From 5a76c0320311af7292e3eaede18a22f35bf35255 Mon Sep 17 00:00:00 2001
From: markjaquith <markjaquith@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 21 Dec 2006 10:10:04 +0000
Subject: [PATCH] new function for escaping within attributes:
 attribute_escape()

git-svn-id: http://svn.automattic.com/wordpress/trunk@4656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/admin-ajax.php                      |  6 +--
 wp-admin/admin-functions.php                 | 48 ++++++++++----------
 wp-admin/bookmarklet.php                     |  2 +-
 wp-admin/edit-category-form.php              |  6 +--
 wp-admin/edit-comments.php                   |  4 +-
 wp-admin/edit-form-advanced.php              |  4 +-
 wp-admin/edit-link-form.php                  |  2 +-
 wp-admin/edit-page-form.php                  |  4 +-
 wp-admin/edit-pages.php                      |  2 +-
 wp-admin/edit.php                            |  2 +-
 wp-admin/link-manager.php                    |  6 +--
 wp-admin/options-misc.php                    |  2 +-
 wp-admin/options-permalink.php               |  4 +-
 wp-admin/options.php                         |  2 +-
 wp-admin/page.php                            |  2 +-
 wp-admin/post.php                            |  2 +-
 wp-admin/templates.php                       |  2 +-
 wp-admin/theme-editor.php                    |  2 +-
 wp-admin/upgrade.php                         |  4 +-
 wp-admin/upload-functions.php                | 10 ++--
 wp-admin/upload-js.php                       | 44 +++++++++---------
 wp-admin/upload.php                          |  2 +-
 wp-admin/user-edit.php                       |  2 +-
 wp-admin/users.php                           |  8 ++--
 wp-content/themes/classic/comments-popup.php |  2 +-
 wp-content/themes/default/comments-popup.php |  2 +-
 wp-includes/author-template.php              |  4 +-
 wp-includes/bookmark-template.php            |  8 ++--
 wp-includes/classes.php                      |  6 +--
 wp-includes/comment-template.php             |  2 +-
 wp-includes/comment.php                      |  6 +--
 wp-includes/formatting.php                   |  5 ++
 wp-includes/functions.php                    | 10 ++--
 wp-includes/general-template.php             | 10 ++--
 wp-includes/post-template.php                |  6 +--
 wp-links-opml.php                            |  4 +-
 wp-login.php                                 | 12 ++---
 37 files changed, 126 insertions(+), 123 deletions(-)
diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index 67fe5a9979..ecd13bbd78 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -13,9 +13,9 @@ function get_out_now() { exit; }
 add_action( 'shutdown', 'get_out_now', -1 );
 
 function wp_ajax_meta_row( $pid, $mid, $key, $value ) {
-	$value = wp_specialchars($value, true);
+	$value = attribute_escape($value);
 	$key_js = addslashes(wp_specialchars($key, 'double'));
-	$key = wp_specialchars($key, true);
+	$key = attribute_escape($key);
 	$r .= "<tr id='meta-$mid'><td valign='top'>";
 	$r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater(&#039;meta&#039;,&#039;meta-$mid&#039;);\",event);' type='text' size='20' value='$key' />";
 	$r .= "</td><td><textarea name='meta[$mid][value]' tabindex='6' rows='2' cols='30'>$value</textarea></td><td align='center'>";
@@ -141,7 +141,7 @@ case 'add-cat' : // From Manage->Categories
 		$cat_full_name = $_cat->cat_name . ' &#8212; ' . $cat_full_name;
 		$level++;
 	}
-	$cat_full_name = wp_specialchars( $cat_full_name, 1 );
+	$cat_full_name = attribute_escape( $cat_full_name);
 
 	$x = new WP_Ajax_Response( array(
 		'what' => 'cat',
diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php
index a50675029d..6a2f6ee32e 100644
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@@ -323,7 +323,7 @@ function get_default_post_to_edit() {
 	else if ( !empty( $post_title ) ) {
 		$text       = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
 		$text       = funky_javascript_fix( $text);
-		$popupurl   = wp_specialchars( $_REQUEST['popupurl'] );
+		$popupurl   = attribute_escape($_REQUEST['popupurl']);
         $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
     }
 
@@ -380,16 +380,16 @@ function wp_dropdown_roles( $default = false ) {
 
 function get_user_to_edit( $user_id ) {
 	$user = new WP_User( $user_id );
-	$user->user_login = wp_specialchars( $user->user_login, 1 );
-	$user->user_email = wp_specialchars( $user->user_email, 1 );
-	$user->user_url = wp_specialchars( $user->user_url, 1 );
-	$user->first_name = wp_specialchars( $user->first_name, 1 );
-	$user->last_name = wp_specialchars( $user->last_name, 1 );
-	$user->display_name = wp_specialchars( $user->display_name, 1 );
-	$user->nickname = wp_specialchars( $user->nickname, 1 );
-	$user->aim = wp_specialchars( $user->aim, 1 );
-	$user->yim = wp_specialchars( $user->yim, 1 );
-	$user->jabber = wp_specialchars( $user->jabber, 1 );
+	$user->user_login = attribute_escape( $user->user_login);
+	$user->user_email = attribute_escape( $user->user_email);
+	$user->user_url = attribute_escape( $user->user_url);
+	$user->first_name = attribute_escape( $user->first_name);
+	$user->last_name = attribute_escape( $user->last_name);
+	$user->display_name = attribute_escape( $user->display_name);
+	$user->nickname = attribute_escape( $user->nickname);
+	$user->aim = attribute_escape( $user->aim);
+	$user->yim = attribute_escape( $user->yim);
+	$user->jabber = attribute_escape( $user->jabber);
 	$user->description = wp_specialchars( $user->description );
 
 	return $user;
@@ -527,13 +527,13 @@ function edit_user( $user_id = 0 ) {
 function get_link_to_edit( $link_id ) {
 	$link = get_link( $link_id );
 
-	$link->link_url = wp_specialchars( $link->link_url, 1 );
-	$link->link_name = wp_specialchars( $link->link_name, 1 );
-	$link->link_image = wp_specialchars( $link->link_image, 1 );
-	$link->link_description = wp_specialchars( $link->link_description, 1 );
+	$link->link_url = attribute_escape( $link->link_url);
+	$link->link_name = attribute_escape( $link->link_name);
+	$link->link_image = attribute_escape( $link->link_image);
+	$link->link_description = attribute_escape( $link->link_description);
 	$link->link_notes = wp_specialchars( $link->link_notes );
-	$link->link_rss = wp_specialchars( $link->link_rss, 1 );
-	$link->link_rel = wp_specialchars( $link->link_rel, 1 );
+	$link->link_rss = attribute_escape( $link->link_rss);
+	$link->link_rel = attribute_escape( $link->link_rel);
 	$link->post_category = $link->link_category;
 
 	return $link;
@@ -541,12 +541,12 @@ function get_link_to_edit( $link_id ) {
 
 function get_default_link_to_edit() {
 	if ( isset( $_GET['linkurl'] ) )
-		$link->link_url = wp_specialchars( $_GET['linkurl'], 1 );
+		$link->link_url = attribute_escape( $_GET['linkurl']);
 	else
 		$link->link_url = '';
 
 	if ( isset( $_GET['name'] ) )
-		$link->link_name = wp_specialchars( $_GET['name'], 1 );
+		$link->link_name = attribute_escape( $_GET['name']);
 	else
 		$link->link_name = '';
 
@@ -831,7 +831,7 @@ function user_row( $user_object, $style = '' ) {
 	}
 	$r .= "</td>\n\t\t<td>";
 	if ( current_user_can( 'edit_user', $user_object->ID ) ) {
-		$edit_link = wp_specialchars( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ) );
+		$edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
 		$r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>";
 	}
 	$r .= "</td>\n\t</tr>";
@@ -911,8 +911,8 @@ function list_meta( $meta ) {
 		}
 
 		$key_js = js_escape( $entry['meta_key'] );
-		$entry['meta_key'] = wp_specialchars( $entry['meta_key'], true );
-		$entry['meta_value'] = wp_specialchars( $entry['meta_value'], true );
+		$entry['meta_key'] = attribute_escape( $entry['meta_key']);
+		$entry['meta_value'] = attribute_escape( $entry['meta_value']);
 		$r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
 		$r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>";
 		$r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>";
@@ -965,7 +965,7 @@ function meta_form() {
 <?php
 
 	foreach ( $keys as $key ) {
-		$key = wp_specialchars( $key, 1 );
+		$key = attribute_escape( $key);
 		echo "\n\t<option value='$key'>$key</option>";
 	}
 ?>
@@ -1992,7 +1992,7 @@ function wp_reset_vars( $vars ) {
 
 function wp_remember_old_slug() {
 	global $post;
-	$name = wp_specialchars($post->post_name); // just in case
+	$name = attribute_escape($post->post_name); // just in case
 	if ( strlen($name) )
 		echo '<input type="hidden" id="wp-old-slug" name="wp-old-slug" value="' . $name . '" />';
 }
diff --git a/wp-admin/bookmarklet.php b/wp-admin/bookmarklet.php
index def516e791..cd2b542c7d 100644
--- a/wp-admin/bookmarklet.php
+++ b/wp-admin/bookmarklet.php
@@ -37,7 +37,7 @@ else
 
 
 $content  = wp_specialchars($_REQUEST['content']);
-$popupurl = wp_specialchars($_REQUEST['popupurl']);
+$popupurl = attribute_escape($_REQUEST['popupurl']);
 if ( !empty($content) ) {
 	$post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
 } else {
diff --git a/wp-admin/edit-category-form.php b/wp-admin/edit-category-form.php
index 18c9ecc173..4fd49e4f6c 100644
--- a/wp-admin/edit-category-form.php
+++ b/wp-admin/edit-category-form.php
@@ -26,11 +26,11 @@ if ( ! empty($cat_ID) ) {
 	<table class="editform" width="100%" cellspacing="2" cellpadding="5">
 		<tr>
 			<th width="33%" scope="row" valign="top"><label for="cat_name"><?php _e('Category name:') ?></label></th>
-			<td width="67%"><input name="cat_name" id="cat_name" type="text" value="<?php echo wp_specialchars($category->cat_name); ?>" size="40" /></td>
+			<td width="67%"><input name="cat_name" id="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /></td>
 		</tr>
 		<tr>
 			<th scope="row" valign="top"><label for="category_nicename"><?php _e('Category slug:') ?></label></th>
-			<td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>
+			<td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attribute_escape($category->category_nicename); ?>" size="40" /></td>
 		</tr>
 		<tr>
 			<th scope="row" valign="top"><label for="category_parent"><?php _e('Category parent:') ?></label></th>
@@ -40,7 +40,7 @@ if ( ! empty($cat_ID) ) {
 		</tr>
 		<tr>
 			<th scope="row" valign="top"><label for="category_description"><?php _e('Description: (optional)') ?></label></th>
-			<td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description, 1); ?></textarea></td>
+			<td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td>
 		</tr>
 	</table>
 <p class="submit"><input type="submit" name="submit" value="<?php echo $submit_text ?>" /></p>
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index bdfb74330f..52b2bc156d 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -7,7 +7,7 @@ wp_enqueue_script( 'admin-comments' );
 
 require_once('admin-header.php');
 if (empty($_GET['mode'])) $mode = 'view';
-else $mode = wp_specialchars($_GET['mode'], 1);
+else $mode = attribute_escape($_GET['mode']);
 ?>
 
 <script type="text/javascript">
@@ -42,7 +42,7 @@ function getNumChecked(form)
 <form name="searchform" action="" method="get" id="editcomments"> 
   <fieldset> 
   <legend><?php _e('Show Comments That Contain...') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
   <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
   <?php _e('(Searches within comment text, e-mail, URL, and IP address.)') ?>
diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php
index 89ba8b58e4..4e2858718e 100644
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -168,11 +168,11 @@ if ('publish' != $post->post_status || 0 == $post_ID) {
 ?>
 <input name="referredby" type="hidden" id="referredby" value="<?php 
 if ( !empty($_REQUEST['popupurl']) )
-	echo wp_specialchars($_REQUEST['popupurl']);
+	echo attribute_escape(stripslashes($_REQUEST['popupurl']));
 else if ( url_to_postid(wp_get_referer()) == $post_ID )
 	echo 'redo';
 else
-	echo wp_specialchars(wp_get_referer());
+	echo attribute_escape(stripslashes(wp_get_referer()));
 ?>" /></p>
 
 <?php do_action('edit_form_advanced'); ?>
diff --git a/wp-admin/edit-link-form.php b/wp-admin/edit-link-form.php
index 6b7b045f75..66275913bf 100644
--- a/wp-admin/edit-link-form.php
+++ b/wp-admin/edit-link-form.php
@@ -247,7 +247,7 @@ function xfn_check($class, $value = '', $type = 'check') {
 <?php if ( $link_id ) : ?>
 <input type="hidden" name="action" value="save" />
 <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
-<input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+<input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
 <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
 <?php else: ?>
 <input type="hidden" name="action" value="add" />
diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php
index d847229839..9d48a85931 100644
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@@ -13,12 +13,10 @@ if (0 == $post_ID) {
 	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
-$sendto = wp_get_referer();
+$sendto = attribute_escape(stripslashes(wp_get_referer()));
 
 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
 	$sendto = 'redo';
-$sendto = wp_specialchars( $sendto );
-
 ?>
 
 <form name="post" action="page.php" method="post" id="post">
diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php
index ca496ab401..7076a7301e 100644
--- a/wp-admin/edit-pages.php
+++ b/wp-admin/edit-pages.php
@@ -13,7 +13,7 @@ require_once('admin-header.php');
 <form name="searchform" action="" method="get">
 	<fieldset>
 	<legend><?php _e('Search Pages&hellip;') ?></legend>
-	<input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" />
+	<input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" />
 	<input type="submit" name="submit" value="<?php _e('Search') ?>"  />
 	</fieldset>
 </form>
diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index c044879b09..70e8289c8c 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -76,7 +76,7 @@ if ( is_month() ) {
 <form name="searchform" id="searchform" action="" method="get">
   <fieldset> 
   <legend><?php _e('Search Posts&hellip;') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>" class="button" /> 
   </fieldset>
 </form>
diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
index 5fdc9b1f1c..fe885e6aec 100644
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -116,7 +116,7 @@ if ( $links ) {
 <?php wp_nonce_field('bulk-bookmarks') ?>
 <input type="hidden" name="link_id" value="" />
 <input type="hidden" name="action" value="" />
-<input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+<input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
 <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
 <table class="widefat">
 	<thead>
@@ -130,9 +130,9 @@ if ( $links ) {
 	<tbody id="the-list">
 <?php
 	foreach ($links as $link) {
-		$link->link_name = wp_specialchars($link->link_name);
+		$link->link_name = attribute_escape($link->link_name);
 		$link->link_description = wp_specialchars($link->link_description);
-		$link->link_url = wp_specialchars($link->link_url);
+		$link->link_url = attribute_escape($link->link_url);
 		$link->link_category = wp_get_link_cats($link->link_id);
 		$short_url = str_replace('http://', '', $link->link_url);
 		$short_url = str_replace('www.', '', $short_url);
diff --git a/wp-admin/options-misc.php b/wp-admin/options-misc.php
index 5fa04fecf8..816dbee48f 100644
--- a/wp-admin/options-misc.php
+++ b/wp-admin/options-misc.php
@@ -18,7 +18,7 @@ include('admin-header.php');
 <table class="editform optiontable">
 <tr valign="top">
 <th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
-<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo wp_specialchars(str_replace(ABSPATH, '', get_option('upload_path')), 1); ?>" size="40" />
+<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_option('upload_path'))); ?>" size="40" />
 <br />
 <?php _e('Default is <code>wp-content/uploads</code>'); ?>
 </td>
diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php
index d99b35eca0..b7db50157a 100644
--- a/wp-admin/options-permalink.php
+++ b/wp-admin/options-permalink.php
@@ -149,7 +149,7 @@ checked="checked"
 </label>
 <br />
 </p>
-<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo wp_specialchars($permalink_structure, 1); ?>" size="50" /></p>
+<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo attribute_escape($permalink_structure); ?>" size="50" /></p>
 
 <h3><?php _e('Optional'); ?></h3>
 <?php if ($is_apache) : ?>
@@ -158,7 +158,7 @@ checked="checked"
 	<p><?php _e('If you like, you may enter a custom prefix for your category <abbr title="Universal Resource Locator">URL</abbr>s here. For example, <code>/index.php/taxonomy/tags</code> would make your category links like <code>http://example.org/index.php/taxonomy/tags/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
 <?php endif; ?>
 	<p> 
-  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo wp_specialchars($category_base, 1); ?>" size="30" /> 
+  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo attribute_escape($category_base); ?>" size="30" /> 
      </p> 
     <p class="submit"> 
       <input type="submit" name="submit" value="<?php _e('Update Permalink Structure &raquo;') ?>" /> 
diff --git a/wp-admin/options.php b/wp-admin/options.php
index 87db8e9c36..90b857a26b 100644
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -158,7 +158,7 @@ endforeach;
 ?>
   </table>
 <?php $options_to_update = implode(',', $options_to_update); ?>
-<p class="submit"><input type="hidden" name="page_options" value="<?php echo wp_specialchars($options_to_update, true); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
   </form>
 </div>
 
diff --git a/wp-admin/page.php b/wp-admin/page.php
index 59742a0e7e..112157d8ad 100644
--- a/wp-admin/page.php
+++ b/wp-admin/page.php
@@ -57,7 +57,7 @@ case 'edit':
 	?>
 	<div id='preview' class='wrap'>
 	<h2 id="preview-post"><?php _e('Page Preview (updated when page is saved)'); ?></h2>
-		<iframe src="<?php echo wp_specialchars(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
+		<iframe src="<?php echo attribute_escape(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
 	</div>
 	<?php
 	break;
diff --git a/wp-admin/post.php b/wp-admin/post.php
index b35ff330f5..dd756fbc02 100644
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -63,7 +63,7 @@ case 'edit':
 	?>
 	<div id='preview' class='wrap'>
 	<h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?></h2>
-		<iframe src="<?php echo wp_specialchars(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
+		<iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
 	</div>
 	<?php
 	break;
diff --git a/wp-admin/templates.php b/wp-admin/templates.php
index 51f3887523..f4a302111a 100644
--- a/wp-admin/templates.php
+++ b/wp-admin/templates.php
@@ -98,7 +98,7 @@ if ( $recents ) :
 <?php
 echo '<ol>';
 foreach ($recents as $recent) :
-	echo "<li><a href='templates.php?file=" . wp_specialchars($recent, true) . "'>" . get_file_description(basename($recent)) . "</a></li>";
+	echo "<li><a href='templates.php?file=" . attribute_escape($recent) . "'>" . get_file_description(basename($recent)) . "</a></li>";
 endforeach;
 echo '</ol>';
 endif;
diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php
index 49cf243d4b..b1877bbf94 100644
--- a/wp-admin/theme-editor.php
+++ b/wp-admin/theme-editor.php
@@ -88,7 +88,7 @@ default:
 		$theme_name = $a_theme['Name'];
 		if ($theme_name == $theme) $selected = " selected='selected'";
 		else $selected = '';
-		$theme_name = wp_specialchars($theme_name, true);
+		$theme_name = attribute_escape($theme_name);
 		echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
 	}
 ?>
diff --git a/wp-admin/upgrade.php b/wp-admin/upgrade.php
index c2bad9dd10..b6f8d64311 100644
--- a/wp-admin/upgrade.php
+++ b/wp-admin/upgrade.php
@@ -28,7 +28,7 @@ else
 <?php
 switch($step) {
 	case 0:
-		$goback = wp_specialchars(wp_get_referer());
+		$goback = attribute_escape(stripslashes(wp_get_referer()));
 ?> 
 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
 <h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
@@ -40,7 +40,7 @@ switch($step) {
 		if ( empty( $_GET['backto'] ) )
 			$backto = __get_option('home');
 		else
-			$backto = wp_specialchars( $_GET['backto'] , 1 );
+			$backto = attribute_escape(stripslashes($_GET['backto']));
 ?> 
 <h2><?php _e('Step 1'); ?></h2> 
 	<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"),  $backto); ?></p>
diff --git a/wp-admin/upload-functions.php b/wp-admin/upload-functions.php
index 3b093d1846..0bdad590c2 100644
--- a/wp-admin/upload-functions.php
+++ b/wp-admin/upload-functions.php
@@ -7,7 +7,7 @@ function wp_upload_display( $dims = false, $href = '' ) {
 		list($width,$height) = wp_shrink_dimensions($attachment_data['width'], $attachment_data['height'], 171, 128);
 	ob_start();
 		the_title();
-		$post_title = wp_specialchars( ob_get_contents(), 1 );
+		$post_title = attribute_escape( ob_get_contents());
 	ob_end_clean();
 	$post_content = apply_filters( 'content_edit_pre', $post->post_content );
 	
@@ -71,9 +71,9 @@ function wp_upload_view() {
 				echo '[&nbsp;';
 				echo '<a href="' . get_permalink() . '">' . __('view') . '</a>';
 				echo '&nbsp;|&nbsp;';
-					echo '<a href="' . wp_specialchars( add_query_arg( 'action', 'edit' ), 1 ) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>';
+					echo '<a href="' . attribute_escape( add_query_arg( 'action', 'edit' )) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>';
 				echo '&nbsp;|&nbsp;';
-				echo '<a href="' . wp_specialchars( remove_query_arg( array('action', 'ID') ), 1 ) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';
+				echo '<a href="' . attribute_escape( remove_query_arg( array('action', 'ID') )) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';
 				echo '&nbsp;]'; ?></span>
 		</div>
 
@@ -111,9 +111,9 @@ function wp_upload_form() {
 				echo '[&nbsp;';
 				echo '<a href="' . get_permalink() . '">' . __('view') . '</a>';
 				echo '&nbsp;|&nbsp;';
-					echo '<a href="' . wp_specialchars( add_query_arg( 'action', 'view' ), 1 ) . '">' . __('links') . '</a>';
+					echo '<a href="' . attribute_escape( add_query_arg( 'action', 'view' )) . '">' . __('links') . '</a>';
 				echo '&nbsp;|&nbsp;';
-				echo '<a href="' . wp_specialchars( remove_query_arg( array('action','ID') ), 1 ) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';
+				echo '<a href="' . attribute_escape( remove_query_arg( array('action','ID') )) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';
 				echo '&nbsp;]'; ?></span>
 		</div>
 
diff --git a/wp-admin/upload-js.php b/wp-admin/upload-js.php
index c0a7a1bb28..e5a65f2e5e 100644
--- a/wp-admin/upload-js.php
+++ b/wp-admin/upload-js.php
@@ -72,22 +72,22 @@ addLoadEvent( function() {
 				var params = $H(this.params);
 				params.ID = '';
 				params.action = '';
-				h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('&laquo; Back'), 1); ?></a>";
+				h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('&laquo; Back')); ?></a>";
 			} else {
-				h += "<a href='#' onclick='return theFileList.cancelView();'  title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('&laquo; Back'), 1) ?></a>";
+				h += "<a href='#' onclick='return theFileList.cancelView();'  title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('&laquo; Back')) ?></a>";
 			}
 			h += "<div id='file-title'>"
 			if ( !this.currentImage.isImage )
-				h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo wp_specialchars(__('Direct link to file'), 1); ?>'>" + this.currentImage.title + "</a></h2>";
+				h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>" + this.currentImage.title + "</a></h2>";
 			else
 				h += "<h2>" + this.currentImage.title + "</h2>";
 			h += " &#8212; <span>";
-			h += "<a href='#' onclick='return theFileList.editView(" + id + ");'><?php echo wp_specialchars(__('Edit'), 1); ?></a>"
+			h += "<a href='#' onclick='return theFileList.editView(" + id + ");'><?php echo attribute_escape(__('Edit')); ?></a>"
 			h += "</span>";
 			h += '</div>'
 			h += "<div id='upload-file-view' class='alignleft'>";
 			if ( this.currentImage.isImage ) {
-				h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo wp_specialchars(__('Direct link to file'), 1); ?>'>";
+				h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>";
 				h += "<img src='" + ( this.currentImage.thumb ? this.currentImage.thumb : this.currentImage.src ) + "' alt='" + this.currentImage.title + "' width='" + this.currentImage.width + "' height='" + this.currentImage.height + "' />";
 				h += "</a>";
 			} else
@@ -97,20 +97,20 @@ addLoadEvent( function() {
 			h += "<form name='uploadoptions' id='uploadoptions' class='alignleft'>";
 			h += "<table>";
 			if ( this.currentImage.thumb ) {
-				h += "<tr><th style='padding-bottom:.5em'><?php echo wp_specialchars(__('Show:'), 1); ?></th><td style='padding-bottom:.5em'>";
-				h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo wp_specialchars(__('Thumbnail'), 1); ?></label><br />";
-				h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo wp_specialchars(__('Full size'), 1); ?></label>";
+				h += "<tr><th style='padding-bottom:.5em'><?php echo attribute_escape(__('Show:')); ?></th><td style='padding-bottom:.5em'>";
+				h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo attribute_escape(__('Thumbnail')); ?></label><br />";
+				h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo attribute_escape(__('Full size')); ?></label>";
 				h += "</td></tr>";
 			}
 
-			h += "<tr><th><?php echo wp_specialchars(__('Link to:'), 1); ?></th><td>";
-			h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo wp_specialchars(__('File'), 1); ?></label><br />";
-			h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo wp_specialchars(__('Page'), 1); ?></label><br />";
-			h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo wp_specialchars(__('None'), 1); ?></label>";
+			h += "<tr><th><?php echo attribute_escape(__('Link to:')); ?></th><td>";
+			h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo attribute_escape(__('File')); ?></label><br />";
+			h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo attribute_escape(__('Page')); ?></label><br />";
+			h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo attribute_escape(__('None')); ?></label>";
 			h += "</td></tr>";
 
 			h += "<tr><td colspan='2'><p class='submit'>";
-			h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo wp_specialchars(__('Send to editor &raquo;'), 1); ?>' />";
+			h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo attribute_escape(__('Send to editor &raquo;')); ?>' />";
 			h += "</p></td></tr></table>";
 			h += "</form>";
 
@@ -134,17 +134,17 @@ addLoadEvent( function() {
 				var params = $H(this.params);
 				params.ID = '';
 				params.action = '';
-				h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "'  title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('&laquo; Back'), 1); ?></a>";
+				h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "'  title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('&laquo; Back')); ?></a>";
 			} else {
-				h += "<a href='#' onclick='return theFileList.cancelView();'  title='<?php echo wp_specialchars(__('Browse your files'), 1); ?>' class='back'><?php echo wp_specialchars(__('&laquo; Back'), 1); ?></a>";
+				h += "<a href='#' onclick='return theFileList.cancelView();'  title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('&laquo; Back')); ?></a>";
 			}
 			h += "<div id='file-title'>"
 			if ( !this.currentImage.isImage )
-				h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo wp_specialchars(__('Direct link to file'), 1); ?>'>" + this.currentImage.title + "</a></h2>";
+				h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>" + this.currentImage.title + "</a></h2>";
 			else
 				h += "<h2>" + this.currentImage.title + "</h2>";
 			h += " &#8212; <span>";
-			h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'><?php wp_specialchars(__('Insert'), 1); ?></a>"
+			h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'><?php attribute_escape(__('Insert')); ?></a>"
 			h += "</span>";
 			h += '</div>'
 			h += "<div id='upload-file-view' class='alignleft'>";
@@ -158,20 +158,20 @@ addLoadEvent( function() {
 
 
 			h += "<table><col /><col class='widefat' /><tr>"
-			h += "<th scope='row'><label for='url'><?php echo wp_specialchars(__('URL'), 1); ?></label></th>";
+			h += "<th scope='row'><label for='url'><?php echo attribute_escape(__('URL')); ?></label></th>";
 			h += "<td><input type='text' id='url' class='readonly' value='" + this.currentImage.srcBase + this.currentImage.src + "' readonly='readonly' /></td>";
 			h += "</tr><tr>";
-			h += "<th scope='row'><label for='post_title'><?php echo wp_specialchars(__('Title'), 1); ?></label></th>";
+			h += "<th scope='row'><label for='post_title'><?php echo attribute_escape(__('Title')); ?></label></th>";
 			h += "<td><input type='text' id='post_title' name='post_title' value='" + this.currentImage.title + "' /></td>";
 			h += "</tr><tr>";
-			h += "<th scope='row'><label for='post_content'><?php echo wp_specialchars(__('Description'), 1); ?></label></th>";
+			h += "<th scope='row'><label for='post_content'><?php echo attribute_escape(__('Description')); ?></label></th>";
 			h += "<td><textarea name='post_content' id='post_content'>" + this.currentImage.description + "</textarea></td>";
-			h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='<?php echo wp_specialchars(__('Delete File'), 1); ?>' onclick='theFileList.deleteFile(" + id + ");' />";
+			h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='<?php echo attribute_escape(__('Delete File')); ?>' onclick='theFileList.deleteFile(" + id + ");' />";
 			h += "<input type='hidden' name='from_tab' value='" + this.tab + "' />";
 			h += "<input type='hidden' name='action' id='action-value' value='save' />";
 			h += "<input type='hidden' name='ID' value='" + id + "' />";
 			h += "<input type='hidden' name='_wpnonce' value='" + this.nonce + "' />";
-			h += "<div class='submit'><input type='submit' value='<?php echo wp_specialchars(__('Save &raquo;'), 1); ?>' /></div>";
+			h += "<div class='submit'><input type='submit' value='<?php echo attribute_escape(__('Save &raquo;')); ?>' /></div>";
 			h += "</td></tr></table></form>";
 
 			new Insertion.Top('upload-content', h);
diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index b2977c746d..4daf643675 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -87,7 +87,7 @@ foreach ( $wp_upload_tabs as $t => $tab_array ) { // We've already done the curr
 	$href = add_query_arg( array('tab' => $t, 'ID' => '', 'action' => '', 'paged' => '') );
 	if ( isset($tab_array[4]) && is_array($tab_array[4]) )
 		add_query_arg( $tab_array[4], $href );
-	$_href = wp_specialchars( $href, 1 );
+	$_href = attribute_escape( $href);
 	$page_links = '';
 	$class = 'upload-tab alignleft';
 	if ( $tab == $t ) {
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index 647efb889f..03bc9929f7 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -55,7 +55,7 @@ include ('admin-header.php');
 <div id="message" class="updated fade">
 	<p><strong><?php _e('User updated.') ?></strong></p>
 	<?php if ( $wp_http_referer ) : ?>
-	<p><a href="<?php echo wp_specialchars($wp_http_referer); ?>"><?php _e('&laquo; Back to Authors and Users'); ?></a></p>
+	<p><a href="<?php echo attribute_escape($wp_http_referer); ?>"><?php _e('&laquo; Back to Authors and Users'); ?></a></p>
 	<?php endif; ?>
 </div>
 <?php endif; ?>
diff --git a/wp-admin/users.php b/wp-admin/users.php
index a0d876c46a..c3788ebf9e 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -12,10 +12,10 @@ $action = $_REQUEST['action'];
 $update = '';
 
 if ( empty($_POST) ) {
-	$referer = '<input type="hidden" name="wp_http_referer" value="'. wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+	$referer = '<input type="hidden" name="wp_http_referer" value="'. attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
 } elseif ( isset($_POST['wp_http_referer']) ) {
 	$redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_POST['wp_http_referer']));
-	$referer = '<input type="hidden" name="wp_http_referer" value="' . wp_specialchars($redirect) . '" />';
+	$referer = '<input type="hidden" name="wp_http_referer" value="' . attribute_escape($redirect) . '" />';
 } else {
 	$redirect = 'users.php';
 }
@@ -338,7 +338,7 @@ default:
 	<?php endif; ?>
 
 	<form action="" method="get" name="search" id="search">
-		<p><input type="text" name="usersearch" id="usersearch" value="<?php echo wp_specialchars($wp_user_search->search_term, 1); ?>" /> <input type="submit" value="<?php _e('Search 	users &raquo;'); ?>" class="button" /></p>
+		<p><input type="text" name="usersearch" id="usersearch" value="<?php echo attribute_escape($wp_user_search->search_term); ?>" /> <input type="submit" value="<?php _e('Search 	users &raquo;'); ?>" class="button" /></p>
 	</form>
 
 	<?php if ( is_wp_error( $wp_user_search->search_errors ) ) : ?>
@@ -429,7 +429,7 @@ foreach ( (array) $roleclass as $user_object ) {
 	if ( is_wp_error($add_user_errors) ) {
 		foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) {
 			$var = 'new_' . $var;
-			$$var = wp_specialchars(stripslashes($_POST[$formpost]));
+			$$var = attribute_escape(stripslashes($_POST[$formpost]));
 		}
 		unset($name);
 	}
diff --git a/wp-content/themes/classic/comments-popup.php b/wp-content/themes/classic/comments-popup.php
index 5d9101b48a..269e8a8cf7 100644
--- a/wp-content/themes/classic/comments-popup.php
+++ b/wp-content/themes/classic/comments-popup.php
@@ -60,7 +60,7 @@ if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH
 	  <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
 	   <label for="author"><?php _e("Name"); ?></label>
 	<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
-	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
 	</p>
 
 	<p>
diff --git a/wp-content/themes/default/comments-popup.php b/wp-content/themes/default/comments-popup.php
index 46662b2b6b..c8122937cd 100644
--- a/wp-content/themes/default/comments-popup.php
+++ b/wp-content/themes/default/comments-popup.php
@@ -60,7 +60,7 @@ if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $pos
 	  <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
 	   <label for="author">Name</label>
 	<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
-	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
 	</p>
 
 	<p>
diff --git a/wp-includes/author-template.php b/wp-includes/author-template.php
index 7f3034f724..e323d059a9 100644
--- a/wp-includes/author-template.php
+++ b/wp-includes/author-template.php
@@ -139,7 +139,7 @@ function the_author_posts() {
 function the_author_posts_link($deprecated = '') {
 	global $authordata;
 
-	echo '<a href="' . get_author_posts_url($authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(get_the_author())) . '">' . get_the_author() . '</a>';
+	echo '<a href="' . get_author_posts_url($authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape(get_the_author())) . '">' . get_the_author() . '</a>';
 }
 
 function get_author_posts_url($author_id, $author_nicename = '') {
@@ -202,7 +202,7 @@ function wp_list_authors($args = '') {
 			if ( !$hide_empty )
 				$link = $name;
 		} else {
-			$link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars($author->display_name)) . '">' . $name . '</a>';
+			$link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape($author->display_name)) . '">' . $name . '</a>';
 
 			if ( (! empty($feed_image)) || (! empty($feed)) ) {
 				$link .= ' ';
diff --git a/wp-includes/bookmark-template.php b/wp-includes/bookmark-template.php
index b8a41325ad..746f7fc178 100644
--- a/wp-includes/bookmark-template.php
+++ b/wp-includes/bookmark-template.php
@@ -101,8 +101,8 @@ function get_links($category = -1,
 		if ( '' != $rel )
 			$rel = ' rel="' . $rel . '"';
 
-		$desc = wp_specialchars($row->link_description, ENT_QUOTES);
-		$name = wp_specialchars($row->link_name, ENT_QUOTES);
+		$desc = attribute_escape($row->link_description);
+		$name = attribute_escape($row->link_name);
 		$title = $desc;
 
 		if ( $show_updated )
@@ -266,8 +266,8 @@ function _walk_bookmarks($bookmarks, $args = '' ) {
 		if ( '' != $rel )
 			$rel = ' rel="' . $rel . '"';
 
-		$desc = wp_specialchars($bookmark->link_description, ENT_QUOTES);
-		$name = wp_specialchars($bookmark->link_name, ENT_QUOTES);
+		$desc = attribute_escape($bookmark->link_description);
+		$name = attribute_escape($bookmark->link_name);
 		$title = $desc;
 
 		if ( $show_updated )
diff --git a/wp-includes/classes.php b/wp-includes/classes.php
index fb3110acb5..62cee05235 100644
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -509,7 +509,7 @@ class Walker_Page extends Walker {
 		elseif ( $_current_page && $page->ID == $_current_page->post_parent )
 			$css_class .= ' current_page_parent';
 
-		$output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . wp_specialchars($page->post_title, 1) . '">' . $page->post_title . '</a>';
+		$output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attribute_escape($page->post_title) . '">' . $page->post_title . '</a>';
 	
 		if ( !empty($show_date) ) {
 			if ( 'modified' == $show_date )
@@ -575,12 +575,12 @@ class Walker_Category extends Walker {
 	function start_el($output, $category, $depth, $args) {
 		extract($args);
 
-		$cat_name = wp_specialchars( $category->cat_name, 1 );
+		$cat_name = attribute_escape( $category->cat_name);
 		$link = '<a href="' . get_category_link( $category->cat_ID ) . '" ';
 		if ( $use_desc_for_title == 0 || empty($category->category_description) )
 			$link .= 'title="' . sprintf(__( 'View all posts filed under %s' ), $cat_name) . '"';
 		else
-			$link .= 'title="' . wp_specialchars( apply_filters( 'category_description', $category->category_description, $category ), 1 ) . '"';
+			$link .= 'title="' . attribute_escape( apply_filters( 'category_description', $category->category_description, $category )) . '"';
 		$link .= '>';
 		$link .= apply_filters( 'list_cats', $category->cat_name, $category ).'</a>';
 
diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php
index 6f53558730..38587dae5d 100644
--- a/wp-includes/comment-template.php
+++ b/wp-includes/comment-template.php
@@ -353,7 +353,7 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com
 	if (!empty($CSSclass)) {
 		echo ' class="'.$CSSclass.'"';
 	}
-	$title = wp_specialchars(apply_filters('the_title', get_the_title()), true);
+	$title = attribute_escape(apply_filters('the_title', get_the_title()));
 	echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">';
 	comments_number($zero, $one, $more, $number);
 	echo '</a>';
diff --git a/wp-includes/comment.php b/wp-includes/comment.php
index 836620820a..cace19304d 100644
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -155,21 +155,21 @@ function sanitize_comment_cookies() {
 	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
 		$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
 		$comment_author = stripslashes($comment_author);
-		$comment_author = wp_specialchars($comment_author, true);
+		$comment_author = attribute_escape($comment_author);
 		$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
 	}
 
 	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
 		$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
 		$comment_author_email = stripslashes($comment_author_email);
-		$comment_author_email = wp_specialchars($comment_author_email, true);
+		$comment_author_email = attribute_escape($comment_author_email);
 		$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
 	}
 
 	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
 		$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
 		$comment_author_url = stripslashes($comment_author_url);
-		$comment_author_url = wp_specialchars($comment_author_url, true);
+		$comment_author_url = attribute_escape($comment_author_url);
 		$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
 	}
 }
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index cb3ddacaf8..a4ff44ff10 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -1081,6 +1081,11 @@ function js_escape($text) {
 	return preg_replace("/\r?\n/", "\\n", addslashes($text));
 }
 
+// Escaping for HTML attributes like
+function attribute_escape($text) {
+	return wp_specialchars($text, true);
+}
+
 function wp_make_link_relative( $link ) {
 	return preg_replace('|https?://[^/]+(/.*)|i', '$1', $link );
 }
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index 0fb0d936ec..556df29d9c 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -231,7 +231,7 @@ function get_option($setting) {
 }
 
 function form_option($option) {
-	echo wp_specialchars( get_option($option), 1 );
+	echo attribute_escape( get_option($option));
 }
 
 function get_alloptions() {
@@ -914,16 +914,16 @@ function wp_nonce_field($action = -1) {
 }
 
 function wp_referer_field() {
-	$ref = wp_specialchars($_SERVER['REQUEST_URI']);
+	$ref = attribute_escape($_SERVER['REQUEST_URI']);
 	echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
 	if ( wp_get_original_referer() ) {
-		$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+		$original_ref = attribute_escape(stripslashes(wp_get_original_referer()));
 		echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
 	}
 }
 
 function wp_original_referer_field() {
-	echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+	echo '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
 }
 
 function wp_get_referer() {
@@ -1190,7 +1190,7 @@ function wp_nonce_ays($action) {
 		foreach ( (array) $q as $a ) {
 			$v = substr(strstr($a, '='), 1);
 			$k = substr($a, 0, -(strlen($v)+1));
-			$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
+			$html .= "\t\t<input type='hidden' name='" . attribute_escape( urldecode($k)) . "' value='" . attribute_escape( urldecode($v)) . "' />\n";
 		}
 		$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
 		$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php
index 68d7304ad6..af5b1a7914 100644
--- a/wp-includes/general-template.php
+++ b/wp-includes/general-template.php
@@ -279,7 +279,7 @@ function single_month_title($prefix = '', $display = true ) {
 /* link navigation hack by Orien http://icecode.com/ */
 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
 	$text = wptexturize($text);
-	$title_text = wp_specialchars($text, 1);
+	$title_text = attribute_escape($text);
 
 	if ('link' == $format)
 		return "\t<link rel='archives' title='$title_text' href='$url' />\n";
@@ -901,7 +901,7 @@ function the_editor($content, $id = 'content', $prev_id = 'title') {
 
 function the_search_query() {
 	global $s;
-	echo wp_specialchars( stripslashes($s), 1 );
+	echo attribute_escape( stripslashes($s));
 }
 
 function language_attributes() {
@@ -956,7 +956,7 @@ function paginate_links( $arg = '' ) {
 		$link = str_replace('%#%', $current - 1, $link);
 		if ( $add_args )
 			$link = add_query_arg( $add_args, $link );
-		$page_links[] = "<a class='prev page-numbers' href='" . wp_specialchars( $link, 1 ) . "'>$prev_text</a>";
+		$page_links[] = "<a class='prev page-numbers' href='" . attribute_escape( $link) . "'>$prev_text</a>";
 	endif;
 	for ( $n = 1; $n <= $total; $n++ ) :
 		if ( $n == $current ) :
@@ -968,7 +968,7 @@ function paginate_links( $arg = '' ) {
 				$link = str_replace('%#%', $n, $link);
 				if ( $add_args )
 					$link = add_query_arg( $add_args, $link );
-				$page_links[] = "<a class='page-numbers' href='" . wp_specialchars( $link, 1 ) . "'>$n</a>";
+				$page_links[] = "<a class='page-numbers' href='" . attribute_escape( $link) . "'>$n</a>";
 				$dots = true;
 			elseif ( $dots && !$show_all ) :
 				$page_links[] = "<span class='page-numbers dots'>...</span>";
@@ -981,7 +981,7 @@ function paginate_links( $arg = '' ) {
 		$link = str_replace('%#%', $current + 1, $link);
 		if ( $add_args )
 			$link = add_query_arg( $add_args, $link );
-		$page_links[] = "<a class='next page-numbers' href='" . wp_specialchars( $link, 1 ) . "'>$next_text</a>";
+		$page_links[] = "<a class='next page-numbers' href='" . attribute_escape( $link) . "'>$next_text</a>";
 	endif;
 	switch ( $type ) :
 		case 'array' :
diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php
index e1d83c5cd5..a8c2e539ca 100644
--- a/wp-includes/post-template.php
+++ b/wp-includes/post-template.php
@@ -334,7 +334,7 @@ function get_the_attachment_link($id = 0, $fullsize = false, $max_dims = false)
 	if ( ('attachment' != $_post->post_type) || ('' == $_post->guid) )
 		return __('Missing Attachment');
 
-	$post_title = wp_specialchars( $_post->post_title, 1 );
+	$post_title = attribute_escape( $_post->post_title);
 
 	if (! empty($_post->guid) ) {
 		$innerHTML = get_attachment_innerHTML($_post->ID, $fullsize, $max_dims);
@@ -420,7 +420,7 @@ function get_attachment_icon($id = 0, $fullsize = false, $max_dims = false) {
 		}
 	}
 
-	$post_title = wp_specialchars( $post->post_title, 1 );
+	$post_title = attribute_escape( $post->post_title);
 
 	$icon = "<img src='$src' title='$post_title' alt='$post_title' $constraint/>";
 
@@ -435,7 +435,7 @@ function get_attachment_innerHTML($id = 0, $fullsize = false, $max_dims = false)
 
 	$post = & get_post($id);
 
-	$innerHTML = wp_specialchars( $post->post_title, 1 );
+	$innerHTML = attribute_escape( $post->post_title);
 
 	return apply_filters('attachment_innerHTML', $innerHTML, $post->ID);
 }
diff --git a/wp-links-opml.php b/wp-links-opml.php
index 326bfc3cf9..810841249d 100644
--- a/wp-links-opml.php
+++ b/wp-links-opml.php
@@ -30,13 +30,13 @@ else
 
 foreach ((array) $cats as $cat) {
 ?>
-<outline type="category" title="<?php echo wp_specialchars($cat->cat_name); ?>">
+<outline type="category" title="<?php echo attribute_escape($cat->cat_name); ?>">
 <?php
 
 	$bookmarks = get_bookmarks("category={$cat->cat_ID}");
 	foreach ((array) $bookmarks as $bookmark) {
 ?>
-	<outline text="<?php echo wp_specialchars($bookmark->link_name); ?>" type="link" xmlUrl="<?php echo wp_specialchars($bookmark->link_rss); ?>" htmlUrl="<?php echo wp_specialchars($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" />
+	<outline text="<?php echo attribute_escape($bookmark->link_name); ?>" type="link" xmlUrl="<?php echo attribute_escape($bookmark->link_rss); ?>" htmlUrl="<?php echo attribute_escape($bookmark->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $bookmark->link_updated) echo $bookmark->link_updated; ?>" />
 <?php
 
 	}
diff --git a/wp-login.php b/wp-login.php
index c5c9296258..a92815da33 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -138,11 +138,11 @@ case 'retrievepassword' :
 <form name="lostpasswordform" id="lostpasswordform" action="wp-login.php?action=lostpassword" method="post">
 	<p>
 		<label><?php _e('Username:') ?><br />
-		<input type="text" name="user_login" id="user_login" class="input" value="<?php echo wp_specialchars(stripslashes($_POST['user_login']), 1); ?>" size="20" tabindex="10" /></label>
+		<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_login'])); ?>" size="20" tabindex="10" /></label>
 	</p>
 	<p>
 		<label><?php _e('E-mail:') ?><br />
-		<input type="text" name="user_email" id="user_email" class="input" value="<?php echo wp_specialchars(stripslashes($_POST['user_email']), 1); ?>" size="25" tabindex="20" /></label>
+		<input type="text" name="user_email" id="user_email" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_email'])); ?>" size="25" tabindex="20" /></label>
 	</p>
 <?php do_action('lostpassword_form'); ?>
 	<p class="submit"><input type="submit" name="submit" id="submit" value="<?php _e('Get New Password &raquo;'); ?>" tabindex="100" /></p>
@@ -257,11 +257,11 @@ case 'register' :
 <form name="registerform" id="registerform" action="wp-login.php?action=register" method="post">
 	<p>
 		<label><?php _e('Username:') ?><br />
-		<input type="text" name="user_login" id="user_login" class="input" value="<?php echo wp_specialchars(stripslashes($user_login), 1); ?>" size="20" tabindex="10" /></label>
+		<input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
 	</p>
 	<p>
 		<label><?php _e('E-mail:') ?><br />
-		<input type="text" name="user_email" id="user_email" class="input" value="<?php echo wp_specialchars(stripslashes($user_email), 1); ?>" size="25" tabindex="20" /></label>
+		<input type="text" name="user_email" id="user_email" class="input" value="<?php echo attribute_escape(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label>
 	</p>
 <?php do_action('register_form'); ?>
 	<p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
@@ -344,7 +344,7 @@ default:
 <form name="loginform" id="loginform" action="wp-login.php" method="post">
 	<p>
 		<label><?php _e('Username:') ?><br />
-		<input type="text" name="log" id="user_login" class="input" value="<?php echo wp_specialchars(stripslashes($user_login), 1); ?>" size="20" tabindex="10" /></label>
+		<input type="text" name="log" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
 	</p>
 	<p>
 		<label><?php _e('Password:') ?><br />
@@ -354,7 +354,7 @@ default:
 	<p><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /> <?php _e('Remember me'); ?></label></p>
 	<p class="submit">
 		<input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> &raquo;" tabindex="100" />
-		<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?>" />
+		<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" />
 	</p>
 </form>
 </div>




	<?php echo wp_specialchars($category->category_description, 1); ?>	<?php echo wp_specialchars($category->category_description); ?>