h);a("<option />",{id:i,text:h,selected:(i==e)}).appendTo(c)}})})})})(jQuery);
\ No newline at end of file
diff --git a/wp-admin/options-general.php b/wp-admin/options-general.php
index 57a1b149..83679901 100644
--- a/wp-admin/options-general.php
+++ b/wp-admin/options-general.php
@@ -127,7 +127,7 @@ include('./admin-header.php');
 $new_admin_email = get_option( 'new_admin_email' );
 if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?>
 <div class="updated inline">
-<p><?php printf( __('There is a pending change of the admin e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_admin_email, esc_url( admin_url( 'options.php?dismiss=new_admin_email' ) ) ); ?></p>
+<p><?php printf( __('There is a pending change of the admin e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), esc_html( $new_admin_email ), esc_url( admin_url( 'options.php?dismiss=new_admin_email' ) ) ); ?></p>
 </div>
 <?php endif; ?>
 </td>
diff --git a/wp-content/themes/twentyten/languages/twentyten.pot b/wp-content/themes/twentyten/languages/twentyten.pot
index 33093f45..98db9df1 100644
--- a/wp-content/themes/twentyten/languages/twentyten.pot
+++ b/wp-content/themes/twentyten/languages/twentyten.pot
@@ -4,7 +4,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Twenty Ten 1.2\n"
 "Report-Msgid-Bugs-To: http://wordpress.org/tag/twentyten\n"
-"POT-Creation-Date: 2011-02-22 08:27:35+00:00\n"
+"POT-Creation-Date: 2011-06-13 13:27:47+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -16,6 +16,7 @@ msgstr ""
 msgid "Return to %s"
 msgstr ""
 
+#. translators: %s - title of parent post
 #: loop-attachment.php:23
 msgid "<span class=\"meta-nav\">&larr;</span> %s"
 msgstr ""
@@ -186,34 +187,42 @@ msgstr ""
 msgid "Primary Navigation"
 msgstr ""
 
+#. translators: header image description
 #: functions.php:140
 msgid "Berries"
 msgstr ""
 
+#. translators: header image description
 #: functions.php:146
 msgid "Cherry Blossoms"
 msgstr ""
 
+#. translators: header image description
 #: functions.php:152
 msgid "Concave"
 msgstr ""
 
+#. translators: header image description
 #: functions.php:158
 msgid "Fern"
 msgstr ""
 
+#. translators: header image description
 #: functions.php:164
 msgid "Forest Floor"
 msgstr ""
 
+#. translators: header image description
 #: functions.php:170
 msgid "Inkwell"
 msgstr ""
 
+#. translators: header image description
 #: functions.php:176
 msgid "Path"
 msgstr ""
 
+#. translators: header image description
 #: functions.php:182
 msgid "Sunset"
 msgstr ""
@@ -226,6 +235,7 @@ msgstr ""
 msgid "Your comment is awaiting moderation."
 msgstr ""
 
+#. translators: 1: date, 2: time
 #: functions.php:340
 msgid "%1$s at %2$s"
 msgstr ""
diff --git a/wp-includes/bookmark.php b/wp-includes/bookmark.php
index 8b0fe487..e1184231 100644
--- a/wp-includes/bookmark.php
+++ b/wp-includes/bookmark.php
@@ -213,22 +213,32 @@ function get_bookmarks($args = '') {
 
 	$orderby = strtolower($orderby);
 	$length = '';
-	switch ($orderby) {
+	switch ( $orderby ) {
 		case 'length':
 			$length = ", CHAR_LENGTH(link_name) AS length";
 			break;
 		case 'rand':
 			$orderby = 'rand()';
 			break;
+		case 'link_id':
+			$orderby = "$wpdb->links.link_id";
+			break;
 		default:
 			$orderparams = array();
-			foreach ( explode(',', $orderby) as $ordparam )
-				$orderparams[] = 'link_' . trim($ordparam);
+			foreach ( explode(',', $orderby) as $ordparam ) {
+				$ordparam = trim($ordparam);
+				if ( in_array( $ordparam, array( 'name', 'url', 'visible', 'rating', 'owner', 'updated' ) ) )
+					$orderparams[] = 'link_' . $ordparam;
+			}
 			$orderby = implode(',', $orderparams);
 	}
 
-	if ( 'link_id' == $orderby )
-		$orderby = "$wpdb->links.link_id";
+	if ( empty( $orderby ) )
+		$orderby = 'link_name';
+
+	$order = strtoupper( $order );
+	if ( '' !== $order && !in_array( $order, array( 'ASC', 'DESC' ) ) )
+		$order = 'ASC';
 
 	$visible = '';
 	if ( $hide_invisible )
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 6c53f863..92aae26d 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -2440,7 +2440,14 @@ function sanitize_option($option, $value) {
 					add_settings_error('admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));
 			}
 			break;
-
+		case 'new_admin_email':
+			$value = sanitize_email($value);
+			if ( !is_email($value) ) {
+				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
+				if ( function_exists('add_settings_error') )
+					add_settings_error('new_admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));
+			}
+			break;
 		case 'thumbnail_size_w':
 		case 'thumbnail_size_h':
 		case 'medium_size_w':
@@ -2534,6 +2541,11 @@ function sanitize_option($option, $value) {
 					add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.'));
 			}
 			break;
+		case 'WPLANG':
+			$allowed = get_available_languages();
+			if ( ! in_array( $value, $allowed ) && ! empty( $value ) )
+				$value = get_option( $option );
+			break;
 
 		default :
 			$value = apply_filters("sanitize_option_{$option}", $value, $option);
@@ -2912,7 +2924,7 @@ function capital_P_dangit( $text ) {
  * @return string Sanitized mime type
  */
 function sanitize_mime_type( $mime_type ) {
-	$sani_mime_type = preg_replace( '/[^-*.a-zA-Z0-9\/]/', '', $mime_type );
+	$sani_mime_type = preg_replace( '/[^-+*.a-zA-Z0-9\/]/', '', $mime_type );
 	return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type );
 }
 
diff --git a/wp-includes/post.php b/wp-includes/post.php
index d859473b..b28a415c 100644
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -2410,6 +2410,9 @@ function wp_insert_post($postarr, $wp_error = false) {
 		'post_content' => '', 'post_title' => '');
 
 	$postarr = wp_parse_args($postarr, $defaults);
+
+	unset( $postarr[ 'filter' ] );
+
 	$postarr = sanitize_post($postarr, 'db');
 
 	// export array as variables
@@ -3421,6 +3424,43 @@ function &get_pages($args = '') {
 
 	$where_post_type = $wpdb->prepare( "post_type = '%s' AND post_status = '%s'", $post_type, $post_status );
 
+	$orderby_array = array();
+	$allowed_keys = array('author', 'post_author', 'date', 'post_date', 'title', 'post_title', 'modified',
+						  'post_modified', 'modified_gmt', 'post_modified_gmt', 'menu_order', 'parent', 'post_parent',
+						  'ID', 'rand', 'comment_count');
+	foreach ( explode( ',', $sort_column ) as $orderby ) {
+		$orderby = trim( $orderby );
+		if ( !in_array( $orderby, $allowed_keys ) )
+			continue;
+
+		switch ( $orderby ) {
+			case 'menu_order':
+				break;
+			case 'ID':
+				$orderby = "$wpdb->posts.ID";
+				break;
+			case 'rand':
+				$orderby = 'RAND()';
+				break;
+			case 'comment_count':
+				$orderby = "$wpdb->posts.comment_count";
+				break;
+			default:
+				if ( 0 === strpos( $orderby, 'post_' ) )
+					$orderby = "$wpdb->posts." . $orderby;
+				else
+					$orderby = "$wpdb->posts.post_" . $orderby;
+		}
+
+		$orderby_array[] = $orderby;
+
+	}
+	$sort_column = ! empty( $orderby_array ) ? implode( ',', $orderby_array ) : "$wpdb->posts.post_title";
+
+	$sort_order = strtoupper( $sort_order );
+	if ( '' !== $sort_order && !in_array( $sort_order, array( 'ASC', 'DESC' ) ) )
+		$sort_order = 'ASC';
+
 	$query = "SELECT * FROM $wpdb->posts $join WHERE ($where_post_type) $where ";
 	$query .= $author_query;
 	$query .= " ORDER BY " . $sort_column . " " . $sort_order ;
@@ -3547,6 +3587,8 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
 	if ( !empty($parent) )
 		$object['post_parent'] = $parent;
 
+	unset( $object[ 'filter' ] );
+
 	$object = sanitize_post($object, 'db');
 
 	// export array as variables
diff --git a/wp-includes/query.php b/wp-includes/query.php
index 14942d94..6c0bd38d 100644
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@@ -1625,8 +1625,12 @@ class WP_Query {
 				$qv['post_type'] = sanitize_key($qv['post_type']);
 		}
 
-		if ( !empty($qv['post_status']) )
-			$qv['post_status'] = preg_replace('|[^a-z0-9_,-]|', '', $qv['post_status']);
+		if ( ! empty( $qv['post_status'] ) ) {
+			if ( is_array( $qv['post_status'] ) )
+				$qv['post_status'] = array_map('sanitize_key', $qv['post_status']);
+			else
+				$qv['post_status'] = preg_replace('|[^a-z0-9_,-]|', '', $qv['post_status']);
+		}
 
 		if ( $this->is_posts_page && ( ! isset($qv['withcomments']) || ! $qv['withcomments'] ) )
 			$this->is_comment_feed = false;
@@ -2385,13 +2389,15 @@ class WP_Query {
 			$read_private_cap = 'read_private_' . $post_type_cap . 's';
 		}
 
-		if ( isset($q['post_status']) && '' != $q['post_status'] ) {
+		if ( ! empty( $q['post_status'] ) ) {
 			$statuswheres = array();
-			$q_status = explode(',', $q['post_status']);
+			$q_status = $q['post_status'];
+			if ( ! is_array( $q_status ) )
+				$q_status = explode(',', $q_status);
 			$r_status = array();
 			$p_status = array();
 			$e_status = array();
-			if ( $q['post_status'] == 'any' ) {
+			if ( in_array('any', $q_status) ) {
 				foreach ( get_post_stati( array('exclude_from_search' => true) ) as $status )
 					$e_status[] = "$wpdb->posts.post_status <> '$status'";
 			} else {
diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php
index 87c4393c..ecb35394 100644
--- a/wp-includes/script-loader.php
+++ b/wp-includes/script-loader.php
@@ -259,7 +259,7 @@ function wp_default_scripts( &$scripts ) {
 		'l10n_print_after' => 'try{convertEntities(pwsL10n);}catch(e){};'
 	) );
 
-	$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter' ), '20110113' );
+	$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter' ), '20110628' );
 	$scripts->add_data( 'user-profile', 'group', 1 );
 
 	$scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", false, '20110131' );
diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php
index d9ae2d5a..9e9d24ae 100644
--- a/wp-includes/taxonomy.php
+++ b/wp-includes/taxonomy.php
@@ -1194,6 +1194,8 @@ function &get_terms($taxonomies, $args = '') {
 		$orderby = '';
 	elseif ( empty($_orderby) || 'id' == $_orderby )
 		$orderby = 't.term_id';
+	else
+		$orderby = 't.name';
 
 	$orderby = apply_filters( 'get_terms_orderby', $orderby, $args );
 
@@ -1202,6 +1204,10 @@ function &get_terms($taxonomies, $args = '') {
 	else
 		$order = '';
 
+	$order = strtoupper( $order );
+	if ( '' !== $order && !in_array( $order, array( 'ASC', 'DESC' ) ) )
+		$order = 'ASC';
+
 	$where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";
 	$inclusions = '';
 	if ( !empty($include) ) {
diff --git a/wp-includes/version.php b/wp-includes/version.php
index aefcfeb2..c0e30f1a 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -22,7 +22,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  *
  * @global string $wp_version
  */
-$wp_version = '3.1.3';
+$wp_version = '3.1.4';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php
index d9e70865..a90c2814 100644
--- a/wp-includes/wp-db.php
+++ b/wp-includes/wp-db.php
@@ -644,6 +644,7 @@ class wpdb {
 		if ( is_multisite() ) {
 			if ( null === $blog_id )
 				$blog_id = $this->blogid;
+			$blog_id = (int) $blog_id;
 			if ( defined( 'MULTISITE' ) && ( 0 == $blog_id || 1 == $blog_id ) )
 				return $this->base_prefix;
 			else
diff --git a/wp-settings.php b/wp-settings.php
index 2cd12c1c..77fc4614 100644
--- a/wp-settings.php
+++ b/wp-settings.php
@@ -258,7 +258,7 @@ load_default_textdomain();
 // Find the blog locale.
 $locale = get_locale();
 $locale_file = WP_LANG_DIR . "/$locale.php";
-if ( is_readable( $locale_file ) )
+if ( ( 0 === validate_file( $locale ) ) && is_readable( $locale_file ) )
 	require( $locale_file );
 unset($locale_file);
 
-- 
2.44.0