diff -urN wordpress-mu-1.3/index-install.php wordpress-mu-1.3.2/index-install.php
--- wordpress-mu-1.3/index-install.php	2007-10-26 13:09:56.000000000 +0200
+++ wordpress-mu-1.3.2/index-install.php	2008-01-11 17:15:19.000000000 +0100
@@ -151,7 +151,7 @@
 		filestats( $err );
 
 		print "<p>Please ensure that the webserver can write to this directory.</p>";
-		print "<p>If you use Cpanel then read <a href='http://mu.wordpress.org/forums/topic/99'>this post</a>. Cpanel creates files that I need to overwrite and you have to fix that.</p>";
+		print "<p>If you use Cpanel then read <a href='http://mu.wordpress.org/forums/topic.php?id=99'>this post</a>. Cpanel creates files that I need to overwrite and you have to fix that.</p>";
 		print "<p>If all else fails then you'll have to create it by hand:";
 		print "<ul><li> Download htaccess.dist to your computer and open it in your favourite text editor.</li>
 		<li> Replace the following text:<ul><li>BASE by '$base'</li><li>HOST by '$url'</li></li>
@@ -400,7 +400,7 @@
 	$current_site->path = $base;
 	$current_site->site_name = ucfirst( $domain );
 
-	wpmu_create_blog( $domain, $base, $weblog_title, $user_id, array() );
+	wpmu_create_blog( $domain, $base, $weblog_title, $user_id, array( 'blog_public' => 1, 'public' => 1 ) );
 	update_blog_option( 1, 'template', 'home');
 	update_blog_option( 1, 'stylesheet', 'home');
 	if( constant( 'VHOST' ) == 'yes' ) {
diff -urN wordpress-mu-1.3/wp-admin/admin-footer.php wordpress-mu-1.3.2/wp-admin/admin-footer.php
--- wordpress-mu-1.3/wp-admin/admin-footer.php	2007-10-26 18:53:44.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/admin-footer.php	2007-11-23 13:10:11.000000000 +0100
@@ -1,8 +1,9 @@
 
 <div id="footer">
-<p><?php
-
-echo __('Thank you for creating with <a href="http://mu.wordpress.org/">WordPress MU</a>').' | '.__('<a href="http://mu.wordpress.org/docs/">Documentation</a>') ?></p>
+<?php
+$footer_text = '<p>' . __('Thank you for creating with <a href="http://mu.wordpress.org/">WordPress MU</a>') . ' | ' . __('<a href="http://mu.wordpress.org/docs/">Documentation</a>') . '</p>';
+echo apply_filters( 'admin_footer_text', $footer_text );
+?>
 </div>
 <?php do_action('admin_footer', ''); ?>
 <script type="text/javascript">if(typeof wpOnload=='function')wpOnload();</script>
diff -urN wordpress-mu-1.3/wp-admin/admin.php wordpress-mu-1.3.2/wp-admin/admin.php
--- wordpress-mu-1.3/wp-admin/admin.php	2007-10-12 18:21:15.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/admin.php	2008-01-02 17:00:05.000000000 +0100
@@ -1,4 +1,6 @@
 <?php
+define('WP_ADMIN', TRUE);
+
 if ( defined('ABSPATH') )
 	require_once( ABSPATH . 'wp-config.php');
 else
@@ -58,16 +60,16 @@
 			wp_die(__('Invalid plugin page'));
 		}
 
-		if (! file_exists(ABSPATH . PLUGINDIR . "/$plugin_page") && ! file_exists(ABSPATH . "wp-content/mu-plugins/$plugin_page"))
+		if (! file_exists(ABSPATH . PLUGINDIR . "/$plugin_page") && ! file_exists(ABSPATH . MUPLUGINDIR . "/$plugin_page"))
 			wp_die(sprintf(__('Cannot load %s.'), htmlentities($plugin_page)));
 
 		do_action('load-' . $plugin_page);
 
 		if (! isset($_GET['noheader']))
-			require_once(ABSPATH . '/wp-admin/admin-header.php');
+			require_once(ABSPATH . 'wp-admin/admin-header.php');
 
-		if ( file_exists(ABSPATH . "wp-content/mu-plugins/$plugin_page") )
-			include(ABSPATH . "wp-content/mu-plugins/$plugin_page");
+		if ( file_exists(ABSPATH . MUPLUGINDIR . "/$plugin_page") )
+			include(ABSPATH . MUPLUGINDIR . "/$plugin_page");
 		else
 			include(ABSPATH . PLUGINDIR . "/$plugin_page");
 	}
diff -urN wordpress-mu-1.3/wp-admin/includes/file.php wordpress-mu-1.3.2/wp-admin/includes/file.php
--- wordpress-mu-1.3/wp-admin/includes/file.php	2007-10-26 17:16:08.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/includes/file.php	2008-01-02 17:00:05.000000000 +0100
@@ -43,6 +43,9 @@
 }
 
 function validate_file( $file, $allowed_files = '' ) {
+	if ( false !== strpos( $file, '..' ))
+		return 1;
+
 	if ( false !== strpos( $file, './' ))
 		return 1;
 
diff -urN wordpress-mu-1.3/wp-admin/includes/misc.php wordpress-mu-1.3.2/wp-admin/includes/misc.php
--- wordpress-mu-1.3/wp-admin/includes/misc.php	2007-10-12 18:21:15.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/includes/misc.php	2008-01-23 02:31:58.000000000 +0100
@@ -175,4 +175,61 @@
 	}
 }
 
+function add_option_update_handler($option_group, $option_name, $sanitize_callback = '') {
+	global $new_whitelist_options, $sanitize_callbacks;
+	$new_whitelist_options[ $option_group ][] = $option_name;
+	if( $sanitize_callback != '' )
+		add_filter( "sanitize_option_{$option_name}", $sanitize_callback );
+}
+
+function remove_option_update_handler($option_group, $option_name, $sanitize_callback = '') {
+	global $new_whitelist_options, $sanitize_callbacks;
+	$pos = array_search( $option_name, $new_whitelist_options );
+	if( $pos !== false )
+		unset( $new_whitelist_options[ $option_group ][ $pos ] );
+	if( $sanitize_callback != '' )
+		remove_filter( "sanitize_option_{$option_name}", $sanitize_callback );
+}
+
+function option_update_filter( $options ) {
+	global $new_whitelist_options;
+
+	if( is_array( $new_whitelist_options ) )
+		$options = add_option_whitelist( $new_whitelist_options, $options );
+
+	return $options;
+}
+add_filter( 'whitelist_options', 'option_update_filter' );
+
+function add_option_whitelist( $new_options, $options = '' ) {
+	if( $options == '' ) {
+		global $whitelist_options;
+	} else {
+		$whitelist_options = $options;
+	}
+	foreach( $new_options as $page => $keys ) {
+		foreach( $keys as $key ) {
+			$pos = array_search( $key, $whitelist_options[ $page ] );
+			if( $pos === false )
+				$whitelist_options[ $page ][] = $key;
+		}
+	}
+	return $whitelist_options;
+}
+
+function remove_option_whitelist( $del_options, $options = '' ) {
+	if( $options == '' ) {
+		global $whitelist_options;
+	} else {
+		$whitelist_options = $options;
+	}
+	foreach( $del_options as $page => $keys ) {
+		foreach( $keys as $key ) {
+			$pos = array_search( $key, $whitelist_options[ $page ] );
+			if( $pos !== false )
+				unset( $whitelist_options[ $page ][ $pos ] );
+		}
+	}
+	return $whitelist_options;
+}
 ?>
diff -urN wordpress-mu-1.3/wp-admin/includes/mu.php wordpress-mu-1.3.2/wp-admin/includes/mu.php
--- wordpress-mu-1.3/wp-admin/includes/mu.php	2007-10-26 20:11:56.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/includes/mu.php	2008-01-23 18:46:26.000000000 +0100
@@ -1,26 +1,23 @@
 <?php
-
 function check_upload_size( $file ) {
-
-	if( $file[ 'error' ] != '0' ) // there's already an error
+	if( $file['error'] != '0' ) // there's already an error
 		return $file;
 
-	$space_allowed = 1048576*get_space_allowed();
+	$space_allowed = 1048576 * get_space_allowed();
 	$space_used = get_dirsize( constant( "ABSPATH" ) . constant( "UPLOADS" ) );
 	$space_left = $space_allowed - $space_used;
-	$file_size = filesize( $file[ 'tmp_name' ]);
+	$file_size = filesize( $file['tmp_name'] );
 	if( $space_left < $file_size )
-		$file[ 'error' ] = sprintf( __( 'Not enough space to upload. %1$sKb needed.' ), number_format( ($file_size - $space_left) /1024 ) );
+		$file['error'] = sprintf( __( 'Not enough space to upload. %1$sKb needed.' ), number_format( ($file_size - $space_left) /1024 ) );
 	if( $file_size > ( 1024 * get_site_option( 'fileupload_maxk', 1500 ) ) )
 		$file['error'] = sprintf(__('This file is too big. Files must be less than %1$s Kb in size.'), get_site_option( 'fileupload_maxk', 1500 ) );
 	if( upload_is_user_over_quota( false ) ) {
 		$file['error'] = __('You have used your space quota. Please delete files before uploading.');
 	}
-	if( $file[ 'error' ] != '0' )
-		wp_die( $file[ 'error' ] . ' <a href="javascript:history.go(-1)">' . __( 'Back' ) . '</a>' );
+	if( $file['error'] != '0' )
+		wp_die( $file['error'] . ' <a href="javascript:history.go(-1)">' . __( 'Back' ) . '</a>' );
 
 	return $file;
-
 }
 add_filter( 'wp_handle_upload_prefilter', 'check_upload_size' );
 
@@ -53,8 +50,11 @@
 		$wpdb->base_prefix . $blog_id . "_post2cat",
 		$wpdb->base_prefix . $blog_id . "_postmeta",
 		$wpdb->base_prefix . $blog_id . "_posts",
-		$wpdb->base_prefix . $blog_id . "_referer_visitLog",
-		$wpdb->base_prefix . $blog_id . "_referer_blacklist" );
+		$wpdb->base_prefix . $blog_id . "_terms",
+		$wpdb->base_prefix . $blog_id . "_term_taxonomy",
+		$wpdb->base_prefix . $blog_id . "_term_relationships" );
+
+		$drop_tables = apply_filters( 'wpmu_drop_tables', $drop_tables ); 
 		reset( $drop_tables );
 
 		foreach ( (array) $drop_tables as $drop_table) {
@@ -62,7 +62,7 @@
 		}
 
 		$wpdb->query( "DELETE FROM $wpdb->blogs WHERE blog_id = '$blog_id'" );
-		$dir = constant( "ABSPATH" ) . "wp-content/blogs.dir/" . $blog_id ."/files/";
+		$dir = constant( "ABSPATH" ) . "wp-content/blogs.dir/{$blog_id}/files/";
 		$dir = rtrim($dir, DIRECTORY_SEPARATOR);
 		$top_dir = $dir;
 		$stack = array($dir);
@@ -95,7 +95,7 @@
 	}
 	$wpdb->query("DELETE FROM {$wpdb->usermeta} WHERE meta_key='wp_{$blog_id}_autosave_draft_ids'");
 
-	if ( $switch )
+	if ( $switch === true )
 		restore_current_blog();
 }
 
@@ -154,7 +154,7 @@
 			
 		if( is_array( $blog_allowed_themes ) ) {
 			foreach( (array) $themes as $key => $theme ) {
-				$theme_key = wp_specialchars( $theme[ 'Stylesheet' ] );
+				$theme_key = wp_specialchars( $theme['Stylesheet'] );
 				if( isset( $blog_allowed_themes[ $key ] ) == true ) {
 					$blog_allowedthemes[ $theme_key ] = 1;
 				}
@@ -176,12 +176,9 @@
 	if ( $value == get_option( 'admin_email' ) || !is_email( $value ) )
 		return;
 
-	$hash = md5( $value.time().mt_rand() );
-	$newadminemail = array( 
-		"hash" => $hash,
-		"newemail" => $value
-	);
-	update_option( 'adminhash', $newadminemail );
+	$hash = md5( $value. time() .mt_rand() );
+	$new_admin_email = array( "hash" => $hash, "newemail" => $value );
+	update_option( 'adminhash', $new_admin_email );
 	
 	$content = __("Dear user,\n\n
 You recently requested to have the administration email address on 
@@ -282,24 +279,6 @@
 }
 add_action('wpmueditblogaction', 'upload_space_setting');
 
-// Edit XMLRPC active setting on Edit Blog page
-function xmlrpc_active_setting( $id ) {
-	$site_xmlrpc = get_site_option( 'xmlrpc_active' );
-	$xmlrpc_active = get_blog_option($id, 'xmlrpc_active'); 
-	
-	if( $site_xmlrpc == 'yes' ) { ?>
-		<p><strong><?php _e('XMLRPC Posting is enabled sitewide.'); ?></strong></p>
-	<?php } else { ?>
-		<p><strong><?php _e('XMLRPC Posting is disabled sitewide.'); ?></strong></p>
-	<?php } ?>
-	
-	<input type='radio' name='option[xmlrpc_active]' value='' <?php if( !$xmlrpc_active || $xmlrpc_active == '' ) echo "checked='checked'"; ?> /> <?php _e('Do nothing, accept sitewide default'); ?><br />
-	<input type='radio' name='option[xmlrpc_active]' value='yes' <?php if( $xmlrpc_active == "yes" ) echo "checked='checked'"; ?> /> <?php _e('XMLRPC always on for this blog'); ?><br />
-	<input type='radio' name='option[xmlrpc_active]' value='no' <?php if( $xmlrpc_active == "no" ) echo "checked='checked'"; ?> /> <?php _e('XMLRPC always off for this blog'); ?><br />
-	<?php
-}
-add_action('wpmueditblogaction', 'xmlrpc_active_setting');
-
 function update_user_status( $id, $pref, $value, $refresh = 1 ) {
 	global $wpdb;
 
@@ -374,4 +353,78 @@
 }
 add_filter( 'pre_update_term', 'sync_slugs', 10, 3 );
 
+function redirect_user_to_blog() {
+	global $wpdb, $current_user, $current_site;
+	get_currentuserinfo();
+	$primary_blog = (int) get_usermeta( $current_user->ID, 'primary_blog' );
+	if( !$primary_blog )
+		$primary_blog = 1;
+
+	$newblog = $wpdb->get_row( "SELECT * FROM {$wpdb->blogs} WHERE blog_id = '{$primary_blog}'" );
+	if( $newblog != null ) {
+		$blogs = get_blogs_of_user( $current_user->ID );
+		if ( empty($blogs) || $blogs == false ) { // If user haven't any blog
+			add_user_to_blog('1', $current_user->ID, 'subscriber'); // Add subscriber permission for first blog.
+			wp_redirect( 'http://' . $current_site->domain . $current_site->path. 'wp-admin/' );
+			exit();
+		}
+
+		foreach ( (array) $blogs as $blog ) {
+			if ( $blog->userblog_id == $newblog->blog_id ) {
+				wp_redirect( 'http://' . $newblog->domain . $newblog->path . 'wp-admin/' );
+				exit();
+			}
+		}
+
+		$blog = $blogs[0]; // Take the first blog...
+		wp_redirect( 'http://' . $blog->domain . $blog->path. 'wp-admin/' );
+		exit();
+	}
+}
+add_action( 'admin_menu_permission', 'redirect_user_to_blog' );
+
+function wpmu_menu() {
+	global $menu, $submenu;
+
+	if( is_site_admin() ) {
+		$menu[1] = array(__('Site Admin'), '10', 'wpmu-admin.php' );
+		$submenu[ 'wpmu-admin.php' ][1] = array( __('Admin'), '10', 'wpmu-admin.php' );
+		$submenu[ 'wpmu-admin.php' ][5] = array( __('Blogs'), '10', 'wpmu-blogs.php' );
+		$submenu[ 'wpmu-admin.php' ][10] = array( __('Users'), '10', 'wpmu-users.php' );
+		$submenu[ 'wpmu-admin.php' ][20] = array( __('Themes'), '10', 'wpmu-themes.php' );
+		$submenu[ 'wpmu-admin.php' ][25] = array( __('Options'), '10', 'wpmu-options.php' );
+		$submenu[ 'wpmu-admin.php' ][30] = array( __('Upgrade'), '10', 'wpmu-upgrade-site.php' );
+	}
+	unset( $submenu['themes.php'][10] );
+	unset( $submenu['plugins.php'][5] );
+	unset( $submenu['plugins.php'][10] );
+	unset( $submenu['options-general.php'][35] );
+	unset( $submenu['options-general.php'][40] );
+	unset( $submenu['edit.php'][30] );
+	unset( $menu['30'] );
+
+	$menu_perms = get_site_option( "menu_items" );
+	if( is_array( $menu_perms ) == false )
+		$menu_perms = array();
+	if( $menu_perms[ 'plugins' ] == 1 )
+		$menu[30] = array(__('Plugins'), 'activate_plugins', 'plugins.php');
+}
+add_action( '_admin_menu', 'wpmu_menu' );
+
+function mu_options( $options ) {
+	$removed = array( 'general' => array( 'siteurl', 'home', 'admin_email', 'default_role' ),
+	'reading' => array( 'gzipcompression' ),
+	'writing' => array( 'ping_sites', 'mailserver_login', 'mailserver_pass', 'default_email_category', 'mailserver_port', 'mailserver_url' ) );
+
+	$added = array( 'general' => array( 'new_admin_email', 'WPLANG', 'language' ) );
+
+	unset( $options[ 'misc' ] );
+
+	$options = remove_option_whitelist( $removed, $options );
+	$options = add_option_whitelist( $added, $options );
+
+	return $options;
+}
+add_filter( 'whitelist_options', 'mu_options' );
+
 ?>
diff -urN wordpress-mu-1.3/wp-admin/includes/schema.php wordpress-mu-1.3.2/wp-admin/includes/schema.php
--- wordpress-mu-1.3/wp-admin/includes/schema.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-admin/includes/schema.php	2007-11-16 15:25:54.000000000 +0100
@@ -228,7 +228,7 @@
 	$guessurl = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
 	add_option('siteurl', $guessurl);
 	add_option('blogname', __('My Blog'));
-	add_option('blogdescription', __('Just another ' . $current_site->site_name . ' weblog'), __('Short tagline'));
+	add_option('blogdescription', sprintf(__('Just another %s weblog'), $current_site->site_name ) );
 	add_option('new_users_can_blog', 0);
 	add_option('users_can_register', 0);
 	add_option('admin_email', 'you@example.com');
diff -urN wordpress-mu-1.3/wp-admin/js/cat.js wordpress-mu-1.3.2/wp-admin/js/cat.js
--- wordpress-mu-1.3/wp-admin/js/cat.js	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-admin/js/cat.js	2008-01-02 17:00:05.000000000 +0100
@@ -9,4 +9,3 @@
 	$('newcat').onkeypress = function(e) { return killSubmit("catList.ajaxAdder('category','jaxcat');", e); };
 	$('catadd').onclick = function() { catList.ajaxAdder('category', 'jaxcat'); };
 }
-
diff -urN wordpress-mu-1.3/wp-admin/js/link-cat.js wordpress-mu-1.3.2/wp-admin/js/link-cat.js
--- wordpress-mu-1.3/wp-admin/js/link-cat.js	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-admin/js/link-cat.js	2008-01-02 17:00:05.000000000 +0100
@@ -8,4 +8,3 @@
 	$('newcat').onkeypress = function(e) { return killSubmit("linkcatList.ajaxAdder('link-category','jaxcat');", e); };
 	$('catadd').onclick = function() { linkcatList.ajaxAdder('link-category', 'jaxcat'); };
 }
-
diff -urN wordpress-mu-1.3/wp-admin/menu-header.php wordpress-mu-1.3.2/wp-admin/menu-header.php
--- wordpress-mu-1.3/wp-admin/menu-header.php	2006-11-24 17:16:44.000000000 +0100
+++ wordpress-mu-1.3.2/wp-admin/menu-header.php	2007-11-20 17:12:59.000000000 +0100
@@ -2,6 +2,7 @@
 <?php
 $self = preg_replace('|^.*/wp-admin/|i', '', $_SERVER['PHP_SELF']);
 $self = preg_replace('|^.*/plugins/|i', '', $self);
+$self = preg_replace('|^.*/mu-plugins/|i', '', $self);
 
 get_admin_page_parent();
 
@@ -14,12 +15,12 @@
 	if ( !empty($submenu[$item[2]]) ) {
 		$submenu[$item[2]] = array_values($submenu[$item[2]]);  // Re-index.
 		$menu_hook = get_plugin_page_hook($submenu[$item[2]][0][2], $item[2]);
-		if ( file_exists(ABSPATH . PLUGINDIR . "/{$submenu[$item[2]][0][2]}") || !empty($menu_hook))
+		if ( file_exists(ABSPATH . PLUGINDIR . "/{$submenu[$item[2]][0][2]}") || file_exists(ABSPATH . MUPLUGINDIR . "/{$submenu[$item[2]][0][2]}") || !empty($menu_hook))
 			echo "\n\t<li><a href='admin.php?page={$submenu[$item[2]][0][2]}'$class>{$item[0]}</a></li>";
 		else
 			echo "\n\t<li><a href='{$submenu[$item[2]][0][2]}'$class>{$item[0]}</a></li>";
 	} else if ( current_user_can($item[1]) ) {
-		if ( file_exists(ABSPATH . PLUGINDIR . "/{$item[2]}") )
+		if ( file_exists(ABSPATH . PLUGINDIR . "/{$item[2]}") || file_exists(ABSPATH . MUPLUGINDIR . "/{$item[2]}") )
 			echo "\n\t<li><a href='admin.php?page={$item[2]}'$class>{$item[0]}</a></li>";
 		else
 			echo "\n\t<li><a href='{$item[2]}'$class>{$item[0]}</a></li>";
@@ -47,7 +48,7 @@
 
 $menu_hook = get_plugin_page_hook($item[2], $parent_file);
 
-if (file_exists(ABSPATH . PLUGINDIR . "/{$item[2]}") || ! empty($menu_hook)) {
+if (file_exists(ABSPATH . PLUGINDIR . "/{$item[2]}") || file_exists(ABSPATH . MUPLUGINDIR . "/{$item[2]}") || ! empty($menu_hook)) {
  	if ( 'admin.php' == $pagenow )
 		echo "\n\t<li><a href='admin.php?page={$item[2]}'$class>{$item[0]}</a></li>";
 	else
diff -urN wordpress-mu-1.3/wp-admin/menu.php wordpress-mu-1.3.2/wp-admin/menu.php
--- wordpress-mu-1.3/wp-admin/menu.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-admin/menu.php	2007-11-22 18:06:30.000000000 +0100
@@ -14,15 +14,11 @@
 	$menu[10] = array(__('Manage'), 'edit_pages', 'edit-pages.php');
 else
 	$menu[10] = array(__('Manage'), 'edit_posts', 'edit.php');
-$menu_perms = get_site_option( "menu_items" );
-if( is_array( $menu_perms ) == false )
-	$menu_perms = array();
-	
+
 $menu[15] = array(__('Comments'), 'edit_posts', 'edit-comments.php');
 $menu[20] = array(__('Blogroll'), 'manage_links', 'link-manager.php');
 $menu[25] = array(__('Presentation'), 'switch_themes', 'themes.php');
-if( $menu_perms[ 'plugins' ] == 1 )
-	$menu[30] = array(__('Plugins'), 'activate_plugins', 'plugins.php');
+$menu[30] = array(__('Plugins'), 'activate_plugins', 'plugins.php');
 if ( current_user_can('edit_users') )
 	$menu[35] = array(__('Users'), 'edit_users', 'users.php');
 else
@@ -43,7 +39,7 @@
 $submenu['edit.php'][10] = array(__('Pages'), 'edit_pages', 'edit-pages.php');
 $submenu['edit.php'][12] = array(__('Uploads'), 'upload_files', 'upload.php');
 $submenu['edit.php'][15] = array(__('Categories'), 'manage_categories', 'categories.php');
-//$submenu['edit.php'][30] = array(__('Files'), 'edit_files', 'templates.php');
+$submenu['edit.php'][30] = array(__('Files'), 'edit_files', 'templates.php');
 $submenu['edit.php'][35] = array(__('Import'), 'import', 'import.php');
 $submenu['edit.php'][40] = array(__('Export'), 'import', 'export.php');
 
@@ -66,24 +62,14 @@
 $submenu['options-general.php'][25] = array(__('Discussion'), 'manage_options', 'options-discussion.php');
 $submenu['options-general.php'][30] = array(__('Privacy'), 'manage_options', 'options-privacy.php');
 $submenu['options-general.php'][35] = array(__('Permalinks'), 'manage_options', 'options-permalink.php');
-//$submenu['options-general.php'][40] = array(__('Miscellaneous'), 'manage_options', 'options-misc.php');
+$submenu['options-general.php'][40] = array(__('Miscellaneous'), 'manage_options', 'options-misc.php');
 
-//$submenu['plugins.php'][5] = array(__('Plugins'), 'activate_plugins', 'plugins.php');
-//$submenu['plugins.php'][10] = array(__('Plugin Editor'), 'edit_plugins', 'plugin-editor.php');
+$submenu['plugins.php'][5] = array(__('Plugins'), 'activate_plugins', 'plugins.php');
+$submenu['plugins.php'][10] = array(__('Plugin Editor'), 'edit_plugins', 'plugin-editor.php');
 
 $submenu['themes.php'][5] = array(__('Themes'), 'switch_themes', 'themes.php');
-//$submenu['themes.php'][10] = array(__('Theme Editor'), 'edit_themes', 'theme-editor.php');
+$submenu['themes.php'][10] = array(__('Theme Editor'), 'edit_themes', 'theme-editor.php');
 
-get_currentuserinfo();
-if( is_site_admin() ) {
-	$menu[1] = array(__('Site Admin'), '10', 'wpmu-admin.php' );
-	$submenu[ 'wpmu-admin.php' ][1] = array( __('Admin'), '10', 'wpmu-admin.php' );
-	$submenu[ 'wpmu-admin.php' ][5] = array( __('Blogs'), '10', 'wpmu-blogs.php' );
-	$submenu[ 'wpmu-admin.php' ][10] = array( __('Users'), '10', 'wpmu-users.php' );
-	$submenu[ 'wpmu-admin.php' ][20] = array( __('Themes'), '10', 'wpmu-themes.php' );
-	$submenu[ 'wpmu-admin.php' ][25] = array( __('Options'), '10', 'wpmu-options.php' );
-	$submenu[ 'wpmu-admin.php' ][30] = array( __('Upgrade'), '10', 'wpmu-upgrade-site.php' );
-}
 do_action('_admin_menu');
 
 // Create list of page plugin hook names.
@@ -151,31 +137,7 @@
 uksort($menu, "strnatcasecmp"); // make it all pretty
 
 if (! user_can_access_admin_page()) {
-	// find the blog of this user first
-	$primary_blog = (int) get_usermeta( $user_ID, 'primary_blog' );
-	if( $primary_blog != 0 ) {
-		global $wpdb;
-		$newblog = $wpdb->get_row( "SELECT * FROM {$wpdb->blogs} WHERE blog_id = '{$primary_blog}'" );
-		if( $newblog != null ) {
-			$blogs = get_blogs_of_user( $user_ID );
-			if ( empty($blogs) || $blogs == false ) { // If user haven't any blog
-				update_usermeta( $user_ID, 'wp_1_capabilities', array('subscriber' => true)); // Add subscriber permission for first blog.
-				wp_redirect( 'http://'.$current_site->domain . $current_site->path. 'wp-admin/' );
-				exit();
-			}
-
-			foreach ( (array) $blogs as $blog ) {
-				if ( $blog->userblog_id == $newblog->blog_id ) {
-					wp_redirect( 'http://'.$newblog->domain . $newblog->path . 'wp-admin/' );
-					exit();
-				}
-			}
-			
-			$blog = $blogs[0]; // Take the first blog...
-			wp_redirect( 'http://'.$blog->domain . $blog->path. 'wp-admin/' );
-			exit();
-		}
-	}
+	do_action( 'admin_menu_permission' );
 	wp_die( __('You do not have sufficient permissions to access this page.') );
 }
 
diff -urN wordpress-mu-1.3/wp-admin/options-discussion.php wordpress-mu-1.3.2/wp-admin/options-discussion.php
--- wordpress-mu-1.3/wp-admin/options-discussion.php	2007-10-12 18:21:15.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/options-discussion.php	2008-01-23 02:31:58.000000000 +0100
@@ -10,7 +10,8 @@
 <div class="wrap">
 <h2><?php _e('Discussion Options') ?></h2>
 <form method="post" action="options.php">
-<?php wp_nonce_field('update-options') ?>
+<?php wp_nonce_field('discussion-options') ?>
+<input type='hidden' name='option_page' value='discussion' />
 <p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" /></p>
 <fieldset class="options">
 <legend><?php echo __('Usual settings for an article:').'<br /><small><em>('.__('These settings may be overridden for individual articles.').')</em></small>'; ?></legend>
@@ -77,7 +78,6 @@
 </fieldset>
 <p class="submit">
 <input type="hidden" name="action" value="update" />
-<input type="hidden" name="page_options" value="default_pingback_flag,default_ping_status,default_comment_status,comments_notify,moderation_notify,comment_moderation,require_name_email,comment_whitelist,comment_max_links,moderation_keys,blacklist_keys" />
 <input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" />
 </p>
 </form>
diff -urN wordpress-mu-1.3/wp-admin/options-general.php wordpress-mu-1.3.2/wp-admin/options-general.php
--- wordpress-mu-1.3/wp-admin/options-general.php	2007-10-22 19:29:46.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/options-general.php	2008-01-23 02:31:58.000000000 +0100
@@ -10,7 +10,8 @@
 <div class="wrap">
 <h2><?php _e('General Options') ?></h2>
 <form method="post" action="options.php">
-<?php wp_nonce_field('update-options') ?>
+<?php wp_nonce_field('general-options') ?>
+<input type='hidden' name='option_page' value='general' />
 <p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" /></p>
 <table class="optiontable">
 <tr valign="top">
@@ -105,7 +106,6 @@
 
 <p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" />
 <input type="hidden" name="action" value="update" />
-<input type="hidden" name="page_options" value="blogname,blogdescription,new_admin_email,users_can_register,gmt_offset,date_format,time_format,start_of_week,comment_registration,WPLANG,language" />
 </p>
 </form>
 
diff -urN wordpress-mu-1.3/wp-admin/options-misc.php wordpress-mu-1.3.2/wp-admin/options-misc.php
--- wordpress-mu-1.3/wp-admin/options-misc.php	2007-03-09 16:17:25.000000000 +0100
+++ wordpress-mu-1.3.2/wp-admin/options-misc.php	2008-01-23 02:31:58.000000000 +0100
@@ -12,7 +12,8 @@
 <div class="wrap">
 <h2><?php _e('Miscellaneous Options') ?></h2>
 <form method="post" action="options.php">
-<?php wp_nonce_field('update-options') ?>
+<?php wp_nonce_field('misc-options') ?>
+<input type='hidden' name='option_page' value='misc' />
 <p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" /></p>
 <fieldset class="options">
 <legend><?php _e('Uploading'); ?></legend>
@@ -44,7 +45,6 @@
 
 <p class="submit">
 <input type="hidden" name="action" value="update" />
-<input type="hidden" name="page_options" value="hack_file,use_linksupdate,uploads_use_yearmonth_folders,upload_path" />
 <input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" />
 </p>
 </form>
diff -urN wordpress-mu-1.3/wp-admin/options.php wordpress-mu-1.3.2/wp-admin/options.php
--- wordpress-mu-1.3/wp-admin/options.php	2007-10-12 18:21:15.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/options.php	2008-01-23 02:31:58.000000000 +0100
@@ -7,6 +7,19 @@
 
 wp_reset_vars(array('action'));
 
+$whitelist_options = array(
+	'general' => array('siteurl', 'home', 'blogname', 'blogdescription', 'admin_email', 'users_can_register', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'comment_registration', 'default_role'),
+	'discussion' => array( 'default_pingback_flag', 'default_ping_status', 'default_comment_status', 'comments_notify', 'moderation_notify', 'comment_moderation', 'require_name_email', 'comment_whitelist', 'comment_max_links', 'moderation_keys', 'blacklist_keys' ),
+	'misc' => array( 'hack_file', 'use_linksupdate', 'uploads_use_yearmonth_folders', 'upload_path' ),
+	'privacy' => array( 'blog_public' ),
+	'reading' => array( 'posts_per_page', 'posts_per_rss', 'rss_use_excerpt', 'blog_charset', 'gzipcompression', 'show_on_front', 'page_on_front', 'page_for_posts' ),
+	'writing' => array( 'default_post_edit_rows', 'use_smilies', 'ping_sites', 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass', 'default_category', 'default_email_category', 'use_balanceTags', 'default_link_category' ),
+	'options' => array( '' ) );
+if ( defined( 'WP_SITEURL' ) ) remove_option_update_handler( 'general', 'siteurl' );
+if ( defined( 'WP_HOME' ) ) remove_option_update_handler( 'general', 'home' ); 
+
+$whitelist_options = apply_filters( 'whitelist_options', $whitelist_options );
+
 if ( !current_user_can('manage_options') )
 	wp_die(__('Cheatin&#8217; uh?'));
 
@@ -23,20 +36,26 @@
 		exit;
 	}
 }
+
 switch($action) {
 
 case 'update':
 	$any_changed = 0;
 
-	check_admin_referer('update-options');
+	$option_page = $_POST[ 'option_page' ];
+	check_admin_referer( $option_page . '-options' );
 
-	if ( !$_POST['page_options'] ) {
-		foreach ( (array) $_POST as $key => $value) {
-			if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
-				$options[] = $key;
+	if( !isset( $whitelist_options[ $option_page ] ) )
+		wp_die( __( 'Error! Options page not found.' ) );
+
+	if( $option_page == 'options' ) {
+		if( is_site_admin() ) {
+			$options = explode(',', stripslashes( $_POST[ 'page_options' ] ));
+		} else {
+			die( 'Not admin' );
 		}
 	} else {
-		$options = explode(',', stripslashes($_POST['page_options']));
+		$options = $whitelist_options[ $option_page ];
 	}
 
 	if ($options) {
@@ -44,7 +63,7 @@
 			$option = trim($option);
 			$value = $_POST[$option];
 			if(!is_array($value))	$value = trim($value);
-			$value = stripslashes_deep($value);
+				$value = stripslashes_deep($value);
 			update_option($option, $value);
 		}
 	}
@@ -54,16 +73,17 @@
     break;
 
 default:
-if (!is_site_admin())
-	die('Not admin');
+	if (!is_site_admin())
+		die('Not admin');
 
 	include('admin-header.php'); ?>
 
 <div class="wrap">
   <h2><?php _e('All Options'); ?></h2>
   <form name="form" action="options.php" method="post" id="all-options">
-  <?php wp_nonce_field('update-options') ?>
+  <?php wp_nonce_field('options-options') ?>
   <input type="hidden" name="action" value="update" />
+  <input type='hidden' name='option_page' value='options' />
 	<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
   <table width="98%">
 <?php
@@ -72,6 +92,8 @@
 foreach ( (array) $options as $option) :
 	$disabled = '';
 	$option->option_name = attribute_escape($option->option_name);
+	if( $option->option_name == '' )
+		continue;
 	if ( is_serialized($option->option_value) ) {
 		if ( is_serialized_string($option->option_value) ) {
 			// this is a serialized string, so we should display it
diff -urN wordpress-mu-1.3/wp-admin/options-privacy.php wordpress-mu-1.3.2/wp-admin/options-privacy.php
--- wordpress-mu-1.3/wp-admin/options-privacy.php	2006-10-09 13:39:17.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/options-privacy.php	2008-01-23 02:31:58.000000000 +0100
@@ -13,7 +13,8 @@
 <div class="wrap">
 <h2><?php _e('Privacy Options') ?></h2>
 <form method="post" action="options.php">
-<?php wp_nonce_field('update-options') ?>
+<?php wp_nonce_field('privacy-options') ?>
+<input type='hidden' name='option_page' value='privacy' />
 <table class="optiontable">
 <tr valign="top">
 <th scope="row"><?php _e('Blog visibility:') ?> </th>
@@ -30,7 +31,6 @@
 
 <p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" />
 <input type="hidden" name="action" value="update" />
-<input type="hidden" name="page_options" value="blog_public" />
 </p>
 </form>
 
diff -urN wordpress-mu-1.3/wp-admin/options-reading.php wordpress-mu-1.3.2/wp-admin/options-reading.php
--- wordpress-mu-1.3/wp-admin/options-reading.php	2007-10-12 18:21:15.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/options-reading.php	2008-01-23 02:31:58.000000000 +0100
@@ -10,7 +10,8 @@
 <div class="wrap">
 <h2><?php _e('Reading Options') ?></h2>
 <form name="form1" method="post" action="options.php">
-<?php wp_nonce_field('update-options') ?>
+<?php wp_nonce_field('reading-options') ?>
+<input type='hidden' name='option_page' value='reading' />
 <p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" /></p>
 <?php if ( get_pages() ): ?>
 <fieldset class="options">
@@ -84,7 +85,6 @@
 </table>
 <p class="submit">
 <input type="hidden" name="action" value="update" />
-<input type="hidden" name="page_options" value="posts_per_page,posts_per_rss,rss_use_excerpt,blog_charset,show_on_front,page_on_front,page_for_posts" />
 <input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" />
 </p>
 </form>
diff -urN wordpress-mu-1.3/wp-admin/options-writing.php wordpress-mu-1.3.2/wp-admin/options-writing.php
--- wordpress-mu-1.3/wp-admin/options-writing.php	2007-10-12 18:21:15.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/options-writing.php	2008-01-23 02:31:58.000000000 +0100
@@ -10,7 +10,8 @@
 <div class="wrap">
 <h2><?php _e('Writing Options') ?></h2>
 <form method="post" action="options.php">
-<?php wp_nonce_field('update-options') ?>
+<?php wp_nonce_field('writing-options') ?>
+<input type='hidden' name='option_page' value='writing' />
 <p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" /></p>
 <table width="100%" cellspacing="2" cellpadding="5" class="optiontable editform">
 <tr valign="top">
@@ -56,9 +57,13 @@
 </select></td>
 </tr>
 </table>
+
+
+
+</fieldset>
+
 <p class="submit">
 <input type="hidden" name="action" value="update" />
-<input type="hidden" name="page_options" value="default_post_edit_rows,use_smilies,default_category,default_email_category,use_balanceTags,default_link_category" /> 
 <input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" />
 </p>
 </form>
diff -urN wordpress-mu-1.3/wp-admin/setup-config.php wordpress-mu-1.3.2/wp-admin/setup-config.php
--- wordpress-mu-1.3/wp-admin/setup-config.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-admin/setup-config.php	2008-01-02 17:00:05.000000000 +0100
@@ -4,6 +4,7 @@
 
 require_once('../wp-includes/compat.php');
 require_once('../wp-includes/functions.php');
+require_once('../wp-includes/classes.php');
 
 if (!file_exists('../wp-config-sample.php'))
 	wp_die('Sorry, I need a wp-config-sample.php file to work from. Please re-upload this file from your WordPress installation.');
@@ -162,6 +163,9 @@
 
 	// We'll fail here if the values are no good.
 	require_once('../wp-includes/wp-db.php');
+	if ( !empty($wpdb->error) )
+		wp_die($wpdb->error->get_error_message());
+
 	$handle = fopen('../wp-config.php', 'w');
 
 	foreach ($configFile as $line_num => $line) {
diff -urN wordpress-mu-1.3/wp-admin/upload-functions.php wordpress-mu-1.3.2/wp-admin/upload-functions.php
--- wordpress-mu-1.3/wp-admin/upload-functions.php	2007-08-06 11:35:24.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/upload-functions.php	1970-01-01 01:00:00.000000000 +0100
@@ -1,360 +0,0 @@
-<?php
-function wp_upload_display( $dims = false, $href = '' ) {
-	global $post;
-	$id = get_the_ID();
-	$attachment_data = wp_get_attachment_metadata( $id );
-	$is_image = (int) wp_attachment_is_image();
-	if ( !isset($attachment_data['width']) && $is_image ) {
-		if ( $image_data = getimagesize( get_attached_file( $id ) ) ) {
-			$attachment_data['width'] = $image_data[0];
-			$attachment_data['height'] = $image_data[1];
-			wp_update_attachment_metadata( $id, $attachment_data );
-		}
-	}
-	if ( isset($attachment_data['width']) )
-		list($width,$height) = wp_shrink_dimensions($attachment_data['width'], $attachment_data['height'], 171, 128);
-
-	ob_start();
-		the_title();
-		$post_title = attribute_escape(ob_get_contents());
-	ob_end_clean();
-	$post_content = attribute_escape(apply_filters( 'content_edit_pre', $post->post_content ));
-
-	$class = 'text';
-	$innerHTML = get_attachment_innerHTML( $id, false, $dims );
-	if ( $image_src = get_attachment_icon_src() ) {
-		$image_rel = wp_make_link_relative($image_src);
-		$innerHTML = '&nbsp;' . str_replace($image_src, $image_rel, $innerHTML);
-		$class = 'image';
-	}
-
-	$src_base = wp_get_attachment_url();
-	$src = wp_make_link_relative( $src_base );
-	$src_base = str_replace($src, '', $src_base);
-
-	$r = '';
-
-	if ( $href )
-		$r .= "<a id='file-link-$id' href='$href' title='$post_title' class='file-link $class'>\n";
-	if ( $href || $image_src )
-		$r .= "\t\t\t$innerHTML";
-	if ( $href )
-		$r .= "</a>\n";
-	$r .= "\n\t\t<div class='upload-file-data'>\n\t\t\t<p>\n";
-	$r .= "\t\t\t\t<input type='hidden' name='attachment-url-$id' id='attachment-url-$id' value='$src' />\n";
-	$r .= "\t\t\t\t<input type='hidden' name='attachment-url-base-$id' id='attachment-url-base-$id' value='$src_base' />\n";
-
-	if ( !$thumb_base = wp_get_attachment_thumb_url() )
-		$thumb_base = wp_mime_type_icon();
-	if ( $thumb_base ) {
-		$thumb_rel = wp_make_link_relative( $thumb_base );
-		$thumb_base = str_replace( $thumb_rel, '', $thumb_base );
-		$r .= "\t\t\t\t<input type='hidden' name='attachment-thumb-url-$id' id='attachment-thumb-url-$id' value='$thumb_rel' />\n";
-		$r .= "\t\t\t\t<input type='hidden' name='attachment-thumb-url-base-$id' id='attachment-thumb-url-base-$id' value='$thumb_base' />\n";
-	}
-
-	$r .= "\t\t\t\t<input type='hidden' name='attachment-is-image-$id' id='attachment-is-image-$id' value='$is_image' />\n";
-
-	if ( isset($width) ) {
-		$r .= "\t\t\t\t<input type='hidden' name='attachment-width-$id' id='attachment-width-$id' value='$width' />\n";
-		$r .= "\t\t\t\t<input type='hidden' name='attachment-height-$id' id='attachment-height-$id' value='$height' />\n";
-	}
-	$r .= "\t\t\t\t<input type='hidden' name='attachment-page-url-$id' id='attachment-page-url-$id' value='" . get_attachment_link( $id ) . "' />\n";
-	$r .= "\t\t\t\t<input type='hidden' name='attachment-title-$id' id='attachment-title-$id' value='$post_title' />\n";
-	$r .= "\t\t\t\t<input type='hidden' name='attachment-description-$id' id='attachment-description-$id' value='$post_content' />\n";
-	$r .= "\t\t\t</p>\n\t\t</div>\n";
-	return $r;
-}
-
-function wp_upload_view() {
-	global $style, $post_id, $style;
-	$id = get_the_ID();
-	$attachment_data = wp_get_attachment_metadata( $id );
-?>
-	<div id="upload-file">
-		<div id="file-title">
-			<h2><?php if ( !isset($attachment_data['width']) && 'inline' != $style )
-					echo "<a href='" . wp_get_attachment_url() . "' title='" . __('Direct link to file') . "'>";
-				the_title();
-				if ( !isset($attachment_data['width']) && 'inline' != $style )
-					echo '</a>';
-			?></h2>
-			<span><?php
-				echo '[&nbsp;';
-				echo '<a href="' . get_permalink() . '">' . __('view') . '</a>';
-				echo '&nbsp;|&nbsp;';
-					echo '<a href="' . clean_url(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>';
-				echo '&nbsp;|&nbsp;';
-				echo '<a href="' . clean_url(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';
-				echo '&nbsp;]'; ?></span>
-		</div>
-
-		<div id="upload-file-view" class="alignleft">
-<?php		if ( isset($attachment_data['width']) && 'inline' != $style )
-			echo "<a href='" . wp_get_attachment_url() . "' title='" . __('Direct link to file') . "'>";
-		echo wp_upload_display( array(171, 128) );
-		if ( isset($attachment_data['width']) && 'inline' != $style )
-			echo '</a>'; ?>
-		</div>
-		<?php the_attachment_links( $id ); ?>
-	</div>
-<?php	echo "<form action='' id='browse-form'><input type='hidden' id='nonce-value' value='" . wp_create_nonce( 'inlineuploading' )  . "' /></form>\n";
-}
-
-function wp_upload_form() {
-	$id = get_the_ID();
-	global $post_id, $tab, $style;
-	$enctype = $id ? '' : ' enctype="multipart/form-data"';
-	$post_id = (int) $post_id;
-?>
-	<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style . '&amp;tab=upload&amp;post_id=' . $post_id); ?>">
-<?php
-	if ( $id ) :
-		$attachment = get_post_to_edit( $id );
-		$attachment_data = wp_get_attachment_metadata( $id );
-?>
-		<div id="file-title">
-			<h2><?php if ( !isset($attachment_data['width']) && 'inline' != $style )
-					echo "<a href='" . wp_get_attachment_url() . "' title='" . __('Direct link to file') . "'>";
-				the_title();
-				if ( !isset($attachment_data['width']) && 'inline' != $style )
-					echo '</a>';
-			?></h2>
-			<span><?php
-				echo '[&nbsp;';
-				echo '<a href="' . get_permalink() . '">' . __('view') . '</a>';
-				echo '&nbsp;|&nbsp;';
-					echo '<a href="' . clean_url(add_query_arg('action', 'view')) . '">' . __('links') . '</a>';
-				echo '&nbsp;|&nbsp;';
-				echo '<a href="' . clean_url(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>';
-				echo '&nbsp;]'; ?></span>
-		</div>
-
-	<div id="upload-file-view" class="alignleft">
-<?php		if ( isset($attachment_data['width']) && 'inline' != $style )
-			echo "<a href='" . wp_get_attachment_url() . "' title='" . __('Direct link to file') . "'>";
-		echo wp_upload_display( array(171, 128) );
-		if ( isset($attachment_data['width']) && 'inline' != $style )
-			echo '</a>'; ?>
-	</div>
-<?php	endif; ?>
-		<table><col /><col class="widefat" />
-<?php	if ( $id ): ?>
-			<tr>
-				<th scope="row"><label for="url"><?php _e('URL'); ?></label></th>
-				<td><input type="text" id="url" class="readonly" value="<?php echo wp_get_attachment_url(); ?>" readonly="readonly" /></td>
-			</tr>
-<?php	else : ?>
-			<tr>
-				<th scope="row"><label for="upload"><?php _e('File'); ?></label></th>
-				<td><input type="file" id="upload" name="image" /></td>
-			</tr>
-<?php	endif; ?>
-			<tr>
-				<th scope="row"><label for="post_title"><?php _e('Title'); ?></label></th>
-				<td><input type="text" id="post_title" name="post_title" value="<?php echo $attachment->post_title; ?>" /></td>
-			</tr>
-			<tr>
-				<th scope="row"><label for="post_content"><?php _e('Description'); ?></label></th>
-				<td><textarea name="post_content" id="post_content"><?php echo $attachment->post_content; ?></textarea></td>
-			</tr>
-			<tr id="buttons" class="submit">
-				<td colspan='2'>
-<?php	if ( $id ) : ?>
-					<input type="submit" name="delete" id="delete" class="delete alignleft" value="<?php _e('Delete File'); ?>" />
-<?php	endif; ?>
-					<input type="hidden" name="from_tab" value="<?php echo $tab; ?>" />
-					<input type="hidden" name="action" value="<?php echo $id ? 'save' : 'upload'; ?>" />
-<?php	if ( $post_id ) : ?>
-					<input type="hidden" name="post_id" value="<?php echo $post_id; ?>" />
-<?php	endif; if ( $id ) : ?>
-					<input type="hidden" name="ID" value="<?php echo $id; ?>" />
-<?php	endif; ?>
-					<?php wp_nonce_field( 'inlineuploading' ); ?>
-					<div class="submit">
-						<input type="submit" value="<?php $id ? _e('Save') : _e('Upload'); ?> &raquo;" />
-					</div>
-				</td>
-			</tr>
-		</table>
-	</form>
-<?php
-}
-
-function wp_upload_tab_upload() {
-	wp_upload_form();
-}
-
-function wp_upload_tab_upload_action() {
-	global $action;
-	if ( isset($_POST['delete']) )
-		$action = 'delete';
-
-	switch ( $action ) :
-	case 'upload' :
-		global $from_tab, $post_id, $style;
-		if ( !$from_tab )
-			$from_tab = 'upload';
-
-		check_admin_referer( 'inlineuploading' );
-
-		global $post_id, $post_title, $post_content;
-
-		if ( !current_user_can( 'upload_files' ) )
-			wp_die( __('You are not allowed to upload files.')
-				. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=browse-all&amp;post_id=$post_id") . "'>"
-				. __('Browse Files') . '</a>'
-			);
-
-		$overrides = array('action'=>'upload');
-
-		$file = wp_handle_upload($_FILES['image'], $overrides);
-
-		if ( isset($file['error']) )
-			wp_die($file['error'] . "<br /><a href='" . get_option('siteurl')
-			. "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>" . __('Back to Image Uploading') . '</a>'
-		);
-
-		$url = $file['url'];
-		$type = $file['type'];
-		$file = $file['file'];
-		$filename = basename($file);
-
-		// Construct the attachment array
-		$attachment = array(
-			'post_title' => $post_title ? $post_title : $filename,
-			'post_content' => $post_content,
-			'post_type' => 'attachment',
-			'post_parent' => $post_id,
-			'post_mime_type' => $type,
-			'guid' => $url
-		);
-
-		// Save the data
-		$id = wp_insert_attachment($attachment, $file, $post_id);
-
-		wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
-
-		wp_redirect( get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=browse&action=view&ID=$id&post_id=$post_id");
-		die;
-		break;
-
-	case 'save' :
-		global $from_tab, $post_id, $style;
-		if ( !$from_tab )
-			$from_tab = 'upload';
-		check_admin_referer( 'inlineuploading' );
-
-		wp_update_post($_POST);
-		wp_redirect( get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=$from_tab&post_id=$post_id");
-		die;
-		break;
-
-	case 'delete' :
-		global $ID, $post_id, $from_tab, $style;
-		if ( !$from_tab )
-			$from_tab = 'upload';
-
-		check_admin_referer( 'inlineuploading' );
-
-		if ( !current_user_can('edit_post', (int) $ID) )
-			wp_die( __('You are not allowed to delete this attachment.')
-				. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>"
-				. __('Go back') . '</a>'
-			);
-
-		wp_delete_attachment($ID);
-
-		wp_redirect( get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=$from_tab&post_id=$post_id" );
-		die;
-		break;
-
-	endswitch;
-}
-
-add_action( 'upload_files_upload', 'wp_upload_tab_upload_action' );
-
-function wp_upload_grab_attachments( $obj ) {
-	$obj->is_attachment = true;
-}
-
-function wp_upload_posts_where( $where ) {
-	global $post_id;
-	return $where . " AND post_parent = '" . (int) $post_id . "'";
-}
-
-function wp_upload_tab_browse() {
-	global $wpdb, $action, $paged;
-	$old_vars = compact( 'paged' );
-
-	switch ( $action ) :
-	case 'edit' :
-	case 'view' :
-		global $ID;
-		$attachments = query_posts("attachment_id=$ID");
-		if ( have_posts() ) : while ( have_posts() ) : the_post();
-			'edit' == $action ? wp_upload_form() : wp_upload_view();
-		endwhile; endif;
-		break;
-	default :
-		global $tab, $post_id, $style;
-		add_action( 'pre_get_posts', 'wp_upload_grab_attachments' );
-		if ( 'browse' == $tab && $post_id )
-			add_filter( 'posts_where', 'wp_upload_posts_where' );
-		$attachments = query_posts("what_to_show=posts&posts_per_page=10&paged=$paged");
-		$count_query = "SELECT COUNT(*) FROM $wpdb->posts WHERE post_type = 'attachment'";
-		if ( $post_id )
-			$count_query .= " AND post_parent = '$post_id'";
-        	$total =  $wpdb->get_var($count_query);
-
-		echo "<ul id='upload-files'>\n";
-		if ( have_posts() ) : while ( have_posts() ) : the_post();
-			$href = wp_specialchars( add_query_arg( array(
-				'action' => 'inline' == $style ? 'view' : 'edit',
-				'ID' => get_the_ID())
-			 ), 1 );
-
-			echo "\t<li id='file-";
-			the_ID();
-			echo "' class='alignleft'>\n";
-			echo wp_upload_display( array(128,128), $href );
-			echo "\t</li>\n";
-		endwhile;
-		else :
-			echo "\t<li>" . __('There are no attachments to show.') . "</li>\n";
-		endif;
-		echo "</ul>\n\n";
-
-		echo "<form action='' id='browse-form'><input type='hidden' id='nonce-value' value='" . wp_create_nonce( 'inlineuploading' )  . "' /></form>\n";
-		break;
-	endswitch;
-
-	extract($old_vars);
-}
-
-
-function wp_upload_tab_browse_action() {
-	global $style;
-	if ( 'inline' == $style )
-		wp_enqueue_script('upload');
-}
-
-add_action( 'upload_files_browse', 'wp_upload_tab_browse_action' );
-add_action( 'upload_files_browse-all', 'wp_upload_tab_browse_action' );
-
-function wp_upload_admin_head() {
-	global $wp_locale;
-	echo "<link rel='stylesheet' href='" . get_option('siteurl') . '/wp-admin/upload.css?version=' . get_bloginfo('version') . "a' type='text/css' />\n";
-	if ( 'rtl' == $wp_locale->text_direction )
-		echo "<link rel='stylesheet' href='" . get_option('siteurl') . '/wp-admin/upload-rtl.css?version=' . get_bloginfo('version') . "a' type='text/css' />\n";
-	if ( 'inline' == @$_GET['style'] ) {
-		echo "<style type='text/css' media='screen'>\n";
-		echo "\t#upload-menu { position: absolute; z-index: 2; }\n";
-		echo "\tbody > #upload-menu { position: fixed; }\n";
-		echo "\t#upload-content { top: 2em; }\n";
-		echo "\t#upload-file { position: absolute; top: 15px; }\n";
-		echo "</style>";
-	}
-}
-
-?>
diff -urN wordpress-mu-1.3/wp-admin/users.php wordpress-mu-1.3.2/wp-admin/users.php
--- wordpress-mu-1.3/wp-admin/users.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-admin/users.php	2008-01-02 18:49:22.000000000 +0100
@@ -255,7 +255,7 @@
 	check_admin_referer('remove-users');
 
 	if ( empty($_POST['users']) ) {
-		header('Location: users.php');
+		wp_redirect('users.php');
 	}
 
 	if ( !current_user_can('edit_users') )
@@ -272,7 +272,7 @@
 		remove_user_from_blog($id);
 	}
 
-	header('Location: users.php?update=' . $update);
+	wp_redirect('users.php?update=' . $update);
 
 break;
 
@@ -281,7 +281,7 @@
 	check_admin_referer('bulk-users');
 
 	if (empty($_POST['users'])) {
-		header('Location: users.php');
+		wp_redirect('users.php');
 	}
 
 	if ( !current_user_can('edit_users') )
@@ -356,14 +356,14 @@
 				do_action( "added_existing_user", $user_id );
 				$location = 'users.php?update=add';
 			}
-			header("Location: $location");
+			wp_redirect("$location");
 			die();
 		} else {
-			header('Location: users.php?update=notfound' );
+			wp_redirect('users.php?update=notfound' );
 			die();
 		}
 	}
-	header('Location: users.php');
+	wp_redirect('users.php');
 	die();
 break;
 default:
diff -urN wordpress-mu-1.3/wp-admin/widgets.php wordpress-mu-1.3.2/wp-admin/widgets.php
--- wordpress-mu-1.3/wp-admin/widgets.php	2007-10-12 18:21:15.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/widgets.php	2008-01-02 18:06:33.000000000 +0100
@@ -44,7 +44,6 @@
 	<?php foreach ( $wp_registered_widget_controls as $name => $widget ) : ?>
 		jQuery('#<?php echo $widget['id']; ?>popper').click(function() {popControl('#<?php echo $widget['id']; ?>control');});
 		jQuery('#<?php echo $widget['id']; ?>closer').click(function() {unpopControl('#<?php echo $widget['id']; ?>control');});
-		jQuery('#<?php echo $widget['id']; ?>control').Draggable({handle: '.controlhandle', zIndex: 1000});
 		if ( true && window.opera )
 			jQuery('#<?php echo $widget['id']; ?>control').css('border','1px solid #bbb');
 	<?php endforeach; ?>
diff -urN wordpress-mu-1.3/wp-admin/wpmu-blogs.php wordpress-mu-1.3.2/wp-admin/wpmu-blogs.php
--- wordpress-mu-1.3/wp-admin/wpmu-blogs.php	2007-10-26 18:50:19.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/wpmu-blogs.php	2008-01-23 19:17:00.000000000 +0100
@@ -5,7 +5,6 @@
 $parent_file = 'wpmu-admin.php';
 wp_enqueue_script( 'listman' );
 require_once('admin-header.php');
-
 if( is_site_admin() == false ) {
     wp_die( __('<p>You do not have permission to access this page.</p>') );
 }
@@ -80,12 +79,13 @@
 					<div class="wrap">
 						<table style="border:0; width:100%;" cellspacing="2" cellpadding="5" class="editform"> 
 							<tr valign="top"> 
-								<th scope="row"><?php _e('URL') ?></th> 
-								<td>http://<input name="blog[domain]" type="text" id="domain" value="<?php echo $details['domain'] ?>" size="33" /></td> 
+								<th scope="row"><?php _e('Domain') ?></th> 
+								<td>http://<input name="blog[domain]" type="text" id="domain" value="<?php echo $details['domain'] ?>" size="33" /></td>
 							</tr> 
 							<tr valign="top"> 
 								<th scope="row"><?php _e('Path') ?></th> 
-								<td><input name="blog[path]" type="text" id="path" value="<?php echo $details['path'] ?>" size="40" /></td> 
+								<td><input name="blog[path]" type="text" id="path" value="<?php echo $details['path'] ?>" size="40" />
+								<br />(<?php _e( 'siteurl and home will be modified too' ); ?>)</td> 
 							</tr> 
 							<tr valign="top"> 
 								<th scope="row"><?php _e('Registered') ?></th> 
@@ -280,8 +280,8 @@
 	
 	// List blogs
 	default:
-		$start = isset( $_GET['start'] ) ? intval( $_GET['start'] ) : 0;
-		$num = isset( $_GET['num'] ) ? intval( $_GET['num'] ) : 60;
+		$apage = isset( $_GET['apage'] ) ? intval( $_GET['apage'] ) : 1;
+		$num = isset( $_GET['num'] ) ? intval( $_GET['num'] ) : 15;
 		
 		$query = "SELECT * FROM {$wpdb->blogs} WHERE site_id = '{$wpdb->siteid}' ";
 		
@@ -308,6 +308,7 @@
 		if( isset( $_GET['sortby'] ) == false ) {
 			$_GET['sortby'] = 'id';
 		}
+		
 		if( $_GET['sortby'] == 'registered' ) {
 			$query .= ' ORDER BY registered ';
 		} elseif( $_GET['sortby'] == 'id' ) {
@@ -320,28 +321,25 @@
 
 		$query .= ( $_GET['order'] == 'DESC' ) ? 'DESC' : 'ASC';
 		
-		if ( $_GET['ip_address'] == '' )
-			$query .= " LIMIT " . intval( $start ) . ", " . intval( $num );
+		if( !empty($_GET['s']) ||  !empty($_GET['blog_id']) || !empty($_GET['ip_address'])) {
+			$blog_list = $wpdb->get_results( $query, ARRAY_A );	
+			$total = count($blog_list);	
+		} else {
+			$total = $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->blogs} WHERE site_id = '{$wpdb->siteid}' ");	
+		}
+		
+		$query .= " LIMIT " . intval( ( $apage - 1 ) * $num) . ", " . intval( $num );
 			
 		$blog_list = $wpdb->get_results( $query, ARRAY_A );	
-		
-		$next = ( count( $blog_list ) < $num ) ? false : true;
-		
+
 		// Pagination
-		$url2 = "order=" . $_GET['order'] . "&amp;sortby=" . $_GET['sortby'] . "&amp;s=" . $_GET['s'] . "&ip_address=" . $_GET['ip_address'];
-		$blog_navigation = '';
-		if( $start == 0 ) { 
-			$blog_navigation .= __('Previous&nbsp;Blogs');
-		} elseif( $start <= 30 ) { 
-			$blog_navigation .= '<a href="wpmu-blogs.php?start=0&amp;' . $url2 . ' ">' . __('Previous&nbsp;Blogs') . '</a>';
-		} else {
-			$blog_navigation .= '<a href="wpmu-blogs.php?start=' . ( $start - $num ) . '&' . $url2 . '">' . __('Previous&nbsp;Blogs') . '</a>';
-		} 
-		if ( $next ) {
-			$blog_navigation .= '&nbsp;||&nbsp;<a href="wpmu-blogs.php?start=' . ( $start + $num ) . '&' . $url2 . '">' . __('Next&nbsp;Blogs') . '</a>';
-		} else {
-			$blog_navigation .= '&nbsp;||&nbsp;' . __('Next&nbsp;Blogs');
-		}
+		$url2 = "&order=" . $_GET['order'] . "&amp;sortby=" . $_GET['sortby'] . "&amp;s=" . $_GET['s'] . "&ip_address=" . $_GET['ip_address'];
+		$blog_navigation = paginate_links( array(
+			'base' => add_query_arg( 'apage', '%#%' ).$url2,
+			'format' => '',
+			'total' => ceil($total / $num),
+			'current' => $apage
+		));
 		?>
 		<script type="text/javascript">
 		<!--
@@ -377,8 +375,7 @@
 		<div class="wrap">
 		<h2><?php _e('Blogs') ?></h2>
 		<div style="float:right; padding:0 20px; margin-top:20px;"> 
-			<h4 style="margin:0 0 4px;"><?php _e('Blog Navigation') ?></h4> 
-			<?php echo $blog_navigation; ?>
+			<?php if ( $blog_navigation ) echo "<p class='pagenav'>$blog_navigation</p>"; ?>
 		</div>
 		
 		<form id="searchform" action="wpmu-blogs.php" method="get"> 
@@ -436,9 +433,15 @@
 		<table width="100%" cellpadding="3" cellspacing="3" class="widefat">
 			<thead>
 				<tr>
-					<?php foreach($posts_columns as $column_id => $column_display_name) : ?>
-						<th scope="col"><a href="wpmu-blogs.php?<?php echo $sortby_url ?>&amp;sortby=<?php echo $column_id ?>&amp;<?php if( $_GET['sortby'] == $column_id ) { if( $_GET['order'] == 'DESC' ) { echo "order=ASC&amp;" ; } else { echo "order=DESC&amp;"; } } ?>start=<?php echo $start ?>"><?php echo $column_display_name; ?></a></th>
-					<?php endforeach ?>
+				<?php foreach($posts_columns as $column_id => $column_display_name) { ?>
+					<?php $column_link = "<a href='wpmu-blogs.php?{$sortby_url}&amp;sortby={$column_id}&amp;";
+					if( $_GET['sortby'] == $column_id ) { 
+						$column_link .= $_GET[ 'order' ] == 'DESC' ? 'order=ASC&amp;' : 'order=DESC&amp;';
+					}
+					$column_link .= "apage={$apage}'>{$column_display_name}</a>";
+					$col_url = $column_id == 'users' || $column_id == 'plugins' ? $column_display_name : $column_link;
+					?><th scope="col"><?php echo $col_url ?></th>
+				<?php } ?>
 				</tr>
 			</thead>
 			<tbody id="the-list">
@@ -595,8 +598,7 @@
 		</table>
 		
 		<div style="float:right; padding:0 20px; margin-top:20px;"> 
-			<h4 style="margin:0 0 4px;"><?php _e('Blog Navigation') ?></h4> 
-			<?php echo $blog_navigation;?>
+			<?php if ( $blog_navigation ) echo "<p class='pagenav'>$blog_navigation</p>"; ?>
 		</div>
 		<input style="margin:5px 0;" id="check_all2" type="button" class="button" value="<?php _e('Check All') ?>" onclick="check_all_rows()" /> 
 		
diff -urN wordpress-mu-1.3/wp-admin/wpmu-edit.php wordpress-mu-1.3.2/wp-admin/wpmu-edit.php
--- wordpress-mu-1.3/wp-admin/wpmu-edit.php	2007-10-26 18:50:19.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/wpmu-edit.php	2007-12-04 16:30:49.000000000 +0100
@@ -154,6 +154,12 @@
 				$c++;
 			}
 		}
+
+		if( get_blog_option( $id, 'siteurl' ) != 'http://' . $_POST['blog']['domain'] . $_POST['blog']['path'] )
+			update_blog_option( $id, 'siteurl', 'http://' . $_POST['blog']['domain'] . $_POST['blog']['path'] );
+		
+		if( get_blog_option( $id, 'home' ) != 'http://' . $_POST['blog']['domain'] . $_POST['blog']['path'] )
+			update_blog_option( $id, 'home', 'http://' . $_POST['blog']['domain'] . $_POST['blog']['path'] );
 		
 		// update blogs table
 		$result = $wpdb->query("UPDATE {$wpdb->blogs} SET
@@ -422,6 +428,7 @@
 		} else {
 			wp_new_user_notification($user_id, $password);
 		}
+		add_user_to_blog('1', $user_id, 'subscriber');
 
 		wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'add'), $_SERVER['HTTP_REFERER'] ) );
 		exit();
diff -urN wordpress-mu-1.3/wp-admin/wpmu-options.php wordpress-mu-1.3.2/wp-admin/wpmu-options.php
--- wordpress-mu-1.3/wp-admin/wpmu-options.php	2007-10-26 13:09:56.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/wpmu-options.php	2007-11-15 16:56:43.000000000 +0100
@@ -49,10 +49,10 @@
 						update_site_option( 'registration', 'all' );
 					?>
 					<td>
-						<input name="registration" type="radio" id="registration1" value='none' <?php echo get_site_option('registration') == 'none' ? 'checked="checked"' : ''; ?> /> <?php _e('Disabled'); ?><br />
-						<input name="registration" type="radio" id="registration2" value='all' <?php echo get_site_option('registration') == 'all' ? 'checked="checked"' : ''; ?> /> <?php _e('Enabled for all. Blogs and user accounts can be created.'); ?><br />
-						<input name="registration" type="radio" id="registration3" value='user' <?php echo get_site_option('registration') == 'user' ? 'checked="checked"' : ''; ?> /> <?php _e('Enabled for users only. Only user account can be created.'); ?><br />
-						<input name="registration" type="radio" id="registration4" value='blog' <?php echo get_site_option('registration') == 'blog' ? 'checked="checked"' : ''; ?> /> <?php _e('Enabled for blogs only. Only logged in users can create new blogs.'); ?><br />
+						<label><input name="registration" type="radio" id="registration1" value='none' <?php echo get_site_option('registration') == 'none' ? 'checked="checked"' : ''; ?> /> <?php _e('Disabled'); ?></label><br />
+						<label><input name="registration" type="radio" id="registration2" value='all' <?php echo get_site_option('registration') == 'all' ? 'checked="checked"' : ''; ?> /> <?php _e('Enabled for all. Blogs and user accounts can be created.'); ?></label><br />
+						<label><input name="registration" type="radio" id="registration3" value='user' <?php echo get_site_option('registration') == 'user' ? 'checked="checked"' : ''; ?> /> <?php _e('Enabled for users only. Only user account can be created.'); ?></label><br />
+						<label><input name="registration" type="radio" id="registration4" value='blog' <?php echo get_site_option('registration') == 'blog' ? 'checked="checked"' : ''; ?> /> <?php _e('Enabled for blogs only. Only logged in users can create new blogs.'); ?></label><br />
 						<?php _e('Disable or enable registration and who or what can be registered. (Default=all)') ?>
 					</td> 
 				</tr> 
diff -urN wordpress-mu-1.3/wp-admin/wpmu-users.php wordpress-mu-1.3.2/wp-admin/wpmu-users.php
--- wordpress-mu-1.3/wp-admin/wpmu-users.php	2007-10-22 19:46:24.000000000 +0200
+++ wordpress-mu-1.3.2/wp-admin/wpmu-users.php	2008-01-02 18:25:22.000000000 +0100
@@ -39,8 +39,8 @@
 
 <div class="wrap">
 	<?php
-	$start = isset( $_GET['start'] ) ? intval( $_GET['start'] ) : 0;
-	$num = isset( $_GET['num'] ) ? intval( $_GET['num'] ) : 30;
+	$apage = isset( $_GET['apage'] ) ? intval( $_GET['apage'] ) : 1;
+	$num = isset( $_GET['num'] ) ? intval( $_GET['num'] ) : 15;
 
 	$query = "SELECT * FROM {$wpdb->users}";
 	
@@ -67,29 +67,29 @@
 	
 	$query .= ( $_GET['order'] == 'DESC' ) ? 'DESC' : 'ASC';
 
-	$query .= " LIMIT " . intval( $start ) . ", " . intval( $num );
-	$user_list = $wpdb->get_results( $query, ARRAY_A );
+	if( !empty($_GET['s'])) {
+		$user_list = $wpdb->get_results( $query, ARRAY_A );
+		$total = count($user_list);	
+	} else {
+		$total = $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->users}");
+	}
 	
-	$next = ( count( $user_list ) < $num ) ? false : true;
+	$query .= " LIMIT " . intval( ( $apage - 1 ) * $num) . ", " . intval( $num );
+	
+	$user_list = $wpdb->get_results( $query, ARRAY_A );
+
+	// Pagination
+	$user_navigation = paginate_links( array(
+		'base' => add_query_arg( 'apage', '%#%' ),
+		'format' => '',
+		'total' => ceil($total / $num),
+		'current' => $apage
+	));
 	?>
 	<h2><?php _e("Users"); ?></h2>
-	<div style="float:right; padding:0 20px; margin-top:10px;"> 
-		<h4 style="margin:0 0 4px;"><?php _e('User Navigation') ?></h4> 
-		<?php 
-		$url2 = "order=" . $_GET['order'] . "&sortby=" . $_GET['sortby'] . "&s=" .$_GET['s'];
-		if( $start == 0 ) { 
-			_e('Previous&nbsp;Users');
-		} elseif( $start <= 30 ) { 
-			echo '<a href="wpmu-users.php?start=0' . $url2 . '">'.__('Previous&nbsp;Users').'</a>';
-		} else {
-			echo '<a href="wpmu-users.php?start=' . ( $start - $num ) . '&' . $url2 . '">'.__('Previous&nbsp;Users').'</a>';
-		} 
-		if ( $next ) {
-			echo '&nbsp;||&nbsp;<a href="wpmu-users.php?start=' . ( $start + $num ) . '&' . $url2 . '">'.__('Next&nbsp;Users').'</a>';
-		} else {
-			echo '&nbsp;||&nbsp;'.__('Next&nbsp;Users');
-		}
-		?>
+	
+	<div style="float:right; padding:0 20px; margin-top:20px;"> 
+		<?php if ( $user_navigation ) echo "<p class='pagenav'>$user_navigation</p>"; ?>
 	</div>
 	
 	<form action="wpmu-users.php" method="get" id="searchform"> 
@@ -158,7 +158,7 @@
 						<?php if( $column_id == 'blogs' ) {
 							_e('Blogs');
 						} else { ?>
-							<a href="wpmu-users.php?sortby=<?php echo $column_id ?>&amp;<?php if( $_GET['sortby'] == $column_id ) { if( $_GET['order'] == 'DESC' ) { echo "order=ASC&amp;" ; } else { echo "order=DESC&amp;"; } } ?>start=<?php echo $start ?>"><?php echo $column_display_name; ?></a>
+							<a href="wpmu-users.php?sortby=<?php echo $column_id ?>&amp;<?php if( $_GET['sortby'] == $column_id ) { if( $_GET['order'] == 'DESC' ) { echo "order=ASC&amp;" ; } else { echo "order=DESC&amp;"; } } ?>apage=<?php echo $apage ?>"><?php echo $column_display_name; ?></a>
 						<?php } ?>
 					</th>
 				<?php } ?>
@@ -249,6 +249,10 @@
 			</tbody>
 		</table>
 		
+		<div style="float:right; padding:0 20px; margin-top:20px;"> 
+			<?php if ( $user_navigation ) echo "<p class='pagenav'>$user_navigation</p>"; ?>
+		</div>
+	
 		<p><input class="button" type="button" value="<?php _e('Check All') ?>" onclick="this.value=check_all_rows()" /></p>
 		
 		<h3><?php _e('Selected Users:') ?></h3>
@@ -265,6 +269,9 @@
 	</form>
 </div>
 
+<?php
+if( apply_filters('show_adduser_fields', true) ) :
+?>
 <div class="wrap">
 	<form action="wpmu-edit.php?action=adduser" method="post">
 		<h2><?php _e('Add User') ?></h2>
@@ -285,5 +292,6 @@
 			<input class="button" type="submit" name="Add user" value="<?php _e('Add user') ?>" /></p>
 	</form>
 </div>
+<?php endif; ?>
 
 <?php include('admin-footer.php'); ?>
diff -urN wordpress-mu-1.3/wp-app.php wordpress-mu-1.3.2/wp-app.php
--- wordpress-mu-1.3/wp-app.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-app.php	2008-01-02 17:00:05.000000000 +0100
@@ -159,6 +159,10 @@
 
 	function get_service() {
 		log_app('function','get_service()');
+
+		if( !current_user_can( 'edit_posts' ) ) 
+			$this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
+
 		$entries_url = attribute_escape($this->get_entries_url());
 		$categories_url = attribute_escape($this->get_categories_url());
 		$media_url = attribute_escape($this->get_attachments_url());
@@ -188,8 +192,11 @@
 	}
 
 	function get_categories_xml() {
-
 		log_app('function','get_categories_xml()');
+
+		if( !current_user_can( 'edit_posts' ) ) 
+			$this->auth_required( __( 'Sorry, you do not have the right to access this blog.' ) );
+
 		$home = attribute_escape(get_bloginfo_rss('home'));
 
 		$categories = "";
@@ -282,8 +289,11 @@
 	}
 
 	function get_post($postID) {
-
 		global $entry;
+
+		if( !current_user_can( 'edit_post', $postID ) )
+			$this->auth_required( __( 'Sorry, you do not have the right to access this post.' ) ); 
+
 		$this->set_current_entry($postID);
 		$output = $this->get_entry($postID);
 		log_app('function',"get_post($postID)");
@@ -372,8 +382,9 @@
 	}
 
 	function get_attachment($postID = NULL) {
+		if( !current_user_can( 'upload_files' ) )
+			$this->auth_required( __( 'Sorry, you do not have the right to file uploads on this blog.' ) );
 
-		global $entry;
 		if (!isset($postID)) {
 			$this->get_attachments();
 		} else {
@@ -494,6 +505,10 @@
 		}
 
 		$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+		$filetype = wp_check_filetype($location);
+
+		if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
+			$this->internal_error(__('Error ocurred while accessing post metadata for file location.'));
 
 		// delete file
 		@unlink($location);
@@ -795,7 +810,6 @@
 	</app:control>
 	<author>
 		<name><?php the_author()?></name>
-		<email><?php the_author_email()?></email>
 <?php if (get_the_author_url() && get_the_author_url() != 'http://') { ?>
 		<uri><?php the_author_url()?></uri>
 <?php } ?>
diff -urN wordpress-mu-1.3/wp-config-sample.php wordpress-mu-1.3.2/wp-config-sample.php
--- wordpress-mu-1.3/wp-config-sample.php	2007-10-12 18:21:15.000000000 +0200
+++ wordpress-mu-1.3.2/wp-config-sample.php	2008-01-02 18:48:17.000000000 +0100
@@ -21,9 +21,14 @@
 // For example, install de.mo to wp-content/languages and set WPLANG to 'de'
 // to enable German language support.
 define ('WPLANG', '');
+
 // uncomment this to enable wp-content/sunrise.php support
 //define( 'SUNRISE', 'on' );
 
+// Uncomment and set this to a URL to redirect if a blog does not exist. (Useful if signup is disabled)
+// Browser will redirect to constant( 'NOBLOGREDICT' ) . "?new=blogname" where blogname is the unknown blog
+// define( 'NOBLOGREDIRECT', '' );
+
 define( "WP_USE_MULTIPLE_DB", false );
 
 /* That's all, stop editing! Happy blogging. */
diff -urN wordpress-mu-1.3/wp-content/blogs.php wordpress-mu-1.3.2/wp-content/blogs.php
--- wordpress-mu-1.3/wp-content/blogs.php	2007-10-24 13:37:31.000000000 +0200
+++ wordpress-mu-1.3.2/wp-content/blogs.php	2007-11-15 17:11:13.000000000 +0100
@@ -71,11 +71,10 @@
 	die('404 &#8212; File not found.');
 }
 
-if( function_exists( 'mime_content_type' ) ) {
-	$mime[ 'type' ] = mime_content_type( $file );
-} else {
-	$mime = wp_check_filetype( $_SERVER[ 'REQUEST_URI' ] );
-}
+$mime = wp_check_filetype( $_SERVER[ 'REQUEST_URI' ] );
+if( $mime[ 'type' ] === false && function_exists( 'mime_content_type' ) )
+		$mime[ 'type' ] = mime_content_type( $file );
+
 if( $mime[ 'type' ] != false ) {
 	$mimetype = $mime[ 'type' ];
 } else {
diff -urN wordpress-mu-1.3/wp-content/mu-plugins/sync-taxonomy.php wordpress-mu-1.3.2/wp-content/mu-plugins/sync-taxonomy.php
--- wordpress-mu-1.3/wp-content/mu-plugins/sync-taxonomy.php	2007-10-04 14:01:10.000000000 +0200
+++ wordpress-mu-1.3.2/wp-content/mu-plugins/sync-taxonomy.php	1970-01-01 01:00:00.000000000 +0100
@@ -1,446 +0,0 @@
-<?php
-/*
-***BETA BETA BETA BETA BETA BETA BETA BETA BETA BETA BETA BETA***
-* This script will create and sync the new taxonomy tables in WordPress 2.3
-* 
-* Please only use this on a test server. You'll have to remove the comments 
-* starting below this text and at the end of this file to activate it.
-* 
-* You should use this if your server is busy and/or you have many blogs.
-* 
-* To upgrade your blogs:
-* 1. Open the front page of your site and add the string "?upgradetaxonomy=1"
-*    to generate a secret key. You must use this key to run the global upgrade process.
-* 2. Look in the site_options table of your database for the key. It's called "upgradetaxonomysecret".
-* 3. Now, load the front page of your site again with the string "?upgradetaxonomy=<secretkey>"
-* 4. Your blogs should upgrade, 10 at a time.
-*
-* How to force an upgrade:
-* If you need to force the upgrade of a blog, open the blog and append "?taxonomysync=<secretkey>"
-* where secretkey is the key from your site_options table.
-*/
-
-/*
-$wpdb->terms = $wpdb->prefix . "terms";
-$wpdb->term_taxonomy = $wpdb->prefix . "term_taxonomy";
-$wpdb->term_relationships = $wpdb->prefix . "term_relationships";
-
-function sync_link2cat( $link_id ) {
-	global $wpdb;
-
-	if ( get_option('db_version') != 6124 )
-		return;
-	
-	if( function_exists( 'get_term' ) ) {
-		$wpdb->query( "DELETE FROM {$wpdb->link2cat} WHERE link_id = '{$link_id}'" );
-		$terms = $wpdb->get_results( "SELECT {$wpdb->term_taxonomy}.term_id FROM {$wpdb->term_taxonomy}, {$wpdb->term_relationships} WHERE {$wpdb->term_taxonomy}.term_taxonomy_id = {$wpdb->term_relationships}.term_taxonomy_id AND {$wpdb->term_relationships}.object_id = '{$link_id}' AND {$wpdb->term_taxonomy}.taxonomy = 'link_category'" );
-		if( is_array( $terms ) )
-			foreach( $terms as $term )
-				$wpdb->query( "INSERT INTO {$wpdb->link2cat} ( `link_id`, `category_id` ) VALUES ( '$link_id', '{$term->term_id}' )" );
-
-		return $link_id;
-	}
-
-	$cats = $wpdb->get_results( "SELECT category_id, category_description, category_parent, link_count FROM {$wpdb->link2cat}, {$wpdb->categories} WHERE {$wpdb->link2cat}.category_id = {$wpdb->categories}.cat_ID AND link_id = '{$link_id}'" );
-	foreach( $cats as $cat ) {
-		if ( !$wpdb->get_var( "SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE taxonomy = 'link_category' AND term_id = '{$cat->category_id}'" ) )
-			$wpdb->query( "INSERT INTO $wpdb->term_taxonomy ( term_id, taxonomy, description, parent, count ) VALUES ( '{$cat->category_id}', 'link_category', '" . $wpdb->escape( $cat->category_description ) . "', '{$cat->category_parent}', '{$cat->link_count}' )" );
-	}
-	$terms = $wpdb->get_results( "SELECT {$wpdb->term_relationships}.object_id, {$wpdb->term_relationships}.term_taxonomy_id FROM {$wpdb->term_taxonomy}, {$wpdb->term_relationships} WHERE {$wpdb->term_taxonomy}.term_taxonomy_id = {$wpdb->term_relationships}.term_taxonomy_id AND {$wpdb->term_relationships}.object_id = '{$link_id}' AND {$wpdb->term_taxonomy}.taxonomy = 'link_category'" );
-	if( is_array( $terms ) ) {
-		foreach( $terms as $term ) {
-			$wpdb->query( "DELETE FROM $wpdb->term_relationships WHERE object_id = '{$term->object_id}' AND term_taxonomy_id = '{$term->term_taxonomy_id}'" );
-		}
-	}
-	$cats = $wpdb->get_results( "SELECT link_id, term_taxonomy_id, link_count FROM $wpdb->link2cat, {$wpdb->term_taxonomy}, {$wpdb->categories} WHERE {$wpdb->link2cat}.category_id = {$wpdb->term_taxonomy}.term_id AND link_id = '{$link_id}' AND {$wpdb->categories}.cat_ID = {$wpdb->link2cat}.category_id AND {$wpdb->term_taxonomy}.taxonomy = 'link_category'" );
-	if( is_array( $cats ) ) {
-		foreach( $cats as $cat ) {
-			$wpdb->query( "INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( '{$cat->link_id}', '{$cat->term_taxonomy_id}' )" );
-			$wpdb->query( "UPDATE $wpdb->term_taxonomy SET count = '{$cat->link_count}' WHERE taxonomy = 'link_category' AND term_taxonomy_id = '{$cat->term_taxonomy_id}'" );
-		}
-	}
-	wp_cache_delete( 'get_bookmarks', 'bookmark' );
-	wp_cache_delete( 'all_category_ids', 'category' );
-	wp_cache_delete( 'get_terms', 'terms' );
-}
-add_action( 'edit_link', 'sync_link2cat' );
-add_action( 'add_link', 'sync_link2cat' );
-
-function sync_post2cat( $post_id ) {
-	global $wpdb;
-
-	if ( get_option('db_version') != 6124 )
-		return;
-	
-	if( function_exists( 'get_term' ) ) {
-		$wpdb->query( "DELETE FROM {$wpdb->post2cat} WHERE post_id = '{$post_id}'" );
-		$terms = $wpdb->get_results( "SELECT {$wpdb->term_taxonomy}.term_id FROM {$wpdb->term_taxonomy}, {$wpdb->term_relationships} WHERE {$wpdb->term_taxonomy}.term_taxonomy_id = {$wpdb->term_relationships}.term_taxonomy_id AND {$wpdb->term_relationships}.object_id = '{$post_id}' AND {$wpdb->term_taxonomy}.taxonomy = 'category'" );
-		if( is_array( $terms ) )
-			foreach( $terms as $term )
-				$wpdb->query( "INSERT INTO {$wpdb->post2cat} ( `post_id`, `category_id` ) VALUES ( '$post_id', '{$term->term_id}' )" );
-
-		wp_cache_delete( 'all_category_ids', 'category' );
-		wp_cache_delete( 'get_terms', 'terms' );
-		return $post_id;
-	}
-
-	$cats = $wpdb->get_results( "SELECT category_id, category_description, category_parent, category_count FROM {$wpdb->post2cat}, {$wpdb->categories} WHERE {$wpdb->post2cat}.category_id = {$wpdb->categories}.cat_ID AND post_id = '{$post_id}'" );
-	foreach( $cats as $cat ) {
-		if ( !$wpdb->get_var( "SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE taxonomy = 'category' AND term_id = '{$cat->category_id}'" ) )
-			$wpdb->query( "INSERT INTO $wpdb->term_taxonomy ( term_id, taxonomy, description, parent, count ) VALUES ( '{$cat->category_id}', 'category', '" . $wpdb->escape( $cat->category_description ) . "', '{$cat->category_parent}', '{$cat->category_count}' )" );
-	}
-	$terms = $wpdb->get_results( "SELECT {$wpdb->term_taxonomy}.term_id, {$wpdb->term_relationships}.object_id, {$wpdb->term_relationships}.term_taxonomy_id FROM {$wpdb->term_taxonomy}, {$wpdb->term_relationships} WHERE {$wpdb->term_taxonomy}.term_taxonomy_id = {$wpdb->term_relationships}.term_taxonomy_id AND {$wpdb->term_relationships}.object_id = '{$post_id}' AND {$wpdb->term_taxonomy}.taxonomy = 'category'" );
-	if( is_array( $terms ) ) {
-		foreach( $terms as $term ) {
-			$wpdb->query( "DELETE FROM $wpdb->term_relationships WHERE object_id = '{$term->object_id}' AND term_taxonomy_id = '{$term->term_taxonomy_id}'" );
-		}
-	}
-	$cats = $wpdb->get_results( "SELECT post_id, term_taxonomy_id, category_count FROM $wpdb->post2cat, {$wpdb->term_taxonomy}, {$wpdb->categories} WHERE {$wpdb->post2cat}.category_id = {$wpdb->term_taxonomy}.term_id AND post_id = '{$post_id}' AND {$wpdb->categories}.cat_ID = {$wpdb->post2cat}.category_id AND {$wpdb->term_taxonomy}.taxonomy = 'category'" );
-	if( is_array( $cats ) ) {
-		foreach( $cats as $cat ) {
-			$wpdb->query( "INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( '{$cat->post_id}', '{$cat->term_taxonomy_id}' )" );
-			$wpdb->query( "UPDATE $wpdb->term_taxonomy SET count = '{$cat->category_count}' WHERE taxonomy = 'category' AND term_taxonomy_id = '{$cat->term_taxonomy_id}'" );
-		}
-	}
-	wp_cache_delete( 'all_category_ids', 'category' );
-	wp_cache_delete( 'get_terms', 'terms' );
-}
-add_action( 'save_post', 'sync_post2cat' );
-
-function sync_terms_edit_cat( $cat_ID ) {
-	sync_terms_edit( $cat_ID, "category" );
-}
-function sync_terms_edit_link( $cat_ID ) {
-	sync_terms_edit( $cat_ID, "link_category" );
-}
-function sync_terms_edit( $cat_ID, $taxonomy ) {
-	global $wpdb;
-
-	if ( get_option('db_version') != 6124 )
-		return;
-	
-	if( function_exists( 'get_term' ) ) {
-		$cat = $wpdb->get_row( "SELECT * FROM {$wpdb->terms}, {$wpdb->term_taxonomy} WHERE {$wpdb->terms}.term_id = {$wpdb->term_taxonomy}.term_id AND {$wpdb->term_taxonomy}.term_id = '$cat_ID'" );
-		$wpdb->query( "UPDATE {$wpdb->categories} SET cat_name = '" . $wpdb->escape( $cat->name ) . "', category_nicename = '" . $wpdb->escape( $cat->slug ) . "', category_description = '" . $wpdb->escape( $cat->description ) . "', category_parent = '{$cat->parent}' WHERE cat_ID = '$cat_ID'" );
-		
-		return $cat_ID;
-	}
-
-	$cat = get_category( $cat_ID );
-	$wpdb->query( "UPDATE $wpdb->terms SET name = '" . $wpdb->escape( $cat->cat_name ) . "', slug = '$cat->category_nicename' WHERE term_id = '$cat_ID'" );
-	$count = $taxonomy == "category" ? $cat->category_count : $cat->link_count;
-	$wpdb->query( "UPDATE $wpdb->term_taxonomy SET description = '" . $wpdb->escape( $cat->description ) . "', parent = '$cat->category_parent', count = '$count' WHERE term_id = '$cat_ID' AND taxonomy = '$taxonomy'" );
-	wp_cache_delete( 'get_terms', 'terms' );
-	return $cat_ID;
-}
-add_filter( 'edit_category', 'sync_terms_edit_cat');
-add_filter( 'edit_link_category', 'sync_terms_edit_link');
-
-function sync_terms_create( $cat_ID ) {
-	global $wpdb;
-
-	if ( get_option('db_version') != 6124 )
-		return;
-	
-	if( strpos( $_SERVER[ 'HTTP_REFERER' ], 'link-add.php' ) ) {
-		$taxonomy = 'link_category';
-	} else {
-		$taxonomy = 'category';
-	}
-	if( function_exists( 'get_term' ) ) {
-		$cat = $wpdb->get_row( "SELECT * FROM {$wpdb->terms}, {$wpdb->term_taxonomy} WHERE {$wpdb->terms}.term_id = {$wpdb->term_taxonomy}.term_id AND {$wpdb->term_taxonomy}.term_id = '$cat_ID' AND {$wpdb->term_taxonomy}.taxonomy = '$taxonomy'" );
-		$wpdb->query( "INSERT INTO {$wpdb->categories} ( `cat_ID`, `cat_name`, `category_nicename`, `category_description`, `category_parent` ) VALUES ( '{$cat->term_id}', '" . $wpdb->escape( $cat->name ) . "', '" . $wpdb->escape( $cat->slug ) . "', '" . $wpdb->escape( $cat->description ) . "', '{$cat->parent}' )" );
-		
-		return $cat_ID;
-	}
-
-	$cat = get_category( $cat_ID );
-	$wpdb->query( "INSERT INTO $wpdb->terms ( term_id, name, slug, term_group ) VALUES ( '{$cat->cat_ID}', '" . $wpdb->escape( $cat->cat_name ) . "', '{$cat->category_nicename}', '0' )" );
-	$wpdb->query( "INSERT INTO $wpdb->term_taxonomy ( term_id, taxonomy, description, parent, count ) VALUES ( '{$cat->cat_ID}', '$taxonomy', '" . $wpdb->escape( $cat->category_description ) . "', '{$cat->category_parent}', '$count' )" );
-	$wpdb->query( "INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) SELECT post_id, term_taxonomy_id FROM $wpdb->post2cat, {$wpdb->term_taxonomy} WHERE {$wpdb->post2cat}.category_id = {$wpdb->term_taxonomy}.term_id AND {$wpdb->post2cat}.category_id = '$cat_ID'" );
-	$wpdb->query( "INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) SELECT link_id, term_taxonomy_id FROM $wpdb->link2cat, {$wpdb->term_taxonomy} WHERE {$wpdb->link2cat}.category_id = {$wpdb->term_taxonomy}.term_id AND {$wpdb->link2cat}.category_id = '$cat_ID'" );
-	wp_cache_delete( 'get_terms', 'terms' );
-	return $cat_ID;
-}
-add_filter( 'create_category', 'sync_terms_create');
-add_filter( 'create_link_category', 'sync_terms_create');
-
-function sync_terms_delete( $cat_ID ) {
-	global $wpdb;
-
-	if ( get_option('db_version') != 6124 )
-		return;
-	
-	if( function_exists( 'get_term' ) ) {
-		$wpdb->query( "DELETE FROM {$wpdb->categories} WHERE cat_ID = '$cat_ID'" );
-		$wpdb->query( "DELETE FROM {$wpdb->post2cat} WHERE cat_ID = '$cat_ID'" );
-		$wpdb->query( "DELETE FROM {$wpdb->link2cat} WHERE cat_ID = '$cat_ID'" );
-		
-		return $cat_ID;
-	}
-
-	$wpdb->query( "DELETE FROM $wpdb->terms WHERE term_id = '$cat_ID'" );
-	$term_taxonomy_ids = $wpdb->get_col( "SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = '$cat_ID'" );
-	if ( !empty($term_taxonomy_ids) ) {
-		foreach ( $term_taxonomy_ids as $term_taxonomy_id ) {
-			$wpdb->query( "DELETE FROM $wpdb->term_taxonomy WHERE term_taxonomy_id = '$term_taxonomy_id'" );
-			$wpdb->query( "DELETE FROM $wpdb->term_relationships WHERE term_taxonomy_id = '$term_taxonomy_id'" );
-		}
-	}
-	wp_cache_delete( 'get_terms', 'terms' );
-}
-add_filter( 'delete_category', 'sync_terms_delete');
-add_filter( 'delete_link_category', 'sync_terms_delete');
-
-function backfill_tags( $force = false ) {
-	global $wpdb, $blog_id;
-
-	if( function_exists( 'get_term' ) )
-		return;
-
-	$upgradetaxonomysecret = get_taxonomy_secret();
-
-	$needs_fix = $wpdb->get_col( "SELECT term_id FROM $wpdb->term_taxonomy WHERE taxonomy = ''" );
-	if ( isset( $_GET['taxonomysync'] ) && $upgradetaxonomysecret == $_GET['taxonomysync'] ) {
-		do_backfill( $needs_fix );
-	}
-
-	if ( get_option('db_version') == 6124 )
-		return;
-
-	if ( !current_user_can( 'publish_posts' ) )
-		return;
-
-	do_backfill( $needs_fix );
-}
-add_action( 'init', 'backfill_tags' );
-
-function do_backfill( $term_ids = array() ) {
-	global $wpdb, $blog_id;
-
-	$wp_queries="CREATE TABLE IF NOT EXISTS $wpdb->terms (
-		term_id bigint(20) NOT NULL auto_increment,
-		name varchar(55) NOT NULL default '',
-		slug varchar(200) NOT NULL default '',
-		term_group bigint(10) NOT NULL default 0,
-		PRIMARY KEY  (term_id),
-		UNIQUE KEY slug (slug)
-	);";
-	$wpdb->query( $wp_queries );
-	$wp_queries="CREATE TABLE IF NOT EXISTS $wpdb->term_taxonomy (
-		term_taxonomy_id bigint(20) NOT NULL auto_increment,
-		term_id bigint(20) NOT NULL default 0,
-		taxonomy varchar(32) NOT NULL default '',
-		description longtext NOT NULL,
-		parent bigint(20) NOT NULL default 0,
-		count bigint(20) NOT NULL default 0,
-		PRIMARY KEY  (term_taxonomy_id),
-		UNIQUE KEY term_id_taxonomy (term_id,taxonomy)
-	);";
-	$wpdb->query( $wp_queries );
-	$wp_queries="CREATE TABLE IF NOT EXISTS $wpdb->term_relationships (
-		object_id bigint(20) NOT NULL default 0,
-		term_taxonomy_id bigint(20) NOT NULL default 0,
-		PRIMARY KEY  (object_id,term_taxonomy_id),
-		KEY term_taxonomy_id (term_taxonomy_id)
-	);";
-	$wpdb->query( $wp_queries );
-
-	$wpdb->query( "TRUNCATE TABLE $wpdb->terms" );
-	$wpdb->query( "TRUNCATE TABLE $wpdb->term_relationships" );
-	$wpdb->query( "TRUNCATE TABLE $wpdb->term_taxonomy" );
-
-	if( $wpdb->get_results( "SELECT cat_ID FROM $wpdb->categories LIMIT 0,1" ) ) { 
-		// If we have categories and no terms do initial sync
-		$cats = $wpdb->get_results( "SELECT * FROM $wpdb->categories" );
-
-		foreach( $cats as $cat ) {
-			$cat->link_count = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->link2cat WHERE category_id = $cat->cat_ID" );
-			$cat->category_count = $wpdb->get_var( "SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $cat->cat_ID" );
-
-			$wpdb->query( "INSERT INTO $wpdb->terms ( term_id, name, slug, term_group ) VALUES ( '$cat->cat_ID', '" . $wpdb->escape( $cat->cat_name ) . "', '$cat->category_nicename', '0' )" );
-			if ( $cat->link_count ) {
-				$count = $cat->link_count;
-				if ( !$wpdb->get_var( "SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE taxonomy = 'link_category' AND term_id = '$cat->cat_ID'" ) )
-					$wpdb->query( "INSERT INTO $wpdb->term_taxonomy ( term_id, taxonomy, description, parent, count ) VALUES ( '{$cat->cat_ID}', 'link_category', '" . $wpdb->escape( $cat->category_description ) . "', '{$cat->category_parent}', '{$count}' )" );				
-			} 
-			if ( $cat->category_count || ( !$cat->category_count && !$cat->link_category ) ) {
-				$count = $cat->category_count;
-				if ( !$wpdb->get_var( "SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE taxonomy = 'category' AND term_id = '$cat->cat_ID'" ) )
-					$wpdb->query( "INSERT INTO $wpdb->term_taxonomy ( term_id, taxonomy, description, parent, count ) VALUES ( '{$cat->cat_ID}', 'category', '" . $wpdb->escape( $cat->category_description ) . "', '{$cat->category_parent}', '{$count}' )" );				
-			}
-
-			wp_cache_delete( $cat->cat_ID, 'category' );
-			wp_cache_delete( $cat->cat_ID, 'link_category' );
-			if ( function_exists( "clean_term_cache" ) ) {
-				clean_term_cache( $cat->cat_ID, 'category' );
-				clean_term_cache( $cat->cat_ID, 'link_category' );
-			}
-		}
-		$cats = $wpdb->get_results( "SELECT link_id, term_taxonomy_id, link_count FROM $wpdb->link2cat, {$wpdb->term_taxonomy}, {$wpdb->categories} WHERE {$wpdb->link2cat}.category_id = {$wpdb->term_taxonomy}.term_id AND {$wpdb->categories}.cat_ID = {$wpdb->link2cat}.category_id AND {$wpdb->term_taxonomy}.taxonomy = 'link_category'" );
-		if( is_array( $cats ) ) {
-			foreach( $cats as $cat ) {
-				$wpdb->query( "INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( '{$cat->link_id}', '{$cat->term_taxonomy_id}' )" );
-				$wpdb->query( "UPDATE $wpdb->term_taxonomy SET count = '{$cat->link_count}' WHERE taxonomy = 'link_category' AND term_taxonomy_id = '{$cat->term_taxonomy_id}'" );
-			}
-		}
-		$cats = $wpdb->get_results( "SELECT post_id, term_taxonomy_id, category_count FROM $wpdb->post2cat, {$wpdb->term_taxonomy}, {$wpdb->categories} WHERE {$wpdb->post2cat}.category_id = {$wpdb->term_taxonomy}.term_id AND {$wpdb->categories}.cat_ID = {$wpdb->post2cat}.category_id AND {$wpdb->term_taxonomy}.taxonomy = 'category'" );
-		if( is_array( $cats ) ) {
-			foreach( $cats as $cat ) {
-				$wpdb->query( "INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( '{$cat->post_id}', '{$cat->term_taxonomy_id}' )" );
-				$wpdb->query( "UPDATE $wpdb->term_taxonomy SET count = '{$cat->category_count}' WHERE taxonomy = 'category' AND term_taxonomy_id = '{$cat->term_taxonomy_id}'" );
-			}
-		}
-	}
-	wp_cache_delete( 'get_bookmarks', 'bookmark' );
-	wp_cache_delete( 'all_category_ids', 'category' );
-	wp_cache_delete( 'get_terms', 'terms' );
-
-	update_option( 'db_version', 6124 );
-
-	if( empty( $term_ids ) )
-		return;
-
-	foreach( $term_ids as $term_id ) {
-		$post_ids = $wpdb->get_col( "SELECT post_id FROM {$wpdb->post2cat} WHERE category_id = '{$term_id}'" );
-		if( is_array( $post_ids ) && !empty( $post_ids ) ) {
-			foreach( $post_ids as $post_id ) {
-				do_action( 'edit_post', $post_id );
-			}
-		}
-	}
-}
-
-function make_tags_global( $global_id, $cat_ID ) {
-	global $wpdb;
-
-	if ( get_option('db_version') != 6124 )
-		return;
-	
-	if( $global_id == $cat_ID )
-		return;
-		
-	$wpdb->query( "UPDATE $wpdb->terms SET term_id = '$global_id' WHERE term_id = '$cat_ID'" );
-	$wpdb->query( "UPDATE $wpdb->term_taxonomy SET term_id = '$global_id' WHERE term_id = '$cat_ID'" );
-	$wpdb->query( "UPDATE $wpdb->term_taxonomy SET parent = '$global_id' WHERE parent = '$cat_ID'" );
-}
-add_action( 'update_cat_id', 'make_tags_global', 10, 2 );
-
-function redo_relationships() {
-	global $wpdb, $blog_id;
-
-	if ( get_option('db_version') != 6124 )
-		return;
-	
-	$upgradetaxonomysecret = get_taxonomy_secret();
-
-	if ( !isset( $_GET['redorelationships'] ) || $upgradetaxonomysecret != $_GET['redorelationships'] )
-		return;
-
-	// For all posts in post2cat, erase relationships in term_relationships and repopulate
-	// term_relationships with relationships from post2cat
-
-	$tt_ids = array();
-
-	// Get all post IDs from post2cat
-	$posts = $wpdb->get_col("SELECT post_id FROM $wpdb->post2cat GROUP BY post_id");
-
-	foreach ( $posts as $post_id ) {
-		// Clear out category relationships for this post.
-		$terms = $wpdb->get_col("SELECT tr.term_taxonomy_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tr.object_id = '$post_id' AND tt.taxonomy = 'category'");
-		foreach ( (array) $terms as $term) 
-			$wpdb->query("DELETE FROM $wpdb->term_relationships WHERE object_id = '$post_id' AND term_taxonomy_id = '$term'");
-		$cats = $wpdb->get_col("SELECT category_id FROM $wpdb->post2cat WHERE post_id = '$post_id'");
-		foreach ( $cats as $cat ) {
-			// Get the tt_id for the term.  Assume it already exists.
-			if ( empty($tt_ids[$cat]) )
-				$tt_ids[$cat] = $wpdb->get_var("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = '$cat' AND taxonomy = 'category'");
-			if ( empty($tt_ids[$cat]) || 'empty' == $tt_ids[$cat] ) {
-				error_log("No tt_id for post $post_id, cat $cat, blog $blog_id", 0);
-				$tt_ids[$cat] = 'empty';
-				continue;
-			}
-			// Create the relationship.
-			$tt_id = $tt_ids[$cat];
-			$wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post_id', '$tt_id')");
-		}
-		clean_post_cache($post_id);
-	}
-
-	wp_cache_delete( 'get_bookmarks', 'bookmark' );
-	wp_cache_delete( 'all_category_ids', 'category' );
-	wp_cache_delete( 'get_terms', 'terms' );
-}
-
-add_action('init', 'redo_relationships');
-
-function get_taxonomy_secret() {
-	$upgradetaxonomysecret = get_site_option( 'upgradetaxonomysecret' );
-	if( $upgradetaxonomysecret == false ) {
-		$upgradetaxonomysecret = md5( uniqid(time() . mt_rand()) );
-		add_site_option( 'upgradetaxonomysecret', $upgradetaxonomysecret );
-	}
-	return $upgradetaxonomysecret;
-}
-
-function upgrade_all_taxonomy() {
-	global $wpdb, $wpmuBaseTablePrefix;
-
-	if( isset( $_GET[ 'upgradetaxonomy' ] ) == false )
-		return;
-
-	$upgradetaxonomysecret = get_taxonomy_secret();
-
-	if( $_GET[ 'upgradetaxonomy' ] == $upgradetaxonomysecret ) {
-		$http_fopen = ini_get("allow_url_fopen");
-		if(!$http_fopen) require_once('../../wp-includes/class-snoopy.php');
-		if( isset( $_GET[ 'n' ] ) == false ) {
-			$n = 0;
-		} else {
-			$n = intval( $_GET[ 'n' ] );
-		}
-		$blogs = $wpdb->get_results( "SELECT * FROM $wpdb->blogs WHERE site_id = '$wpdb->siteid' AND spam = '0' AND deleted = '0' AND archived = '0' ORDER BY registered DESC LIMIT $n, 10", ARRAY_A );
-		if( is_array( $blogs ) ) {
-			print "<ul>";
-			foreach( $blogs as $details ) {
-				$siteurl = $wpdb->get_var( "SELECT option_value from {$wpmuBaseTablePrefix}{$details[ 'blog_id' ]}_options WHERE option_name = 'siteurl'" );
-				print "<li>$siteurl</li>";
-				if($http_fopen) {
-					$fp = fopen( trailingslashit( $siteurl ) . '?taxonomysync=' . get_site_option( 'upgradetaxonomysecret' ), "r" );
-					if( $fp ) {
-						while( feof( $fp ) == false ) {
-							fgets($fp, 4096);
-						}
-						fclose( $fp );
-					}
-				} else {
-					$client = new Snoopy();
-					@$client->fetch( trailingslashit( $siteurl ) . '?taxonomysync=' . get_site_option( 'upgradetaxonomysecret' ));
-				}
-			}
-			print "</ul>";
-			?>
-			<p><?php _e("If your browser doesn't start loading the next page automatically click this link:"); ?> <a href="<?php echo trailingslashit( get_option( 'siteurl' ) ) ?>?upgradetaxonomy=<?php echo $upgradetaxonomysecret ?>&n=<?php echo ($n + 5) ?>"><?php _e("Next Blogs"); ?></a> </p>
-			<script language='javascript'>
-			<!--
-
-			function nextpage() {
-				location.href="<?php echo trailingslashit( get_option( 'siteurl' ) ) ?>?upgradetaxonomy=<?php echo $upgradetaxonomysecret ?>&n=<?php echo ($n + 10) ?>";
-			}
-			setTimeout( "nextpage()", 25 );
-
-			//-->
-			</script>
-			<?php
-			die();
-		} else {
-			_e("All Done!");
-			die();
-		}
-	}
-	
-}
-
-add_action('init', 'upgrade_all_taxonomy');
-*/
-?>
diff -urN wordpress-mu-1.3/wp-includes/cache.php wordpress-mu-1.3.2/wp-includes/cache.php
--- wordpress-mu-1.3/wp-includes/cache.php	2007-10-23 20:28:40.000000000 +0200
+++ wordpress-mu-1.3.2/wp-includes/cache.php	2008-01-15 12:56:58.000000000 +0100
@@ -139,11 +139,12 @@
 	}
 
 	function get($id, $group = 'default', $count_hits = true) {
-		$hash = $this->key($id, $group);
-		$group_key = $this->key( '', $group );
 		if (empty ($group))
 			$group = 'default';
 
+		$group_key = $this->key( '', $group );
+		$hash = $this->key($id, $group_key);
+
 		if (isset ($this->cache[$hash])) {
 			if ($count_hits)
 				$this->warm_cache_hits += 1;
@@ -168,7 +169,7 @@
 			return false;
 		}
 
-		$cache_file = $this->cache_dir.$this->get_group_dir($group_key)."/".$this->hash($id).'.php';
+		$cache_file = $this->cache_dir.$this->get_group_dir($group_key)."/".$this->hash($hash).'.php';
 		if (!file_exists($cache_file)) {
 			$this->non_existant_objects[$hash] = true;
 			$this->cache_misses += 1;
@@ -285,7 +286,8 @@
 	}
 
 	function set($id, $data, $group = 'default', $expire = '') {
-		$hash = $this->key($id, $group);
+		$group_key = $this->key( '', $group );
+		$hash = $this->key($id, $group_key);
 		if (empty ($group))
 			$group = 'default';
 
@@ -294,7 +296,7 @@
 
 		$this->cache[$hash] = $data;
 		unset ($this->non_existant_objects[$hash]);
-		$this->dirty_objects[$this->key( '', $group )][] = $id;
+		$this->dirty_objects[$group_key][] = $id;
 
 		return true;
 	}
@@ -338,17 +340,18 @@
 
 			$ids = array_unique($ids);
 			foreach ($ids as $id) {
-				$cache_file = $group_dir.$this->hash($group.'-'.$id).'.php';
+				$hash = $this->key($id, $group);
+				$cache_file = $group_dir.$this->hash($hash).'.php';
 
 				// Remove the cache file if the key is not set.
-				if (!isset ($this->cache[$group.'-'.$id])) {
+				if (!isset ($this->cache[$hash])) {
 					if (file_exists($cache_file))
 						@ unlink($cache_file);
 					continue;
 				}
 
 				$temp_file = tempnam($group_dir, 'tmp');
-				$serial = CACHE_SERIAL_HEADER.base64_encode(serialize($this->cache[$group.'-'.$id])).CACHE_SERIAL_FOOTER;
+				$serial = CACHE_SERIAL_HEADER.base64_encode(serialize($this->cache[$hash])).CACHE_SERIAL_FOOTER;
 				$fd = @fopen($temp_file, 'w');
 				if ( false === $fd ) {
 					$errors++;
diff -urN wordpress-mu-1.3/wp-includes/class-phpmailer.php wordpress-mu-1.3.2/wp-includes/class-phpmailer.php
--- wordpress-mu-1.3/wp-includes/class-phpmailer.php	2007-10-12 18:21:15.000000000 +0200
+++ wordpress-mu-1.3.2/wp-includes/class-phpmailer.php	2008-01-14 20:05:09.000000000 +0100
@@ -58,7 +58,7 @@
      * Sets the From email address for the message.
      * @var string
      */
-    var $From               = "support@wordpress.com";
+    var $From               = "support@localhost.localdomain";
 
     /**
      * Sets the From name of the message.
diff -urN wordpress-mu-1.3/wp-includes/formatting.php wordpress-mu-1.3.2/wp-includes/formatting.php
--- wordpress-mu-1.3/wp-includes/formatting.php	2007-10-23 20:28:40.000000000 +0200
+++ wordpress-mu-1.3.2/wp-includes/formatting.php	2008-01-02 17:00:05.000000000 +0100
@@ -622,18 +622,35 @@
 	return $emailNOSPAMaddy;
 }
 
+function _make_url_clickable_cb($matches) {
+	$url = $matches[2];
+	$url = clean_url($url);
+	if ( empty($url) )
+		return $matches[0];
+	return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>";
+}
+
+function _make_web_ftp_clickable_cb($matches) {
+	$dest = $matches[2];
+	$dest = 'http://' . $dest;
+	$dest = clean_url($dest);
+	if ( empty($dest) )
+		return $matches[0];
+
+	return $matches[1] . "<a href=\"$dest\" rel=\"nofollow\">$dest</a>";
+}
+
+function _make_email_clickable_cb($matches) {
+	$email = $matches[2] . '@' . $matches[3];
+	return $matches[1] . "<a href=\"mailto:$email\">$email</a>";
+}
+
 function make_clickable($ret) {
 	$ret = ' ' . $ret;
 	// in testing, using arrays here was found to be faster
-	$ret = preg_replace(
-		array(
-			'#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is',
-			'#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is',
-			'#([\s>])([a-z0-9\-_.]+)@([^,< \n\r]+)#i'),
-		array(
-			'$1<a href="$2" rel="nofollow">$2</a>',
-			'$1<a href="http://$2" rel="nofollow">$2</a>',
-			'$1<a href="mailto:$2@$3">$2@$3</a>'),$ret);
+	$ret = preg_replace_callback('#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_url_clickable_cb', $ret);
+	$ret = preg_replace_callback('#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_web_ftp_clickable_cb', $ret);
+	$ret = preg_replace_callback('#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret);
 	// this one is not in an array because we need it to run last, for cleanup of accidental links within links
 	$ret = preg_replace("#(<a( [^>]+?>|>))<a [^>]+?>([^>]+?)</a></a>#i", "$1$3</a>", $ret);
 	$ret = trim($ret);
diff -urN wordpress-mu-1.3/wp-includes/functions.php wordpress-mu-1.3.2/wp-includes/functions.php
--- wordpress-mu-1.3/wp-includes/functions.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-includes/functions.php	2008-01-24 19:51:01.000000000 +0100
@@ -204,10 +204,10 @@
 
 		if ( false === $value ) {
 			if ( defined('WP_INSTALLING') )
-				$wpdb->hide_errors();
+				$show = $wpdb->hide_errors();
 			$row = $wpdb->get_row("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1");
 			if ( defined('WP_INSTALLING') )
-				$wpdb->show_errors();
+				$wpdb->show_errors($show);
 
 			if( is_object( $row) ) { // Has to be get_row instead of get_var because of funkiness with 0, false, null values
 				$value = $row->option_value;
@@ -242,11 +242,11 @@
 
 function get_alloptions() {
 	global $wpdb, $wp_queries;
-	$wpdb->hide_errors();
+	$show = $wpdb->hide_errors();
 	if ( !$options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'") ) {
 		$options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options");
 	}
-	$wpdb->show_errors();
+	$wpdb->show_errors($show);
 
 	foreach ($options as $option) {
 		// "When trying to design a foolproof system,
@@ -269,10 +269,10 @@
 	$alloptions = wp_cache_get('alloptions', 'options');
 
 	if ( !$alloptions ) {
-		$wpdb->hide_errors();
+		$show = $wpdb->hide_errors();
 		if ( !$alloptions_db = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'") )
 			$alloptions_db = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options");
-		$wpdb->show_errors();
+		$wpdb->show_errors($show);
 		$alloptions = array();
 		foreach ( (array) $alloptions_db as $o )
 			$alloptions[$o->option_name] = $o->option_value;
@@ -899,9 +899,9 @@
 
 function is_blog_installed() {
 	global $wpdb;
-	$wpdb->hide_errors();
+	$show = $wpdb->hide_errors();
 	$installed = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'");
-	$wpdb->show_errors();
+	$wpdb->show_errors($show);
 
 	$install_status = !empty( $installed ) ? TRUE : FALSE;
 	return $install_status;
@@ -1021,6 +1021,13 @@
 	if ( $upload['error'] !== false )
 		return $upload;
 
+	/* WPMU check file before writing it */
+	$upload_bits_error = apply_filters( 'wp_upload_bits', array( 'name' => $name, 'bits' => $bits, 'time' => $time ) );
+	if( is_array( $upload_bits_error ) == false ) {
+		$upload[ 'error' ] = $upload_bits_error;
+		return $upload;
+	}
+
 	$number = '';
 	$filename = $name;
 	$path_parts = pathinfo($filename);
@@ -1426,4 +1433,36 @@
 	while ( @ob_end_flush() );
 }
 
+function dead_db() {
+	global $wpdb;
+
+	// Load custom DB error template, if present.
+	if ( file_exists( ABSPATH . 'wp-content/db-error.php' ) ) {
+		require_once( ABSPATH . 'wp-content/db-error.php' );
+		die();
+	}
+
+	// If installing or in the admin, provide the verbose message.
+	if ( defined('WP_INSTALLING') || defined('WP_ADMIN') )
+		wp_die($wpdb->error);
+
+	// Otherwise, be terse.
+	status_header( 500 );
+	nocache_headers();
+	header( 'Content-Type: text/html; charset=utf-8' );
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" <?php if ( function_exists( 'language_attributes' ) ) language_attributes(); ?>>
+<head>
+	<title>Database Error</title>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+</head>
+<body>
+	<h1>Error establishing a database connection</h1>
+</body>
+</html>
+<?php
+	die();
+}
+
 ?>
diff -urN wordpress-mu-1.3/wp-includes/gettext.php wordpress-mu-1.3.2/wp-includes/gettext.php
--- wordpress-mu-1.3/wp-includes/gettext.php	2007-05-21 20:37:58.000000000 +0200
+++ wordpress-mu-1.3.2/wp-includes/gettext.php	2007-12-26 19:57:15.000000000 +0100
@@ -114,7 +114,7 @@
 
 		$this->STREAM = $Reader;
 		$magic = $this->readint();
-		if ($magic == ($MAGIC1 & 0xFFFFFFFF) || $magic == ($MAGIC3 & 0xFFFFFFFF)) { // to make sure it works for 64-bit platforms
+		if ($magic == $MAGIC1 || $magic == $MAGIC3) { // to make sure it works for 64-bit platforms
 			$this->BYTEORDER = 0;
 		} elseif ($magic == ($MAGIC2 & 0xFFFFFFFF)) {
 			$this->BYTEORDER = 1;
diff -urN wordpress-mu-1.3/wp-includes/pluggable.php wordpress-mu-1.3.2/wp-includes/pluggable.php
--- wordpress-mu-1.3/wp-includes/pluggable.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-includes/pluggable.php	2008-01-02 17:00:05.000000000 +0100
@@ -79,9 +79,9 @@
 	if ( !$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$user_id' LIMIT 1") )
 		return false;
 
-	$wpdb->hide_errors();
+	$show = $wpdb->hide_errors();
 	$metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
-	$wpdb->show_errors();
+	$wpdb->show_errors($show);
 
 	if ($metavalues) {
 		foreach ( $metavalues as $meta ) {
@@ -341,7 +341,7 @@
 	} else {
 		if( is_site_admin( $username ) == false && ( $primary_blog = get_usermeta( $login->ID, "primary_blog" ) ) ) {
 			$details = get_blog_details( $primary_blog );
-			if( is_object( $details ) && $details->archived == 1 || $details->spam == 1 || $details->deleted == 1 ) {
+			if( is_object( $details ) && $details->spam == 1 ) {
 				$error = __('<strong>Error</strong>: Blog suspended.');
 				return false;
 			}
diff -urN wordpress-mu-1.3/wp-includes/plugin.php wordpress-mu-1.3.2/wp-includes/plugin.php
--- wordpress-mu-1.3/wp-includes/plugin.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-includes/plugin.php	2008-01-11 18:36:12.000000000 +0100
@@ -242,6 +242,7 @@
 	$file = str_replace('\\','/',$file); // sanitize for Win32 installs
 	$file = preg_replace('|/+|','/', $file); // remove any duplicate slash
 	$file = preg_replace('|^.*/wp-content/plugins/|','',$file); // get relative path from plugins dir
+	$file = preg_replace('|^.*/wp-content/mu-plugins/|','',$file); // get relative path from mu-plugins dir
 	return $file;
 }
 
diff -urN wordpress-mu-1.3/wp-includes/post.php wordpress-mu-1.3.2/wp-includes/post.php
--- wordpress-mu-1.3/wp-includes/post.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-includes/post.php	2008-01-02 17:00:05.000000000 +0100
@@ -428,6 +428,10 @@
 }
 
 function sanitize_post($post, $context = 'display') {
+
+	if ( 'raw' == $context )
+		return $post;
+
 	// TODO: Use array keys instead of hard coded list
 	$fields = array('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_date', 'post_date_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'post_category');
 
@@ -1139,6 +1143,7 @@
 		$exclude = '';
 		$meta_key = '';
 		$meta_value = '';
+		$hierarchical = false;
 		$incpages = preg_split('/[\s,]+/',$include);
 		if ( count($incpages) ) {
 			foreach ( $incpages as $incpage ) {
diff -urN wordpress-mu-1.3/wp-includes/query.php wordpress-mu-1.3.2/wp-includes/query.php
--- wordpress-mu-1.3/wp-includes/query.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-includes/query.php	2008-01-02 17:00:05.000000000 +0100
@@ -32,9 +32,9 @@
  */
 
 function is_admin () {
-	global $wp_query;
-
-	return ($wp_query->is_admin || (stripos($_SERVER['REQUEST_URI'], 'wp-admin/') !== false));
+	if ( defined('WP_ADMIN') ) 
+		return WP_ADMIN;
+	return false;
 }
 
 function is_archive () {
@@ -642,7 +642,7 @@
 		if ('' != $qv['preview'])
 			$this->is_preview = true;
 
-		if ( strpos($_SERVER['PHP_SELF'], 'wp-admin/') !== false )
+		if ( is_admin() )
 			$this->is_admin = true;
 
 		if ( false !== strpos($qv['feed'], 'comments-') ) {
diff -urN wordpress-mu-1.3/wp-includes/taxonomy.php wordpress-mu-1.3.2/wp-includes/taxonomy.php
--- wordpress-mu-1.3/wp-includes/taxonomy.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-includes/taxonomy.php	2008-01-02 17:00:05.000000000 +0100
@@ -663,6 +663,10 @@
  * @return array|object Term with all fields sanitized
  */
 function sanitize_term($term, $taxonomy, $context = 'display') {
+
+	if ( 'raw' == $context )
+		return $term;
+
 	$fields = array('term_id', 'name', 'description', 'slug', 'count', 'parent', 'term_group');
 
 	$do_object = false;
@@ -933,8 +937,8 @@
 			$term_group = $alias->term_group;
 		} else {
 			// The alias isn't in a group, so let's create a new one and firstly add the alias term to it.
-			$term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1;
-			$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $alias->term_id ) );
+			$term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1;
+			$wpdb->query("UPDATE $wpdb->terms SET term_group = $term_group WHERE term_id = $alias->term_id");
 		}
 	}
 
diff -urN wordpress-mu-1.3/wp-includes/version.php wordpress-mu-1.3.2/wp-includes/version.php
--- wordpress-mu-1.3/wp-includes/version.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-includes/version.php	2008-01-24 20:11:43.000000000 +0100
@@ -2,8 +2,8 @@
 
 // This holds the version number in a separate file so we can bump it without cluttering the SVN
 
-$wp_version = '2.3.1';
-$wpmu_version = '1.3';
+$wp_version = '2.3.2';
+$wpmu_version = '1.3.2';
 $wp_db_version = 6124;
 
 ?>
diff -urN wordpress-mu-1.3/wp-includes/wp-db.php wordpress-mu-1.3.2/wp-includes/wp-db.php
--- wordpress-mu-1.3/wp-includes/wp-db.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-includes/wp-db.php	2008-01-11 16:52:14.000000000 +0100
@@ -15,11 +15,12 @@
 
 class wpdb {
 
-	var $show_errors = true;
+	var $show_errors = false;
 	var $num_queries = 0;
 	var $last_query;
 	var $col_info;
 	var $queries;
+	var $ready = false;
 
 	// Our tables
 	var $posts;
@@ -58,8 +59,15 @@
 	function __construct($dbuser, $dbpassword, $dbname, $dbhost) {
 		register_shutdown_function(array(&$this, "__destruct"));
 
+		if ( defined('WP_DEBUG') and WP_DEBUG == true )
+			$this->show_errors();
+
 		$this->charset = 'utf8';
-		$this->collete = 'utf8';
+		if( defined( 'DB_COLLATE' ) && constant( 'DB_COLLATE' ) != '' ) {
+			$this->collate = constant( 'DB_COLLATE' );
+		} else {
+			$this->collate = 'utf8_general_ci';
+		}
 
 		if ( defined('DB_CHARSET') )
 			$this->charset = DB_CHARSET;
@@ -79,8 +87,11 @@
 </ul>
 <p>If you're unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href='http://wordpress.org/support/'>WordPress Support Forums</a>.</p>
 ");
+			return;
 		}
 
+		$this->ready = true;
+
 		if ( !empty($this->charset) && version_compare(mysql_get_server_info(), '4.1.0', '>=') )
  			$this->query("SET NAMES '$this->charset'");
 
@@ -97,6 +108,7 @@
 	 */
 	function select($db, &$dbh) {
 		if (!@mysql_select_db($db, $dbh)) {
+			$this->ready = false;
 			$this->bail("
 <h1>Can&#8217;t select database</h1>
 <p>We were able to connect to the database server (which means your username and password is okay) but not able to select the <code>$db</code> database.</p>
@@ -105,6 +117,7 @@
 <li>On some systems the name of your database is prefixed with your username, so it would be like username_wordpress. Could that be the problem?</li>
 </ul>
 <p>If you don't know how to setup a database you should <strong>contact your host</strong>. If all else fails you may find help at the <a href='http://wordpress.org/support/'>WordPress Support Forums</a>.</p>");
+			return;
 		}
 	}
 
@@ -174,12 +187,16 @@
 	// ==================================================================
 	//	Turn error handling on or off..
 
-	function show_errors() {
-		$this->show_errors = true;
+	function show_errors( $show = true ) {
+		$errors = $this->show_errors;
+		$this->show_errors = $show;
+		return $errors;
 	}
 
 	function hide_errors() {
+		$show = $this->show_errors;
 		$this->show_errors = false;
+		return $show;
 	}
 
 	// ==================================================================
@@ -231,6 +248,9 @@
 	//	Basic Query	- see docs for more detail
 
 	function query($query) {
+		if ( ! $this->ready )
+			return false;
+
 		// filter the query, if filters are available
 		// NOTE: some queries are made before the plugins have been loaded, and thus cannot be filtered with this method
 		if ( function_exists('apply_filters') )
@@ -470,8 +490,13 @@
 	 * @param string $message
 	 */
 	function bail($message) { // Just wraps errors in a nice header and footer
-		if ( !$this->show_errors )
+		if ( !$this->show_errors ) {
+			if ( class_exists('WP_Error') )
+				$this->error = new WP_Error('500', $message);
+			else
+				$this->error = $message;
 			return false;
+		}
 		wp_die($message);
 	}
 }
diff -urN wordpress-mu-1.3/wp-includes/wpmu-functions.php wordpress-mu-1.3.2/wp-includes/wpmu-functions.php
--- wordpress-mu-1.3/wp-includes/wpmu-functions.php	2007-10-30 18:14:19.000000000 +0100
+++ wordpress-mu-1.3.2/wp-includes/wpmu-functions.php	2008-01-24 19:51:01.000000000 +0100
@@ -1053,6 +1053,10 @@
 // Notify user of signup success.
 function wpmu_signup_blog_notification($domain, $path, $title, $user, $user_email, $key, $meta = '') {
 	global $current_site;
+
+	if( !apply_filters('wpmu_signup_blog_notification', $domain, $path, $title, $user, $user_email, $key, $meta) )
+		return;
+
 	// Send email with activation link.
 	if( constant( "VHOST" ) == 'no' ) {
 		$activate_url = "http://" . $current_site->domain . $current_site->path . "wp-activate.php?key=$key";
@@ -1072,6 +1076,10 @@
 
 function wpmu_signup_user_notification($user, $user_email, $key, $meta = '') {
 	global $current_site;
+
+	if( !apply_filters('wpmu_signup_user_notification', $user, $user_email, $key, $meta) )
+		return;
+
 	// Send email with activation link.
 	$admin_email = get_site_option( "admin_email" );
 	if( $admin_email == '' )
@@ -1134,7 +1142,7 @@
 		if ( 'blog_taken' == $blog_id->get_error_code() ) {
 			$blog_id->add_data($signup);
 			$wpdb->query("UPDATE $wpdb->signups SET active = '1', activated = '$now' WHERE activation_key = '$key'");
-			error_log("Blog $blog_id failed to complete activation.", 0);	
+			error_log("Blog {$signup->domain} failed to complete activation, the blog already exists.", 0);	
 		}
 
 		return $blog_id;
@@ -1207,6 +1215,8 @@
 		update_blog_option( $blog_id, $key, $value );
 	}
 
+	add_blog_option( $blog_id, 'WPLANG', get_site_option( 'WPLANG' ) );
+
 	update_blog_option( $blog_id, 'blog_public', $meta['public'] );
 	delete_blog_option( $blog_id, 'public' );
 
@@ -1370,6 +1380,9 @@
 function wpmu_welcome_notification($blog_id, $user_id, $password, $title, $meta = '') {
 	global $current_site;
 
+	if( !apply_filters('wpmu_welcome_notification', $blog_id, $user_id, $password, $title, $meta) )
+		return;
+
 	$welcome_email = stripslashes( get_site_option( 'welcome_email' ) );
 	if( $welcome_email == false )
 		$welcome_email = stripslashes( __( "Dear User,
@@ -1412,6 +1425,9 @@
 function wpmu_welcome_user_notification($user_id, $password, $meta = '') {
 	global $current_site;
 
+	if( !apply_filters('wpmu_welcome_user_notification', $user_id, $password, $meta) )
+		return;
+
 	$welcome_email = __( "Dear User,
 
 Your new account is setup.
@@ -1823,9 +1839,6 @@
 	$wpdb->query( "UPDATE $wpdb->term_taxonomy SET term_id = '$global_id' WHERE term_id = '$term_id'" );
 	$wpdb->query( "UPDATE $wpdb->term_taxonomy SET parent = '$global_id' WHERE parent = '$term_id'" );
 
-	$wpdb->query( "UPDATE $wpdb->categories SET cat_ID = '$global_id' WHERE cat_ID = '$term_id'" );
-	$wpdb->query( "UPDATE $wpdb->categories SET category_parent = '$global_id' WHERE category_parent = '$term_id'" );
-
 	clean_term_cache($global_id, 'category');
 	clean_term_cache($global_id, 'post_tag');
 
@@ -1833,9 +1846,6 @@
 }   
 add_filter( 'term_id_filter', 'global_terms', 10, 2 ); // taxonomy specific filter
 
-/* WordPress MU Default Filters */
-add_filter('the_title', 'wp_filter_kses');
-
 function choose_primary_blog() {
 	global $current_user;
 	echo __('Primary Blog:') . ' ';
@@ -1859,4 +1869,17 @@
 	return array( $current_site->domain );
 }
 add_filter( 'allowed_redirect_hosts', 'redirect_this_site' );
+
+function upload_is_file_too_big( $upload ) {
+	if( is_array( $upload ) == false )
+		return $upload;
+	if( defined( 'WP_IMPORTING' ) )
+		return $upload;
+	if( strlen( $upload[ 'bits' ] )  > ( 1024 * get_site_option( 'fileupload_maxk', 1500 ) ) ) {
+		return __( "This file is too big. Files must be less than " . get_site_option( 'fileupload_maxk', 1500 ) . "Kb in size.<br />" );
+	}
+
+	return $upload;
+}
+add_filter( "wp_upload_bits", "upload_is_file_too_big" );
 ?>
diff -urN wordpress-mu-1.3/wp-mail.php wordpress-mu-1.3.2/wp-mail.php
--- wordpress-mu-1.3/wp-mail.php	2007-10-23 20:28:40.000000000 +0200
+++ wordpress-mu-1.3.2/wp-mail.php	2008-01-02 17:00:05.000000000 +0100
@@ -12,7 +12,7 @@
 $pop3 = new POP3();
 
 if (!$pop3->connect(get_option('mailserver_url'), get_option('mailserver_port')))
-	wp_die($pop3->ERROR);
+	wp_die(wp_specialchars($pop3->ERROR));
 
 $count = $pop3->login(get_option('mailserver_login'), get_option('mailserver_pass'));
 if (0 == $count) wp_die(__('There doesn&#8217;t seem to be any new mail.'));
@@ -129,9 +129,6 @@
 	$content = explode($phone_delim, $content);
 	$content[1] ? $content = $content[1] : $content = $content[0];
 
-	echo "<p><b>Content-type:</b> $content_type, <b>Content-Transfer-Encoding:</b> $content_transfer_encoding, <b>boundary:</b> $boundary</p>\n";
-	echo "<p><b>Raw content:</b><br /><pre>".$content.'</pre></p>';
-
 	$content = trim($content);
 
 	$post_content = apply_filters('phone_content', $content);
@@ -161,12 +158,11 @@
 
 	do_action('publish_phone', $post_ID);
 
-	echo "\n<p><b>Author:</b> $post_author</p>";
-	echo "\n<p><b>Posted title:</b> $post_title<br />";
-	echo "\n<b>Posted content:</b><br /><pre>".$content.'</pre></p>';
+	echo "\n<p><b>Author:</b> " . wp_specialchars($post_author) . "</p>";
+	echo "\n<p><b>Posted title:</b> " . wp_specialchars($post_title) . "<br />";
 
 	if(!$pop3->delete($i)) {
-		echo '<p>Oops '.$pop3->ERROR.'</p></div>';
+		echo '<p>Oops '.wp_specialchars($pop3->ERROR).'</p></div>';
 		$pop3->reset();
 		exit;
 	} else {
diff -urN wordpress-mu-1.3/wpmu-settings.php wordpress-mu-1.3.2/wpmu-settings.php
--- wordpress-mu-1.3/wpmu-settings.php	2007-10-26 18:50:19.000000000 +0200
+++ wordpress-mu-1.3.2/wpmu-settings.php	2008-01-02 18:48:17.000000000 +0100
@@ -46,7 +46,7 @@
 				$current_site = $sites[0];
 				die( "That blog does not exist. Please try <a href='http://{$current_site->domain}{$current_site->path}'>http://{$current_site->domain}{$current_site->path}</a>" );
 			} else {
-				die( "No WPMU site defined on this host. If you are the owner of this site, please check <a href='http://trac.mu.wordpress.org/wiki/DebuggingWpmu'>Debugging WPMU</a> for further assistance." );
+				die( "No WPMU site defined on this host. If you are the owner of this site, please check <a href='http://codex.wordpress.org/Debugging_WPMU'>Debugging WPMU</a> for further assistance." );
 			}
 		} else {
 			$path = '/';
@@ -61,7 +61,7 @@
 				$current_site = $sites[0];
 				die( "That blog does not exist. Please try <a href='http://{$current_site->domain}{$current_site->path}'>http://{$current_site->domain}{$current_site->path}</a>" );
 			} else {
-				die( "No WPMU site defined on this host. If you are the owner of this site, please check <a href='http://trac.mu.wordpress.org/wiki/DebuggingWpmu'>Debugging WPMU</a> for further assistance." );
+				die( "No WPMU site defined on this host. If you are the owner of this site, please check <a href='http://codex.wordpress.org/Debugging_WPMU'>Debugging WPMU</a> for further assistance." );
 			}
 		} else {
 			$path = '/';
@@ -103,7 +103,11 @@
 
 if( defined( "WP_INSTALLING" ) == false ) {
 	if( $current_site && $current_blog == null ) {
-		header( "Location: http://{$current_site->domain}{$current_site->path}wp-signup.php?new=" . urlencode( $blogname ) );
+		if( defined( 'NOBLOGREDIRECT' ) && constant( 'NOBLOGREDIRECT' ) != '' ) {
+			header( "Location: " . constant( 'NOBLOGREDIRECT' ) . "?new=" . urlencode( $blogname ) );
+		} else {
+			header( "Location: http://{$current_site->domain}{$current_site->path}wp-signup.php?new=" . urlencode( $blogname ) );
+		}
 		die();
 	}
 	if( $current_blog == false || $current_site == false )
@@ -183,7 +187,7 @@
 			$msg .= "Searched for <em>" . $domain . $path . "</em> in " . DB_NAME . "::" . $wpdb->blogs . " table. Is that right?<br />";
 		}
 		$msg .= "<br />\n<h1>What do I do now?</h1>";
-		$msg .= "Read the <a target='_blank' href='http://trac.mu.wordpress.org/wiki/DebuggingWpmu'>bug report</a> page. Some of the guidelines there may help you figure out what went wrong.<br />";
+		$msg .= "Read the <a target='_blank' href='http://codex.wordpress.org/Debugging_WPMU'>bug report</a> page. Some of the guidelines there may help you figure out what went wrong.<br />";
 		$msg .= "If you're still stuck with this message, then check that your database contains the following tables:<ul>
 			<li> $wpdb->blogs </li>
 			<li> $wpdb->users </li>
@@ -192,7 +196,7 @@
 			<li> $wpdb->sitemeta </li>
 			<li> $wpdb->sitecategories </li>
 			</ul>";
-		$msg .= "If you suspect a problem please report it to the support forums but you must include the information asked for in the <a href='http://trac.mu.wordpress.org/wiki/DebuggingWpmu'>WPMU bug reporting guidelines</a>!<br /><br />";
+		$msg .= "If you suspect a problem please report it to the support forums but you must include the information asked for in the <a href='http://codex.wordpress.org/Debugging_WPMU'>WPMU bug reporting guidelines</a>!<br /><br />";
 		if( is_file( 'release-info.txt' ) ) {
 			$msg .= 'Your bug report must include the following text: "';
 			$info = file( 'release-info.txt' );
diff -urN wordpress-mu-1.3/wp-settings.php wordpress-mu-1.3.2/wp-settings.php
--- wordpress-mu-1.3/wp-settings.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/wp-settings.php	2008-01-14 20:05:09.000000000 +0100
@@ -130,6 +130,9 @@
 else
 	require_once (ABSPATH . WPINC . '/wp-db.php');
 
+if ( !empty($wpdb->error) )
+	dead_db();
+
 // $table_prefix is deprecated as of 2.1
 $wpdb->prefix = $wpdb->base_prefix = $table_prefix;
 
@@ -137,6 +140,7 @@
 	wp_die("<strong>ERROR</strong>: <code>$table_prefix</code> in <code>wp-config.php</code> can only contain numbers, letters, and underscores.");
 
 // Table names
+$wpdb->usermeta       = $wpdb->prefix . 'usermeta';
 $wpdb->blogs		= $wpdb->prefix . 'blogs';
 $wpdb->site		= $wpdb->prefix . 'site';
 $wpdb->sitemeta		= $wpdb->prefix . 'sitemeta';
@@ -145,7 +149,6 @@
 $wpdb->registration_log	= $wpdb->prefix . 'registration_log';
 $wpdb->blog_versions	= $wpdb->prefix . 'blog_versions';
 $wpdb->users		= $wpdb->prefix . 'users';
-$wpdb->usermeta		= $wpdb->prefix . 'usermeta';
 
 if( defined( 'SUNRISE' ) )
 	include_once( ABSPATH . 'wp-content/sunrise.php' );
@@ -172,9 +175,6 @@
 if ( defined('CUSTOM_USER_META_TABLE') )
 	$wpdb->usermeta = CUSTOM_USER_META_TABLE;
 
-// To be removed in 2.2
-$tableposts = $tableusers = $tablecategories = $tablepost2cat = $tablecomments = $tablelink2cat = $tablelinks = $tablelinkcategories = $tableoptions = $tablepostmeta = '';
-
 if ( file_exists(ABSPATH . 'wp-content/object-cache.php') )
 	require_once (ABSPATH . 'wp-content/object-cache.php');
 else
@@ -269,7 +269,7 @@
 	graceful_fail(__('This user has elected to delete their account and the content is no longer available.'));
 
 if ( '2' == $current_blog->deleted )
-		graceful_fail(sprintf(__('This blog has not been activated yet. If you are having problems activating your blog, please contact <a href="mailto:support@{%1$s}">support@{%1$s}</a>.'), $current_site->domain));
+		graceful_fail(sprintf(__('This blog has not been activated yet. If you are having problems activating your blog, please contact <a href="mailto:%1$s">%1$s</a>.'), get_site_option( 'admin_email', "support@{$current_site->domain}" )));
 
 if( $current_blog->archived == '1' )
     graceful_fail(__('This blog has been archived or suspended.'));
@@ -287,6 +287,8 @@
 	define('USER_COOKIE', 'wordpressuser');
 if ( !defined('PASS_COOKIE') )
 	define('PASS_COOKIE', 'wordpresspass');
+if ( !defined('TEST_COOKIE') )
+	define('TEST_COOKIE', 'wordpress_test_cookie');
 if ( !defined('COOKIEPATH') )
 	define('COOKIEPATH', $current_site->path );
 if ( !defined('SITECOOKIEPATH') )
diff -urN wordpress-mu-1.3/wp-signup.php wordpress-mu-1.3.2/wp-signup.php
--- wordpress-mu-1.3/wp-signup.php	2007-10-30 18:28:04.000000000 +0100
+++ wordpress-mu-1.3.2/wp-signup.php	2008-01-02 18:49:22.000000000 +0100
@@ -8,7 +8,7 @@
 require_once( ABSPATH . WPINC . '/registration.php' );
 
 if( is_array( get_site_option( 'illegal_names' )) && $_GET[ 'new' ] != '' && in_array( $_GET[ 'new' ], get_site_option( 'illegal_names' ) ) == true ) {
-	header( "Location: http://{$current_site->domain}{$current_site->path}" );
+	wp_redirect( "http://{$current_site->domain}{$current_site->path}" );
 	die();
 }
 
@@ -19,7 +19,7 @@
 }
 
 if( $current_blog->domain . $current_blog->path != $current_site->domain . $current_site->path ) {
-	header( "Location: http://" . $current_site->domain . $current_site->path . "wp-signup.php" );
+	wp_redirect( "http://" . $current_site->domain . $current_site->path . "wp-signup.php" );
 	die();
 }
 
@@ -93,7 +93,7 @@
 <tr>
 <th scope="row"  valign="top"><?php _e('Privacy:') ?></th>
 <td><?php _e('I would like my blog to appear in search engines like Google and Technorati, and in public listings around this site.'); ?> 
-<label><input type="radio" name="blog_public" value="1" <?php if( !isset( $_POST[ 'blog_public' ] ) || $_POST[ 'blog_public' ] == '1' ) { ?>checked="checked"<?php } ?> /> <strong>Yes</strong> </label> <label><input type="radio" name="blog_public" value="0" <?php if( isset( $_POST[ 'blog_public' ] ) && $_POST[ 'blog_public' ] == '0' ) { ?>checked="checked"<?php } ?> /><strong>No</strong> </label> <br />
+<label><input type="radio" name="blog_public" value="1" <?php if( !isset( $_POST[ 'blog_public' ] ) || $_POST[ 'blog_public' ] == '1' ) { ?>checked="checked"<?php } ?> /> <strong><?php _e( 'Yes' ); ?></strong> </label> <label><input type="radio" name="blog_public" value="0" <?php if( isset( $_POST[ 'blog_public' ] ) && $_POST[ 'blog_public' ] == '0' ) { ?>checked="checked"<?php } ?> /><strong><?php _e( 'No' ); ?></strong> </label> <br />
 </tr>
 <?php
 do_action('signup_blogform', $errors);
@@ -308,6 +308,7 @@
 <p><?php printf(__('Check your inbox at <strong>%1$s</strong> and click the link given.  '),  $user_email) ?></p>
 <p><?php _e('If you do not activate your username within two days, you will have to sign up again.'); ?></p>
 <?php
+	do_action('signup_finished');
 }
 
 function signup_blog($user_name = '', $user_email = '', $blog_id = '', $blog_title = '', $errors = '') {
@@ -386,15 +387,19 @@
 $active_signup = apply_filters( 'wpmu_active_signup', $active_signup ); // return "all", "none", "blog" or "user"
 
 if( is_site_admin() ) {
-	echo "<div style='background: #faf; font-weight: bold; border: 1px solid #333; margin: 2px; padding: 2px'>Greetings Site Administrator! You are currently allowing '$active_signup' registrations. To change or disable registration go to your <a href='wp-admin/wpmu-options.php'>Options page</a>.</div>";
+	echo "<div style='background: #faf; font-weight: bold; border: 1px solid #333; margin: 2px; padding: 2px'>" . sprintf( __( "Greetings Site Administrator! You are currently allowing '%s' registrations. To change or disable registration go to your <a href='wp-admin/wpmu-options.php'>Options page</a>." ), $active_signup ) . "</div>";
 }
 
 $newblogname = isset($_GET['new']) ? strtolower(preg_replace('/^-|-$|[^-a-zA-Z0-9]/', '', $_GET['new'])) : null;
 
+$current_user = wp_get_current_user();
 if( $active_signup == "none" ) {
 	_e( "Registration has been disabled." );
 } else {
-switch ($_POST['stage']) {
+	if( $active_signup == 'blog' && !is_user_logged_in() ) {
+		wp_die( 'You must be logged in to register a blog.' );
+	}
+	switch ($_POST['stage']) {
 	case 'validate-user-signup' :
 		if( $active_signup == 'all' || $_POST[ 'signup_for' ] == 'blog' && $active_signup == 'blog' || $_POST[ 'signup_for' ] == 'user' && $active_signup == 'user' )
 			validate_user_signup();
@@ -431,7 +436,7 @@
 			printf(__("<p><em>The blog you were looking for, <strong>%s</strong> doesn't exist but you can create it now!</em></p>"), $newblog );
 		}
 		break;
-}
+	}
 }
 ?>
 </div>
diff -urN wordpress-mu-1.3/xmlrpc.php wordpress-mu-1.3.2/xmlrpc.php
--- wordpress-mu-1.3/xmlrpc.php	2007-10-30 17:49:38.000000000 +0100
+++ wordpress-mu-1.3.2/xmlrpc.php	2008-01-02 17:00:05.000000000 +0100
@@ -187,6 +187,12 @@
 			return($this->error);
 		}
 
+		set_current_user( 0, $username );
+		if( !current_user_can( 'edit_page', $page_id ) )
+			return new IXR_Error( 401, __( 'Sorry, you can not edit this page.' ) );
+
+		do_action('xmlrpc_call', 'wp.getPage');
+
 		// Lookup page info.
 		$page = get_page($page_id);
 
@@ -268,6 +274,12 @@
 			return($this->error);
 		}
 
+		set_current_user( 0, $username );
+		if( !current_user_can( 'edit_pages' ) )
+			return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) );
+
+		do_action('xmlrpc_call', 'wp.getPages');
+
 		// Lookup info on pages.
 		$pages = get_pages();
 		$num_pages = count($pages);
@@ -426,6 +438,12 @@
 			return($this->error);
 		}
 
+		set_current_user( 0, $username );
+		if( !current_user_can( 'edit_pages' ) )
+			return new IXR_Error( 401, __( 'Sorry, you can not edit pages.' ) );
+
+		do_action('xmlrpc_call', 'wp.getPageList');
+
 		// Get list of pages ids and titles
 		$page_list = $wpdb->get_results("
 			SELECT ID page_id,
@@ -459,7 +477,6 @@
 	 * wp_getAuthors
 	 */
 	function wp_getAuthors($args) {
-		global $wpdb;
 
 		$this->escape($args);
 
@@ -471,7 +488,23 @@
 			return($this->error);
 		}
 
-		return(get_users_of_blog());
+		set_current_user(0, $username);
+		if(!current_user_can("edit_posts")) {
+			return(new IXR_Error(401, __("Sorry, you can not edit posts on this blog.")));
+        }
+
+		do_action('xmlrpc_call', 'wp.getAuthors');
+
+		$authors = array();
+		foreach( (array) get_users_of_blog() as $row ) {
+			$authors[] = array(
+				"user_id"       => $row->user_id,
+				"user_login"    => $row->user_login,
+				"display_name"  => $row->display_name
+			);
+		}
+
+		return($authors);
 	}
 
 	/**
@@ -493,7 +526,7 @@
 		// Set the user context and make sure they are
 		// allowed to add a category.
 		set_current_user(0, $username);
-		if(!current_user_can("manage_categories", $page_id)) {
+		if(!current_user_can("manage_categories")) {
 			return(new IXR_Error(401, __("Sorry, you do not have the right to add a category.")));
 		}
 
@@ -547,6 +580,12 @@
 			return($this->error);
 		}
 
+		set_current_user(0, $username);
+		if( !current_user_can( 'edit_posts' ) ) 
+			return new IXR_Error( 401, __( 'Sorry, you must be able to publish to this blog in order to view categories.' ) );
+
+		do_action('xmlrpc_call', 'wp.suggestCategories');
+
 		$args = array('get' => 'all', 'number' => $max_results, 'name__like' => $category);
 		$category_suggestions = get_categories($args);
 
@@ -610,13 +649,18 @@
 			return $this->error;
 		}
 
+		set_current_user( 0, $user_login );
+		if( !current_user_can( 'edit_posts' ) ) 
+			return new IXR_Error( 401, __( 'Sorry, you do not have access to user data on this blog.' ) );
+
+		do_action('xmlrpc_call', 'blogger.getUserInfo');
+
 		$user_data = get_userdatabylogin($user_login);
 
 		$struct = array(
 			'nickname'  => $user_data->nickname,
 			'userid'    => $user_data->ID,
 			'url'       => $user_data->user_url,
-			'email'     => $user_data->user_email,
 			'lastname'  => $user_data->last_name,
 			'firstname' => $user_data->first_name
 		);
@@ -638,7 +682,12 @@
 			return $this->error;
 		}
 
-		$user_data = get_userdatabylogin($user_login);
+		set_current_user( 0, $user_login );
+		if( !current_user_can( 'edit_post', $post_ID ) ) 
+			return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) );
+
+		do_action('xmlrpc_call', 'blogger.getPost');
+
 		$post_data = wp_get_single_post($post_ID, ARRAY_A);
 
 		$categories = implode(',', wp_get_post_categories($post_ID));
@@ -676,12 +725,16 @@
 
 		$posts_list = wp_get_recent_posts($num_posts);
 
+		set_current_user( 0, $user_login );
+
 		if (!$posts_list) {
 			$this->error = new IXR_Error(500, __('Either there are no posts, or something went wrong.'));
 			return $this->error;
 		}
 
 		foreach ($posts_list as $entry) {
+			if( !current_user_can( 'edit_post', $entry['ID'] ) )
+				continue;
 
 			$post_date = mysql2date('Ymd\TH:i:s', $entry['post_date']);
 			$categories = implode(',', wp_get_post_categories($entry['ID']));
@@ -1341,78 +1394,83 @@
 	/* metaweblog.getPost ...returns a post */
 	function mw_getPost($args) {
 
-	  global $wpdb;
+		global $wpdb;
 
 		$this->escape($args);
 
-	  $post_ID     = (int) $args[0];
-	  $user_login  = $args[1];
-	  $user_pass   = $args[2];
+		$post_ID     = (int) $args[0];
+		$user_login  = $args[1];
+		$user_pass   = $args[2];
 
-	  if (!$this->login_pass_ok($user_login, $user_pass)) {
-	    return $this->error;
-	  }
+		if (!$this->login_pass_ok($user_login, $user_pass)) {
+			return $this->error;
+		}
 
-	  $postdata = wp_get_single_post($post_ID, ARRAY_A);
+		set_current_user( 0, $user_login );
+		if( !current_user_can( 'edit_post', $post_ID ) )
+			return new IXR_Error( 401, __( 'Sorry, you can not edit this post.' ) );
 
-	  if ($postdata['post_date'] != '') {
+		do_action('xmlrpc_call', 'metaWeblog.getPost');
 
-	    $post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']);
-	    $post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']);
+		$postdata = wp_get_single_post($post_ID, ARRAY_A);
 
-	    $categories = array();
-	    $catids = wp_get_post_categories($post_ID);
-	    foreach($catids as $catid) {
-	      $categories[] = get_cat_name($catid);
-	    }
+		if ($postdata['post_date'] != '') {
+			$post_date = mysql2date('Ymd\TH:i:s', $postdata['post_date']);
+			$post_date_gmt = mysql2date('Ymd\TH:i:s', $postdata['post_date_gmt']);
 
-		$tagnames = array();
-		$tags = wp_get_post_tags( $post_ID );
-		if ( !empty( $tags ) ) {
-			foreach ( $tags as $tag ) {
-				$tagnames[] = $tag->name;
+			$categories = array();
+			$catids = wp_get_post_categories($post_ID);
+			foreach($catids as $catid) {
+				$categories[] = get_cat_name($catid);
+			}
+
+			$tagnames = array();
+			$tags = wp_get_post_tags( $post_ID );
+			if ( !empty( $tags ) ) {
+				foreach ( $tags as $tag ) {
+					$tagnames[] = $tag->name;
+				}
+				$tagnames = implode( ', ', $tagnames );
+			} else {
+				$tagnames = '';
 			}
-			$tagnames = implode( ', ', $tagnames );
-		} else {
-			$tagnames = '';
-		}
 
-	    $post = get_extended($postdata['post_content']);
-	    $link = post_permalink($postdata['ID']);
+			$post = get_extended($postdata['post_content']);
+			$link = post_permalink($postdata['ID']);
 
-		// Get the author info.
-		$author = get_userdata($postdata['post_author']);
+			// Get the author info.
+			$author = get_userdata($postdata['post_author']);
 
-	    $allow_comments = ('open' == $postdata['comment_status']) ? 1 : 0;
-	    $allow_pings = ('open' == $postdata['ping_status']) ? 1 : 0;
-
-	    $resp = array(
-