From 840dee3ad43a33d5b97b2e1dee64d5c04e255227 Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@users.mediawiki.org>
Date: Sat, 6 Mar 2004 01:49:16 +0000
Subject: [PATCH] * Fixed magic quotes in $_REQUEST, in Setup.php * Converted
 many instances of globals from the query to $_REQUEST * Renamed near-useless
 Title::getURL() to Title::getPartialURL() * Created new Title::getURL(), to
 replace wfLocalUrl, wfLocalUrlE, wfFullUrl and wfFullUrlE. Replaced most
 instances throughout the code * In Parser.php, generalised stripping of
 <nowiki>, <pre> and <math> to allow more general use such as nesting * Moved
 body of Article::preSaveTransform to Parser.php * Put lots of comments in
 Title.php

---
 includes/Article.php              | 102 ++---------
 includes/Database.php             |   4 +-
 includes/EditPage.php             |   5 +-
 includes/GlobalFunctions.php      |  26 ++-
 includes/MagicWord.php            |   6 +-
 includes/Namespace.php            |   4 +
 includes/OutputPage.php           |   4 +-
 includes/PageHistory.php          |   2 +-
 includes/Parser.php               | 235 +++++++++++++++++++------
 includes/SearchEngine.php         |  19 ++-
 includes/Setup.php                |   9 +
 includes/Skin.php                 |  30 ++--
 includes/SkinCologneBlue.php      |   5 +-
 includes/SkinSmarty.php           |   7 +-
 includes/SpecialAsksql.php        |   6 +-
 includes/SpecialBlockip.php       |   9 +-
 includes/SpecialEmailuser.php     |   9 +-
 includes/SpecialExport.php        |   3 +-
 includes/SpecialImagelist.php     |   4 +-
 includes/SpecialIpblocklist.php   |  17 +-
 includes/SpecialLockdb.php        |   9 +-
 includes/SpecialMakesysop.php     |   4 +-
 includes/SpecialMovepage.php      |  61 ++++---
 includes/SpecialPreferences.php   |   3 +-
 includes/SpecialUndelete.php      |   3 +-
 includes/SpecialUnlockdb.php      |   8 +-
 includes/SpecialUpload.php        |   7 +-
 includes/SpecialUserlogin.php     | 112 ++++++------
 includes/SpecialWatchlist.php     |   7 +-
 includes/SpecialWhatlinkshere.php |   2 +-
 includes/SquidUpdate.php          |   2 +-
 includes/Title.php                | 273 ++++++++++++++++++++++--------
 index.php                         |  19 ++-
 33 files changed, 610 insertions(+), 406 deletions(-)

diff --git a/includes/Article.php b/includes/Article.php
index 74b8b0c4ad..778d3aa640 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -154,8 +154,7 @@ class Article {
 							return;
 						}
 						if ( $rt->getNamespace() == Namespace::getSpecial() ) {
-							$wgOut->redirect( wfLocalUrl(
-							  $rt->getPrefixedURL() ) );
+							$wgOut->redirect( $rt->getURL() );
 							return;
 						}
 						$rid = $rt->getArticleID();
@@ -431,7 +430,7 @@ class Article {
 		# Squid purging
 		if ( $wgUseSquid ) {
 			$urlArr = Array( 
-				$wgInternalServer.wfLocalUrl( $this->mTitle->getPrefixedURL())
+				$wgInternalServer.$this->mTitle->getURL()
 			);			
 			wfPurgeSquidServers($urlArr);
 			/* this needs to be done after LinksUpdate */
@@ -547,7 +546,7 @@ class Article {
 		
 		if ( $wgUseSquid ) {
 			$urlArr = Array( 
-				$wgInternalServer.wfLocalUrl( $this->mTitle->getPrefixedURL())
+				$wgInternalServer.$this->mTitle->getURL()
 			);			
 			wfPurgeSquidServers($urlArr);
 		}
@@ -578,7 +577,7 @@ class Article {
 			$r = "redirect=no";
 		else
 			$r = "";
-		$wgOut->redirect( wfLocalUrl( $this->mTitle->getPrefixedURL(), $r ) );
+		$wgOut->redirect( $this->mTitle->getURL( $r ) );
 	}
 
 	# Add this page to my watchlist
@@ -651,7 +650,7 @@ class Article {
 		} else {
 			$log->addEntry( wfMsg( "protectedarticle", $this->mTitle->getPrefixedText() ), "" );
 		}
-		$wgOut->redirect( wfLocalUrl( $this->mTitle->getPrefixedURL() ) );
+		$wgOut->redirect( $this->mTitle->getURL() );
 	}
 
 	function unprotect()
@@ -767,9 +766,8 @@ class Article {
 		$wgOut->setRobotpolicy( "noindex,nofollow" );
 		$wgOut->addWikiText( wfMsg( "confirmdeletetext" ) );
 
-		$t = $this->mTitle->getPrefixedURL();
-
-		$formaction = wfEscapeHTML( wfLocalUrl( $t, "action=delete" . $par ) );
+		$formaction = $this->mTitle->getURL( $this->mTitle, "action=delete" . $par, true );
+		
 		$confirm = wfMsg( "confirm" );
 		$check = wfMsg( "confirmcheck" );
 		$delcom = wfMsg( "deletecomment" );
@@ -837,7 +835,7 @@ class Article {
 		# Squid purging
 		if ( $wgUseSquid ) {
 			$urlArr = Array(
-				$wgInternalServer.wfLocalUrl( $this->mTitle->getPrefixedURL())
+				$wgInternalServer.$this->mTitle->getURL()
 			);
 			wfPurgeSquidServers($urlArr);
 
@@ -847,7 +845,7 @@ class Article {
 			while ( $BL = wfFetchObject ( $res ) )
 			{
 				$tobj = Title::newFromDBkey( $BL->l_from) ; 
-				$blurlArr[] = $wgInternalServer.wfLocalUrl( $tobj->getPrefixedURL() );
+				$blurlArr[] = $wgInternalServer.$tobj->getURL();
 			}
 			wfFreeResult ( $res ) ;
 			$u = new SquidUpdate( $this->mTitle, $blurlArr );
@@ -1092,86 +1090,10 @@ class Article {
 
 	function preSaveTransform( $text )
 	{
-		$s = "";
-		while ( "" != $text ) {
-			$p = preg_split( "/<\\s*nowiki\\s*>/i", $text, 2 );
-			$s .= $this->pstPass2( $p[0] );
-
-			if ( ( count( $p ) < 2 ) || ( "" == $p[1] ) ) { $text = ""; }
-			else {
-				$q = preg_split( "/<\\/\\s*nowiki\\s*>/i", $p[1], 2 );
-				$s .= "<nowiki>{$q[0]}</nowiki>";
-				$text = $q[1];
-			}
-		}
-		return rtrim( $s );
+		global $wgParser, $wgUser;
+		return $wgParser->preSaveTransform( $text, $this->mTitle, $wgUser, ParserOptions::newFromUser( $wgUser ) );
 	}
-
-	/* private */ function pstPass2( $text )
-	{
-		global $wgUser, $wgLang, $wgLocaltimezone;
-
-		# Signatures
-		#
-		$n = $wgUser->getName();
-		$k = $wgUser->getOption( "nickname" );
-		if ( "" == $k ) { $k = $n; }
-		if(isset($wgLocaltimezone)) {
-			$oldtz = getenv("TZ"); putenv("TZ=$wgLocaltimezone");
-		}
-		/* Note: this is an ugly timezone hack for the European wikis */
-		$d = $wgLang->timeanddate( date( "YmdHis" ), false ) .
-		  " (" . date( "T" ) . ")";
-		if(isset($wgLocaltimezone)) putenv("TZ=$oldtz");
-
-		$text = preg_replace( "/~~~~/", "[[" . $wgLang->getNsText(
-		  Namespace::getUser() ) . ":$n|$k]] $d", $text );
-		$text = preg_replace( "/~~~/", "[[" . $wgLang->getNsText(
-		  Namespace::getUser() ) . ":$n|$k]]", $text );
-
-		# Context links: [[|name]] and [[name (context)|]]
-		#
-		$tc = "[&;%\\-,.\\(\\)' _0-9A-Za-z\\/:\\x80-\\xff]";
-		$np = "[&;%\\-,.' _0-9A-Za-z\\/:\\x80-\\xff]"; # No parens
-		$namespacechar = '[ _0-9A-Za-z\x80-\xff]'; # Namespaces can use non-ascii!
-		$conpat = "/^({$np}+) \\(({$tc}+)\\)$/";
-
-		$p1 = "/\[\[({$np}+) \\(({$np}+)\\)\\|]]/";		# [[page (context)|]]
-		$p2 = "/\[\[\\|({$tc}+)]]/";					# [[|page]]
-		$p3 = "/\[\[($namespacechar+):({$np}+)\\|]]/";		# [[namespace:page|]]
-		$p4 = "/\[\[($namespacechar+):({$np}+) \\(({$np}+)\\)\\|]]/";
-														# [[ns:page (cont)|]]
-		$context = "";
-		$t = $this->mTitle->getText();
-		if ( preg_match( $conpat, $t, $m ) ) {
-			$context = $m[2];
-		}
-		$text = preg_replace( $p4, "[[\\1:\\2 (\\3)|\\2]]", $text );
-		$text = preg_replace( $p1, "[[\\1 (\\2)|\\1]]", $text );
-		$text = preg_replace( $p3, "[[\\1:\\2|\\2]]", $text );
-
-		if ( "" == $context ) {
-			$text = preg_replace( $p2, "[[\\1]]", $text );
-		} else {
-			$text = preg_replace( $p2, "[[\\1 ({$context})|\\1]]", $text );
-		}
-		
-		# {{SUBST:xxx}} variables
-		#
-		$mw =& MagicWord::get( MAG_SUBST );
-		$text = $mw->substituteCallback( $text, "wfReplaceSubstVar" );
-
-/* Experimental:
-		# Trim trailing whitespace
-		# MAG_END (__END__) tag allows for trailing 
-		# whitespace to be deliberately included
-		$text = rtrim( $text );
-		$mw =& MagicWord::get( MAG_END );
-		$mw->matchAndRemove( $text );
-*/
-		return $text;
-	}
-
+	
 	/* Caching functions */
 
 	# checkLastModified returns true iff it has taken care of all
diff --git a/includes/Database.php b/includes/Database.php
index 6e295e3261..568f87a39f 100644
--- a/includes/Database.php
+++ b/includes/Database.php
@@ -106,8 +106,8 @@ class Database {
 				$success = false;
 			}
 		} else {
-			# Delay USE
-			$success = true;
+			# Delay USE query
+			$success = !!$this->mConn;
 		}
 		
 		if ( !$success ) {
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 288cb256a5..bc59468028 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -129,8 +129,7 @@ class EditPage {
 				# append them and the string comparison fails
 				if ( ( "" == $wpTextbox1 ) ||
 				  ( wfMsg( "newarticletext" ) == rtrim( preg_replace("/\r/","",$wpTextbox1) ) ) ) {
-					$wgOut->redirect(  wfLocalUrl(
-					  $this->mTitle->getPrefixedURL() ) );
+					$wgOut->redirect( $this->mTitle->getURL() );
 					return;
 				}
 				$this->mArticle->insertNewArticle( $wpTextbox1, $wpSummary, $wpMinoredit, $wpWatchthis );
@@ -228,7 +227,7 @@ class EditPage {
 
 		$q = "action=submit";
 		if ( "no" == $redirect ) { $q .= "&redirect=no"; }
-		$action = wfEscapeHTML( wfLocalUrl( $this->mTitle->getPrefixedURL(), $q ) );
+		$action = $this->mTitle->getURL( $q, true );
 
 		$summary = wfMsg( "summary" );
 		$subject = wfMsg("subject");
diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 5491fbaf3f..bf95d2a83e 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -49,12 +49,14 @@ function wfSeedRandom()
 	}
 }
 
+# Generates a URL from a URL-encoded title and a query string
+# Title::getURL() is preferred in most cases
+#
 function wfLocalUrl( $a, $q = "" )
 {
 	global $wgServer, $wgScript, $wgArticlePath;
 
 	$a = str_replace( " ", "_", $a );
-	#$a = wfUrlencode( $a ); # This stuff is _already_ URL-encoded.
 
 	if ( "" == $a ) {
 		if( "" == $q ) {
@@ -78,12 +80,14 @@ function wfLocalUrlE( $a, $q = "" )
 }
 
 function wfFullUrl( $a, $q = "" ) {
-	global $wgServer;
-	return $wgServer . wfLocalUrl( $a, $q );
+	$titleObj = Title::newFromURL( $a );
+	return $titleObj->getURL( $q, false, true );
 }
 
 function wfFullUrlE( $a, $q = "" ) {
-	return wfEscapeHTML( wfFullUrl( $a, $q ) );
+	$titleObj = Title::newFromURL( $a );
+	return $titleObj->getURL( $q, true, true );
+
 }
 
 function wfImageUrl( $img )
@@ -154,10 +158,11 @@ function wfImageArchiveUrl( $name )
 
 function wfUrlencode ( $s )
 {
-	$ulink = urlencode( $s );
-	$ulink = preg_replace( "/%3[Aa]/", ":", $ulink );
-	$ulink = preg_replace( "/%2[Ff]/", "/", $ulink );
-	return $ulink;
+	$s = urlencode( $s );
+	$s = preg_replace( "/%3[Aa]/", ":", $s );
+	$s = preg_replace( "/%2[Ff]/", "/", $s );
+
+	return $s;
 }
 
 function wfUtf8Sequence($codepoint) {
@@ -604,6 +609,7 @@ function wfViewPrevNext( $offset, $limit, $link, $query = "", $atend = false )
 	global $wgUser;
 	$prev = wfMsg( "prevn", $limit );
 	$next = wfMsg( "nextn", $limit );
+	$link = wfUrlencode( $link );
 
 	$sk = $wgUser->getSkin();
 	if ( 0 != $offset ) {
@@ -725,6 +731,7 @@ function wfHtmlEscapeFirst( $text ) {
 	return "&#$ord;$newText";
 }
 
+# Sets dest to source and returns the original value of dest
 function wfSetVar( &$dest, $source )
 {
 	$temp = $dest;
@@ -732,7 +739,8 @@ function wfSetVar( &$dest, $source )
 	return $temp;
 }
 
-function &wfSetRef( &$dest, $source )
+# Sets dest to a reference to source and returns the original dest
+function &wfSetRef( &$dest, &$source )
 {
 	$temp =& $dest;
 	$dest =& $source;
diff --git a/includes/MagicWord.php b/includes/MagicWord.php
index b5ee3e9eb9..506046981e 100644
--- a/includes/MagicWord.php
+++ b/includes/MagicWord.php
@@ -54,14 +54,14 @@ class MagicWord {
 	# Preliminary initialisation
 	/* private */ function initRegex()
 	{
-		$variableClass = "A-Za-z0-9_\-\x80-\xff";
+		$variableClass = Title::legalChars();
 		$escSyn = array_map( "preg_quote", $this->mSynonyms );
 		$this->mBaseRegex = implode( "|", $escSyn );
 		$case = $this->mCaseSensitive ? "" : "i";
 		$this->mRegex = "/{$this->mBaseRegex}/{$case}";
 		$this->mRegexStart = "/^{$this->mBaseRegex}/{$case}";
-		$this->mVariableRegex = str_replace( "\\$1", "([$variableClass]*)", $this->mRegex );
-		$this->mVariableStartToEndRegex = str_replace( "\\$1", "([$variableClass]*)", 
+		$this->mVariableRegex = str_replace( "\\$1", "([$variableClass]*?)", $this->mRegex );
+		$this->mVariableStartToEndRegex = str_replace( "\\$1", "([$variableClass]*?)", 
 			"/^{$this->mBaseRegex}$/{$case}" );
 	}
 	
diff --git a/includes/Namespace.php b/includes/Namespace.php
index b482080d39..3b5c428a11 100644
--- a/includes/Namespace.php
+++ b/includes/Namespace.php
@@ -20,6 +20,10 @@ define("NS_IMAGE_TALK", 7);
 define("NS_MEDIAWIKI", 8);
 define("NS_MEDIAWIKI_TALK", 9);
 
+# Reserved:
+define("NS_TEMPLATE", 10);
+define("NS_TEMPLATE_TALK", 11);
+
 class Namespace {
 
 	/* These functions are deprecated */
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index b11203479f..eaea95c969 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -534,8 +534,8 @@ class OutputPage {
 
 		$r = wfMsg( "returnto", $link );
 		if ( $auto ) {
-			$wgOut->addMeta( "http:Refresh", "10;url=" .
-			  wfLocalUrlE( wfUrlencode( $returnto ) ) );
+			$titleObj = Title::newFromText( $returnto );
+			$wgOut->addMeta( "http:Refresh", "10;url=" . $titleObj->getUrl( "", true, true ));
 		}
 		$wgOut->addHTML( "\n<p>$r\n" );
 	}
diff --git a/includes/PageHistory.php b/includes/PageHistory.php
index e3a3be70dd..bfae24ea7c 100644
--- a/includes/PageHistory.php
+++ b/includes/PageHistory.php
@@ -106,7 +106,7 @@ class PageHistory {
 		global $wgTitle;
 		$this->lastdate = $this->lastline = "";
 		$s = "\n<p>" . wfMsg( "histlegend" ) . "\n<ul>";
-		$url = wfLocalUrl( $wgTitle->getPrefixedText(), "dummy=1");
+		$url = $wgTitle->getURL("-");
 		$s .= "<SCRIPT>
 			var sel = -1;
 			function anysel(oid){ 
diff --git a/includes/Parser.php b/includes/Parser.php
index e92f6c345d..a76f4d4271 100644
--- a/includes/Parser.php
+++ b/includes/Parser.php
@@ -9,15 +9,18 @@ include_once('Tokenizer.php');
 # Globals used: 
 #    objects:   $wgLang, $wgDateFormatter, $wgLinkCache, $wgCurOut
 #
+# NOT $wgArticle, $wgUser or $wgTitle. Keep them away!
+#
 #    settings:  $wgUseTex*, $wgUseCategoryMagic*, $wgUseDynamicDates*, $wgInterwikiMagic*,
-#               $wgNamespacesWithSubpages, $wgLanguageCode, $wgAllowExternalImages*
+#               $wgNamespacesWithSubpages, $wgLanguageCode, $wgAllowExternalImages*, 
+#               $wgLocaltimezone
 #
 #      * only within ParserOptions
 
 class Parser
 {
 	# Cleared with clearState():
-	var $mOutput, $mAutonumber, $mLastSection, $mDTopen;
+	var $mOutput, $mAutonumber, $mLastSection, $mDTopen, $mStripState;
 
 	# Temporary:
 	var $mOptions, $mTitle;
@@ -33,6 +36,7 @@ class Parser
 		$this->mAutonumber = 0;
 		$this->mLastSection = "";
 		$this->mDTopen = false;
+		$this->mStripState = false;
 	}
 	
 	# First pass--just handle <nowiki> sections, pass the rest off
@@ -44,18 +48,6 @@ class Parser
 	{
 		$fname = "Parser::parse";
 		wfProfileIn( $fname );
-		$unique  = "3iyZiyA7iMwg5rhxP0Dcc9oTnj8qD1jm1Sfv4";
-		$unique2 = "4LIQ9nXtiYFPCSfitVwDw7EYwQlL4GeeQ7qSO";
-		$unique3 = "fPaA8gDfdLBqzj68Yjg9Hil3qEF8JGO0uszIp";
-		$nwlist = array();
-		$nwsecs = 0;
-		$mathlist = array();
-		$mathsecs = 0;
-		$prelist = array ();
-		$presecs = 0;
-		$stripped = "";
-		$stripped2 = "";
-		$stripped3 = "";
 
 		if ( $clearState ) {
 			$this->clearState();
@@ -64,20 +56,63 @@ class Parser
 		$this->mOptions = $options;
 		$this->mTitle =& $title;
 		
+		$stripState = NULL;
+		$text = $this->strip( $text, $this->mStripState, true );
+		$text = $this->doWikiPass2( $text, $linestart );
+		$text = $this->unstrip( $text, $this->mStripState );
+		
+		$this->mOutput->setText( $text );
+		wfProfileOut( $fname );
+		return $this->mOutput;
+	}
+
+	/* static */ function getRandomString()
+	{
+		return dechex(mt_rand(0, 0x7fffffff)) . dechex(mt_rand(0, 0x7fffffff));
+	}
+	
+	# Strips <nowiki>, <pre> and <math>
+	# Returns the text, and fills an array with data needed in unstrip()
+	#
+	function strip( $text, &$state, $render = true )
+	{
+		$state = array(
+			'nwlist' => array(),
+			'nwsecs' => 0,
+			'nwunq' => Parser::getRandomString(),
+			'mathlist' => array(),
+			'mathsecs' => 0,
+			'mathunq' => Parser::getRandomString(),
+			'prelist' => array(),
+			'presecs' => 0,
+			'preunq' => Parser::getRandomString()
+		);
+
+		$stripped = "";
+		$stripped2 = "";
+		$stripped3 = "";
+		
 		# Replace any instances of the placeholders
-		$text = str_replace( $unique, wfHtmlEscapeFirst( $unique ), $text );
-		$text = str_replace( $unique2, wfHtmlEscapeFirst( $unique2 ), $text );
-		$text = str_replace( $unique3, wfHtmlEscapeFirst( $unique3 ), $text );
-			
+		$text = str_replace( $state['nwunq'], wfHtmlEscapeFirst( $state['nwunq'] ), $text );
+		$text = str_replace( $state['mathunq'], wfHtmlEscapeFirst( $state['mathunq'] ), $text );
+		$text = str_replace( $state['preunq'], wfHtmlEscapeFirst( $state['preunq'] ), $text );
+		
 		while ( "" != $text ) {
 			$p = preg_split( "/<\\s*nowiki\\s*>/i", $text, 2 );
 			$stripped .= $p[0];
-			if ( ( count( $p ) < 2 ) || ( "" == $p[1] ) ) { $text = ""; }
-			else {
+			if ( ( count( $p ) < 2 ) || ( "" == $p[1] ) ) { 
+				$text = ""; 
+			} else {
 				$q = preg_split( "/<\\/\\s*nowiki\\s*>/i", $p[1], 2 );
-				++$nwsecs;
-				$nwlist[$nwsecs] = wfEscapeHTMLTagsOnly($q[0]);
-				$stripped .= $unique . $nwsecs . "s";
+				++$state['nwsecs'];
+
+				if ( $render ) {
+					$state['nwlist'][$state['nwsecs']] = wfEscapeHTMLTagsOnly($q[0]);
+				} else {
+					$state['nwlist'][$state['nwsecs']] = "<nowiki>{$q[0]}</nowiki>";
+				}
+				
+				$stripped .= $state['nwunq'] . sprintf("%08X", $state['nwsecs']);
 				$text = $q[1];
 			}
 		}
@@ -86,12 +121,19 @@ class Parser
 			while ( "" != $stripped ) {
 				$p = preg_split( "/<\\s*math\\s*>/i", $stripped, 2 );
 				$stripped2 .= $p[0];
-				if ( ( count( $p ) < 2 ) || ( "" == $p[1] ) ) { $stripped = ""; }
-				else {
+				if ( ( count( $p ) < 2 ) || ( "" == $p[1] ) ) { 
+					$stripped = ""; 
+				} else {
 					$q = preg_split( "/<\\/\\s*math\\s*>/i", $p[1], 2 );
-					++$mathsecs;
-					$mathlist[$mathsecs] = renderMath($q[0]);
-					$stripped2 .= $unique2 . $mathsecs . "s";
+					++$state['mathsecs'];
+
+					if ( $render ) {
+						$state['mathlist'][$state['mathsecs']] = renderMath($q[0]);
+					} else {
+						$state['mathlist'][$state['mathsecs']] = "<math>{$q[0]}</math>";
+					}
+					
+					$stripped2 .= $state['mathunq'] . sprintf("%08X", $state['mathsecs']);
 					$stripped = $q[1];
 				}
 			}
@@ -102,40 +144,39 @@ class Parser
 		while ( "" != $stripped2 ) {
 			$p = preg_split( "/<\\s*pre\\s*>/i", $stripped2, 2 );
 			$stripped3 .= $p[0];
-			if ( ( count( $p ) < 2 ) || ( "" == $p[1] ) ) { $stripped2 = ""; }
-			else {
+			if ( ( count( $p ) < 2 ) || ( "" == $p[1] ) ) { 
+				$stripped2 = ""; 
+			} else {
 				$q = preg_split( "/<\\/\\s*pre\\s*>/i", $p[1], 2 );
-				++$presecs;
-				$prelist[$presecs] = "<pre>". wfEscapeHTMLTagsOnly($q[0]). "</pre>\n";
-				$stripped3 .= $unique3 . $presecs . "s";
+				++$state['presecs'];
+
+				if ( $render ) {
+					$state['prelist'][$state['presecs']] = "<pre>". wfEscapeHTMLTagsOnly($q[0]). "</pre>\n";
+				} else {
+					$state['prelist'][$state['presecs']] = "<pre>{$q[0]}</pre>";
+				}
+				
+				$stripped3 .= $state['preunq'] . sprintf("%08X", $state['presecs']);
 				$stripped2 = $q[1];
 			}
 		}
+		return $stripped3;
+	}
 
-		$text = $this->doWikiPass2( $stripped3, $linestart );
-		
-		$specialChars = array("\\", "$");
-		$escapedChars = array("\\\\", "\\$");
-
-		# Go backwards so that {$unique1}1 doesn't overwrite {$unique1}10
-		for ( $i = $presecs; $i >= 1; --$i ) {
-			$text = preg_replace( "/{$unique3}{$i}s/", str_replace( $specialChars, 
-				$escapedChars, $prelist[$i] ), $text );
+	function unstrip( $text, &$state )
+	{
+		for ( $i = 1; $i <= $state['presecs']; ++$i ) {
+			$text = str_replace( $state['preunq'] . sprintf("%08X", $i), $state['prelist'][$i], $text );
 		}
 
-		for ( $i = $mathsecs; $i >= 1; --$i ) {
-			$text = preg_replace( "/{$unique2}{$i}s/", str_replace( $specialChars, 
-				$escapedChars, $mathlist[$i] ), $text );
+		for ( $i = 1; $i <= $state['mathsecs']; ++$i ) {
+			$text = str_replace( $state['mathunq'] . sprintf("%08X", $i), $state['mathlist'][$i], $text );		
 		}
 
-		for ( $i = $nwsecs; $i >= 1; --$i ) {
-			$text = preg_replace( "/{$unique}{$i}s/", str_replace( $specialChars, 
-				$escapedChars, $nwlist[$i] ), $text );
+		for ( $i = 1; $i <= $state['nwsecs']; ++$i ) {
+			$text = str_replace( $state['nwunq'] . sprintf("%08X", $i), $state['nwlist'][$i], $text );
 		}
-		
-		$this->mOutput->setText( $text );
-		wfProfileOut( $fname );
-		return $this->mOutput;
+		return $text;
 	}
 
 	function categoryMagic ()
@@ -1182,8 +1223,9 @@ class Parser
 			}
 
 			// The canonized header is a version of the header text safe to use for links
-			
-			$canonized_headline=preg_replace("/<.*?>/","",$headline); // strip out HTML
+			// Avoid insertion of weird stuff like <math> by expanding the relevant sections
+			$canonized_headline=Parser::unstrip( $headline, $this->mStripState );
+			$canonized_headline=preg_replace("/<.*?>/","",$canonized_headline); // strip out HTML
 			$tocline = trim( $canonized_headline );
 			$canonized_headline=str_replace('"',"",$canonized_headline);
 			$canonized_headline=str_replace(" ","_",trim($canonized_headline));			
@@ -1287,8 +1329,8 @@ class Parser
 			if ( "" == $num ) {
 				$text .= "ISBN $blank$x";
 			} else {
-				$text .= "<a href=\"" . wfLocalUrlE( $wgLang->specialPage(
-				  "Booksources"), "isbn={$num}" ) . "\" class=\"internal\">ISBN $isbn</a>";
+				$titleObj = Title::makeTitle( NS_SPECIAL, "Booksources" );
+				$text .= "<a href=\"" . $titleObj->getUrl( "isbn={$num}", false, true ) . "\" class=\"internal\">ISBN $isbn</a>";
 				$text .= $x;
 			}
 		}
@@ -1300,6 +1342,85 @@ class Parser
 		return $text;
 	}
 
+	function preSaveTransform( $text, &$title, &$user, $options, $clearState = true )
+	{
+		$this->mOptions = $options;
+		$this->mTitle = $title;
+		if ( $clearState ) {
+			$this->clearState;
+		}
+		
+		$stripState = false;
+		$text = $this->strip( $text, $stripState, false );
+		$text = $this->pstPass2( $text, $user );
+		$text = $this->unstrip( $text, $stripState );
+		return $text;
+	}
+
+	/* private */ function pstPass2( $text, &$user )
+	{
+		global $wgLang, $wgLocaltimezone;
+
+		# Signatures
+		#
+		$n = $user->getName();
+		$k = $user->getOption( "nickname" );
+		if ( "" == $k ) { $k = $n; }
+		if(isset($wgLocaltimezone)) {
+			$oldtz = getenv("TZ"); putenv("TZ=$wgLocaltimezone");
+		}
+		/* Note: this is an ugly timezone hack for the European wikis */
+		$d = $wgLang->timeanddate( date( "YmdHis" ), false ) .
+		  " (" . date( "T" ) . ")";
+		if(isset($wgLocaltimezone)) putenv("TZ=$oldtz");
+
+		$text = preg_replace( "/~~~~/", "[[" . $wgLang->getNsText(
+		  Namespace::getUser() ) . ":$n|$k]] $d", $text );
+		$text = preg_replace( "/~~~/", "[[" . $wgLang->getNsText(
+		  Namespace::getUser() ) . ":$n|$k]]", $text );
+
+		# Context links: [[|name]] and [[name (context)|]]
+		#
+		$tc = "[&;%\\-,.\\(\\)' _0-9A-Za-z\\/:\\x80-\\xff]";
+		$np = "[&;%\\-,.' _0-9A-Za-z\\/:\\x80-\\xff]"; # No parens
+		$namespacechar = '[ _0-9A-Za-z\x80-\xff]'; # Namespaces can use non-ascii!
+		$conpat = "/^({$np}+) \\(({$tc}+)\\)$/";
+
+		$p1 = "/\[\[({$np}+) \\(({$np}+)\\)\\|]]/";		# [[page (context)|]]
+		$p2 = "/\[\[\\|({$tc}+)]]/";					# [[|page]]
+		$p3 = "/\[\[($namespacechar+):({$np}+)\\|]]/";		# [[namespace:page|]]
+		$p4 = "/\[\[($namespacechar+):({$np}+) \\(({$np}+)\\)\\|]]/";
+														# [[ns:page (cont)|]]
+		$context = "";
+		$t = $this->mTitle->getText();
+		if ( preg_match( $conpat, $t, $m ) ) {
+			$context = $m[2];
+		}
+		$text = preg_replace( $p4, "[[\\1:\\2 (\\3)|\\2]]", $text );
+		$text = preg_replace( $p1, "[[\\1 (\\2)|\\1]]", $text );
+		$text = preg_replace( $p3, "[[\\1:\\2|\\2]]", $text );
+
+		if ( "" == $context ) {
+			$text = preg_replace( $p2, "[[\\1]]", $text );
+		} else {
+			$text = preg_replace( $p2, "[[\\1 ({$context})|\\1]]", $text );
+		}
+		
+		# {{SUBST:xxx}} variables
+		#
+		$mw =& MagicWord::get( MAG_SUBST );
+		$text = $mw->substituteCallback( $text, "wfReplaceSubstVar" );
+
+		# Trim trailing whitespace
+		# MAG_END (__END__) tag allows for trailing 
+		# whitespace to be deliberately included
+		$text = rtrim( $text );
+		$mw =& MagicWord::get( MAG_END );
+		$mw->matchAndRemove( $text );
+
+		return $text;
+	}
+
 
 }
 
@@ -1398,6 +1519,8 @@ class ParserOptions
 		$this->mNumberHeadings = $user->getOption( "numberheadings" );
 		$this->mShowToc = $user->getOption( "showtoc" );
 	}
+
+
 }
 	
 # Regex callbacks, used in OutputPage::replaceVariables
diff --git a/includes/SearchEngine.php b/includes/SearchEngine.php
index 40bce800c3..ee38899b09 100644
--- a/includes/SearchEngine.php
+++ b/includes/SearchEngine.php
@@ -130,8 +130,10 @@ class SearchEngine {
 		  wfMsg("powersearch") . "\">\n";
 		$ret = str_replace( "$9", $tempText, $ret );
 
+		$titleObj = NULL; # this does tricky stuff
+		
 		$ret = "<br><br>\n<form id=\"powersearch\" method=\"get\" " .
-		  "action=\"" . wfLocalUrl( "" ) . "\">\n{$ret}\n</form>\n";
+		  "action=\"" . $titleObj->getUrl() . "\">\n{$ret}\n</form>\n";
 
 		if ( isset ( $searchx ) ) {
 			if ( ! $listredirs ) { 
@@ -433,7 +435,7 @@ class SearchEngine {
 		}
 
 		if ( 0 != $t->getArticleID() ) {
-			$wgOut->redirect( wfLocalUrl( $t->getPrefixedURL() ) );
+			$wgOut->redirect( $t->getURL() );
 			return;
 		}
 
@@ -441,7 +443,7 @@ class SearchEngine {
 		#
 		$t = Title::newFromText( strtolower( $search ) );
 		if ( 0 != $t->getArticleID() ) {
-			$wgOut->redirect( wfLocalUrl( $t->getPrefixedURL() ) );
+			$wgOut->redirect( $t->getURL() );
 			return;
 		}
 
@@ -449,7 +451,7 @@ class SearchEngine {
 		#
 		$t = Title::newFromText( ucwords( strtolower( $search ) ) );
 		if ( 0 != $t->getArticleID() ) {
-			$wgOut->redirect( wfLocalUrl( $t->getPrefixedURL() ) );
+			$wgOut->redirect( $t->getURL() );
 			return;
 		}
 
@@ -457,12 +459,13 @@ class SearchEngine {
 		#
 		$t = Title::newFromText( strtoupper( $search ) );
 		if ( 0 != $t->getArticleID() ) {
-			$wgOut->redirect( wfLocalUrl( $t->getPrefixedURL() ) );
+			$wgOut->redirect( $t->getURL() );
 			return;
 		}
-		$wgOut->addHTML( wfMsg("nogomatch", 
-			htmlspecialchars( wfLocalUrl( ucfirst($this->mUsertext), "action=edit") ) )
-			. "\n<p>" );
+
+		# No match, generate an edit URL
+		$t = Title::newFromText( $this->mUsertext );
+		$wgOut->addHTML( wfMsg("nogomatch", $t->getURL( "action=edit", true ) ) . "\n<p>" );
 
 		# Try a fuzzy title search
 		$anyhit = false;
diff --git a/includes/Setup.php b/includes/Setup.php
index 1211009636..03931c6d96 100644
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -74,7 +74,16 @@ if ( function_exists( "getallheaders" ) ) {
 	wfDebug( "$REQUEST_METHOD $REQUEST_URI\n" );
 }
 
+# Fix "magic" quotes
+if ( get_magic_quotes_gpc() ) {
+	foreach ( $_REQUEST as $field => $value ) {
+		$_REQUEST[$field] = stripslashes( $value );
+		print "$field: $value -> {$_REQUEST[$field]}<br>\n";
+	}
+}
 
+# Set up Memcached
+#
 class MemCachedClientforWiki extends memcached {
 	function _debugprint( $text ) {
 		wfDebug( "memcached: $text\n" );
diff --git a/includes/Skin.php b/includes/Skin.php
index 04646929c8..28d60a6932 100644
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -175,14 +175,13 @@ class Skin {
 			(!$wgTitle->isProtected() || $wgUser->isSysop())
 			
 			) {
-			$n = $wgTitle->getPrefixedURL();
 			$t = wfMsg( "editthispage" );
 			$oid = $red = "";
 			if ( $redirect ) { $red = "&redirect={$redirect}"; }
 			if ( $oldid && ! isset( $diff ) ) {
 				$oid = "&oldid={$oldid}";
 			}
-			$s = wfLocalUrlE($n,"action=edit{$oid}{$red}");
+			$s = $wgTitle->getUrl( "action=edit{$oid}{$red}", false, true );
 			$s = "document.location = \"" .$s ."\";";
 			$a += array ("ondblclick" => $s);
 
@@ -690,9 +689,10 @@ class Skin {
 	{
 		if ( "" != $align ) { $a = " align='{$align}'"; }
 		else { $a = ""; }
-
+		
 		$mp = wfMsg( "mainpage" );
-		$s = "<a href=\"" . wfLocalUrlE( urlencode( str_replace(' ','_',$mp) ) )
+		$titleObj = Title::newFromText( $mp );
+		$s = "<a href=\"" . $titleObj->getURL( "", true )
 		  . "\"><img{$a} border=0 src=\""
 		  . $this->getLogo() . "\" alt=\"" . "[{$mp}]\"></a>";
 		return $s;
@@ -1035,7 +1035,7 @@ class Skin {
 		global $wgTitle, $wgLang;
 
 		$s = $this->makeKnownLink( $wgLang->specialPage( "Contributions" ),
-		  wfMsg( "contributions" ), "target=" . $wgTitle->getURL() );
+		  wfMsg( "contributions" ), "target=" . $wgTitle->getPartialURL() );
 		return $s;
 	}
 
@@ -1044,7 +1044,7 @@ class Skin {
 		global $wgTitle, $wgLang;
 
 		$s = $this->makeKnownLink( $wgLang->specialPage( "Emailuser" ),
-		  wfMsg( "emailuser" ), "target=" . $wgTitle->getURL() );
+		  wfMsg( "emailuser" ), "target=" . $wgTitle->getPartialURL() );
 		return $s;
 	}
 
@@ -1332,7 +1332,7 @@ class Skin {
 			$u = "";
 			if ( "" == $text ) { $text = $nt->getFragment(); }
 		} else {
-			$u = wfLocalUrlE( $link, $query );
+			$u = $nt->getURL( $query, true );
 		}
 		if ( "" != $nt->getFragment() ) {
 			$u .= "#" . wfEscapeHTML( $nt->getFragment() );
@@ -1364,7 +1364,7 @@ class Skin {
 
 		if ( "" == $query ) { $q = "action=edit"; }
 		else { $q = "action=edit&{$query}"; }
-		$u = wfLocalUrlE( $link, $q );
+		$u = $nt->getURL( $q );
 
 		if ( "" == $text ) { $text = $nt->getPrefixedText(); }
 		$style = $this->getInternalLinkAttributesObj( $nt, $text, "yes" );
@@ -1394,7 +1394,7 @@ class Skin {
 
 		$link = $nt->getPrefixedURL();
 
-		$u = wfLocalUrlE( $link, $query );
+		$u = $nt->getURL( $query, true );
 
 		if ( "" == $text ) { $text = $nt->getPrefixedText(); }
 		$style = $this->getInternalLinkAttributesObj( $nt, $text, "stub" );
@@ -1439,7 +1439,6 @@ class Skin {
 
 	function makeImageLinkObj( $nt, $alt = "" ) {
 		global $wgLang, $wgUseImageResize;
-		$link  = $nt->getPrefixedURL();
 		$name  = $nt->getDBKey();
 		$url   = wfImageUrl( $name );
 		$align = "";
@@ -1523,7 +1522,7 @@ class Skin {
 		}
 		$alt = htmlspecialchars( $alt );
 
-		$u = wfLocalUrlE( $link );
+		$u = $nt->getURL( "", true );
 		$s = "<a href=\"{$u}\" class='image' title=\"{$alt}\">" .
 		  "<img border=\"0\" src=\"{$url}\" alt=\"{$alt}\"></a>";
 		if ( "" != $align ) {
@@ -1632,7 +1631,6 @@ class Skin {
 		global $wgUploadPath;
 		$name = $nt->getDBKey();
 		$image = Title::makeTitle( Namespace::getImage(), $name );
-		$link = $image->getPrefixedURL();
 		$url  = wfImageUrl( $name );
 		$path = wfImagePath( $name );
 		
@@ -1649,7 +1647,7 @@ class Skin {
 		
 		$thumbUrl = $this->createThumb( $name, $boxwidth );
 
-		$u = wfLocalUrlE( $link );
+		$u = $nt->getURL( "", true );
 
 		$more = htmlspecialchars(wfMsg( "thumbnail-more" ));
 		
@@ -2150,8 +2148,8 @@ class Skin {
 			$url = wfImageUrl( $img );
 			$rlink = $cur;
 			if ( $wgUser->isSysop() ) {
-				$link = wfLocalUrlE( $wgTitle->getPrefixedText(), "image=" . $wgTitle->getURL() .
-				  "&action=delete" );
+				$link = $wgTitle->getURL( "image=" . $wgTitle->getPartialURL() . 
+				  "&action=delete", true );
 				$style = $this->getInternalLinkAttributes( $link, $del );
 
 				$dlink = "<a href=\"{$link}\"{$style}>{$del}</a>";
@@ -2239,7 +2237,7 @@ class Skin {
 
 		global $wgTitle,$wgUser,$oldid;
 		if($oldid) return $head;
-		$url = wfLocalUrlE(urlencode(str_replace(' ','_',$wgTitle->getPrefixedText())),"action=edit&section=$section");
+		$url = $wgTitle->getUrl( "action=edit&section=$section", true );
 		return "<span onContextMenu='document.location=\"".$url."\";return false;'>{$head}</span>";
 	}
 
diff --git a/includes/SkinCologneBlue.php b/includes/SkinCologneBlue.php
index 515750b20e..409f5030aa 100644
--- a/includes/SkinCologneBlue.php
+++ b/includes/SkinCologneBlue.php
@@ -19,12 +19,13 @@ class SkinCologneBlue extends Skin {
 
 		$s = "";
 		$qb = $this->qbSetting();
-
+		$mainPageObj = Title::newMainPage();
+		
 		$s .= "\n<div id='content'>\n<div id='topbar'>" .
 		  "<table width='100%' border=0 cellspacing=0 cellpadding=8><tr>";
 
 		$s .= "<td class='top' align=left valign=middle nowrap>";
-		$s .= "<a href=\"" . wfLocalUrlE( urlencode( wfMsg( "mainpage" ) ) ) . "\">";
+		$s .= "<a href=\"" . $mainPageObj->getURL("", true) . "\">";
 		$s .= "<span id='sitetitle'>" . wfMsg( "sitetitle" ) . "</span></a>";
 
 		$s .= "</td><td class='top' align=right valign=bottom width='100%'>";
diff --git a/includes/SkinSmarty.php b/includes/SkinSmarty.php
index e49361a328..c224224f25 100644
--- a/includes/SkinSmarty.php
+++ b/includes/SkinSmarty.php
@@ -75,12 +75,12 @@ class SkinSmarty extends Skin {
 		global $wgLang;
 		$action = "";
 		$popup = "";
-		$page = "";
+		$title = NULL;
 		
 		if($params['action']) $action = "action=" . $params['action'];
 		
 		if($params['special']) {
-			$page = $wgLang->specialPage( $params['special'] );
+			$title = Title::makeTitle( NS_SPECIAL, $params['special'] );
 			#$text = $wgLang->getSpecialPageName( $params['special'] );
 			$text = $popup = $params['special'];
 			if($params['target']) $action .= "target=" . urlencode( $params['target'] );
@@ -93,10 +93,9 @@ class SkinSmarty extends Skin {
 				$title = Title::makeTitle( $title->getNamespace() ^ 1, $title->getDbKey() );
 			}
 			$text = $popup = $title->getPrefixedText();
-			$page = urlencode( $title->getPrefixedUrl() );
 		}
 		
-		$url = wfLocalUrlE( $page, $action );
+		$url = $title->getURL( $action, true );
 		
 		if($params['text']) $text = $params['text'];
 		if($params['key']) $text = wfMsg( $params['key'] );
diff --git a/includes/SpecialAsksql.php b/includes/SpecialAsksql.php
index b5116efc30..712210617e 100644
--- a/includes/SpecialAsksql.php
+++ b/includes/SpecialAsksql.php
@@ -36,8 +36,8 @@ class SqlQueryForm {
 		if ( ! $wpSqlQuery ) { $wpSqlQuery = "SELECT ... FROM ... WHERE ..."; }
 		$q = wfMsg( "sqlquery" );
 		$qb = wfMsg( "querybtn" );
-		$action = wfLocalUrlE( $wgLang->specialPage( "Asksql" ),
-		  "action=submit" );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Asksql" );
+		$action = $titleObj->getURL( "action=submit", true );
 
 		$wgOut->addHTML( "<p>
 <form id=\"asksql\" method=\"post\" action=\"{$action}\">
@@ -101,8 +101,6 @@ class SqlQueryForm {
 			if ( $titleList ) {
 				$r = "";
 				foreach ( $a as $y ) {
-					$o = "<a href=\"" . wfLocalUrlE($o) . "\" class='internal'>" .
-					  htmlspecialchars( $y->$x ) . "</a>" ;
 					$sTitle = htmlspecialchars( $y->cur_title );
 					if ( $y->cur_namespace ) {
 						$sNamespace = $wgLang->getNsText( $y->cur_namespace );
diff --git a/includes/SpecialBlockip.php b/includes/SpecialBlockip.php
index 67348763f5..52698a2241 100644
--- a/includes/SpecialBlockip.php
+++ b/includes/SpecialBlockip.php
@@ -39,8 +39,8 @@ class IPBlockForm {
 		$mIpbexpiry = wfMsg( "ipbexpiry" );
 		$mIpbreason = wfMsg( "ipbreason" );
 		$mIpbsubmit = wfMsg( "ipbsubmit" );
-		$action = wfLocalUrlE( $wgLang->specialPage( "Blockip" ),
-		  "action=submit" );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Blockip" );
+		$action = $titleObj->getURL( "action=submit", true );
 
 		if ( "" != $err ) {
 			$wgOut->setSubtitle( wfMsg( "formerror" ) );
@@ -145,9 +145,8 @@ class IPBlockForm {
 		$log->addEntry( $action, $wpBlockReason );
 
 		# Report to the user
-		$success = wfLocalUrl( $wgLang->specialPage( "Blockip" ),
-		  "action=success&ip={$wpBlockAddress}" );
-		$wgOut->redirect( $success );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Blockip" );
+		$wgOut->redirect( $titleObj->getURL( "action=success&ip={$wpBlockAddress}" ) );
 	}
 
 	function showSuccess()
diff --git a/includes/SpecialEmailuser.php b/includes/SpecialEmailuser.php
index bdd6217f78..b8e11b2a54 100644
--- a/includes/SpecialEmailuser.php
+++ b/includes/SpecialEmailuser.php
@@ -69,8 +69,8 @@ class EmailUserForm {
 		$emm = wfMsg( "emailmessage" );
 		$ems = wfMsg( "emailsend" );
 
-		$action = wfLocalUrlE( $wgLang->specialPage( "Emailuser" ),
-		  "target={$target}&action=submit" );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
+		$action = $titleObj->getURL( "target={$target}&action=submit", true );
 
 		if ( "" != $err ) {
 			$wgOut->setSubtitle( wfMsg( "formerror" ) );
@@ -114,9 +114,8 @@ class EmailUserForm {
 
 		if (! $mailResult)
 		{
-			$success = wfLocalUrl( $wgLang->specialPage( "Emailuser" ),
-		  		"target={$target}&action=success" );
-			$wgOut->redirect( $success );
+			$titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
+			$wgOut->redirect( $titleObj->getURL( "target={$target}&action=success" ) );
 		}
 		else
 			$wgOut->addHTML( wfMsg( "usermailererror" ) . $mailResult);
diff --git a/includes/SpecialExport.php b/includes/SpecialExport.php
index 2a3291d532..913ed72393 100644
--- a/includes/SpecialExport.php
+++ b/includes/SpecialExport.php
@@ -19,7 +19,8 @@ function wfSpecialExport( $page = "" ) {
 	}
 	
 	$wgOut->addWikiText( wfMsg( "exporttext" ) );
-	$action = wfLocalUrlE( $wgLang->SpecialPage( "Export" ) );
+	$titleObj = Title::makeTitle( NS_SPECIAL, "Export" );
+	$action = $titleObj->getURL( "", true );
 	$wgOut->addHTML( "
 <form method='post' action=\"$action\">
 <input type='hidden' name='action' value='submit' />
diff --git a/includes/SpecialImagelist.php b/includes/SpecialImagelist.php
index a3424aa54c..d1080362d3 100644
--- a/includes/SpecialImagelist.php
+++ b/includes/SpecialImagelist.php
@@ -48,8 +48,8 @@ function wfSpecialImagelist()
 	$sk = $wgUser->getSkin();
 	$cap = wfMsg( "ilshowmatch" );
 	$sub = wfMsg( "ilsubmit" );
-	$action = wfLocalUrlE( $wgLang->specialPage( "Imagelist" ),
-	  "sort=byname&limit={$limit}" );
+	$titleObj = Title::makeTitle( NS_SPECIAL, "Imagelist" );
+	$action = $titleObj->getURL(  "sort=byname&limit={$limit}", true );
 
 	$wgOut->addHTML( "<form id=\"imagesearch\" method=\"post\" action=\"" .
 	  "{$action}\">" .
diff --git a/includes/SpecialIpblocklist.php b/includes/SpecialIpblocklist.php
index 391b2dc013..300e60f86c 100644
--- a/includes/SpecialIpblocklist.php
+++ b/includes/SpecialIpblocklist.php
@@ -38,8 +38,8 @@ class IPUnblockForm {
 		$ipa = wfMsg( "ipaddress" );
 		$ipr = wfMsg( "ipbreason" );
 		$ipus = wfMsg( "ipusubmit" );
-		$action = wfLocalUrlE( $wgLang->specialPage( "Ipblocklist" ),
-		  "action=submit" );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Ipblocklist" );
+		$action = $titleObj->getURL( "action=submit", true );
 
 		if ( "" != $err ) {
 			$wgOut->setSubtitle( wfMsg( "formerror" ) );
@@ -87,8 +87,8 @@ class IPUnblockForm {
 		$log->addEntry( $action, $wpUnblockReason );
 
 		# Report to the user
-		$success = wfLocalUrl( $wgLang->specialPage( "Ipblocklist" ),
-		  "action=success&ip=" . urlencode($wpUnblockAddress) );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Ipblocklist" );
+		$success = $titleObj->getURL( "action=success&ip=" . urlencode($wpUnblockAddress) );
 		$wgOut->redirect( $success );
 	}
 
@@ -130,15 +130,16 @@ function wfAddRow( $block, $tag ) {
 	$wgOut->addHTML( "<li>{$line}" );
 	
 	if ( !$block->mAuto ) {
-		$clink = "<a href=\"" . wfLocalUrlE( $wgLang->specialPage(
-		  "Contributions" ), "target={$block->mAddress}" ) . "\">" .
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Contributions" );
+		$clink = "<a href=\"" . $titleObj->getURL( "target={$block->mAddress}", true ) . "\">" .
 		  wfMsg( "contribslink" ) . "</a>";
 		$wgOut->addHTML( " ({$clink})" );
 	}
 
 	if ( $wgUser->isSysop() ) {
-		$ublink = "<a href=\"" . wfLocalUrlE( $wgLang->specialPage(
-		  "Ipblocklist" ), "action=unblock&ip=" . urlencode( $addr ) ) . "\">" .
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Ipblocklist" );
+		$ublink = "<a href=\"" . 
+		  $titleObj->getURL( "action=unblock&ip=" . urlencode( $addr ), true ) . "\">" .
 		  wfMsg( "unblocklink" ) . "</a>";
 		$wgOut->addHTML( " ({$ublink})" );
 	}
diff --git a/includes/SpecialLockdb.php b/includes/SpecialLockdb.php
index 9c46a90189..0cdee2ace2 100644
--- a/includes/SpecialLockdb.php
+++ b/includes/SpecialLockdb.php
@@ -35,8 +35,8 @@ class DBLockForm {
 		$lc = wfMsg( "lockconfirm" );
 		$lb = wfMsg( "lockbtn" );
 		$elr = wfMsg( "enterlockreason" );
-		$action = wfLocalUrlE( $wgLang->specialPage( "Lockdb" ),
-		  "action=submit" );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Lockdb" );
+		$action = $titleObj->getURL( "action=submit", true );
 
 		$wgOut->addHTML( "<p>
 <form id=\"lockdb\" method=\"post\" action=\"{$action}\">
@@ -76,9 +76,8 @@ class DBLockForm {
 		  $wgLang->timeanddate( wfTimestampNow() ) . ")\n" );
 		fclose( $fp );
 
-		$success = wfLocalUrl( $wgLang->specialPage( "Lockdb" ),
-		  "action=success" );
-		$wgOut->redirect( $success );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Lockdb" );
+		$wgOut->redirect( $titleObj->getURL( "action=success" ) );
 	}
 
 	function showSuccess()
diff --git a/includes/SpecialMakesysop.php b/includes/SpecialMakesysop.php
index 7ab506f0be..350eb92376 100644
--- a/includes/SpecialMakesysop.php
+++ b/includes/SpecialMakesysop.php
@@ -42,8 +42,8 @@ class MakesysopForm {
 
 		$wgOut->addWikiText( wfMsg( "makesysoptext" ) );
 
-		$action = wfLocalUrlE( $wgLang->specialPage( "Makesysop" ),
-		  "action=submit" );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Makesysop" );
+		$action = $titleObj->getURL( "action=submit",  true );
 
 		if ( "" != $err ) {
 			$wgOut->setSubtitle( wfMsg( "formerror" ) );
diff --git a/includes/SpecialMovepage.php b/includes/SpecialMovepage.php
index 9fc0dd6e79..5752604255 100644
--- a/includes/SpecialMovepage.php
+++ b/includes/SpecialMovepage.php
@@ -3,7 +3,7 @@ include_once( "LinksUpdate.php" );
 
 function wfSpecialMovepage()
 {
-	global $wgUser, $wgOut, $action, $target;
+	global $wgUser, $wgOut;
 
 	if ( 0 == $wgUser->getID() or $wgUser->isBlocked() ) {
 		$wgOut->errorpage( "movenologin", "movenologintext" );
@@ -18,8 +18,8 @@ function wfSpecialMovepage()
 
 	$f = new MovePageForm();
 
-	if ( "success" == $action ) { $f->showSuccess(); }
-	else if ( "submit" == $action ) { $f->doSubmit(); }
+	if ( "success" == $_REQUEST['action'] ) { $f->showSuccess(); }
+	else if ( "submit" == $_REQUEST['action'] ) { $f->doSubmit(); }
 	else { $f->showForm( "" ); }
 }
 
@@ -36,19 +36,22 @@ class MovePageForm {
 	function showForm( $err )
 	{
 		global $wgOut, $wgUser, $wgLang;
-		global $wpNewTitle, $wpOldTitle, $wpMovetalk, $target;
 
 		$wgOut->setPagetitle( wfMsg( "movepage" ) );
 
-		if ( ! $wpOldTitle ) {
-			$target = wfCleanQueryVar( $target );
-			if ( "" == $target ) {
+		if ( ! $_REQUEST['wpOldTitle'] ) {
+			if ( "" == $_REQUEST['target'] ) {
 				$wgOut->errorpage( "notargettitle", "notargettext" );
 				return;
 			}
-			$wpOldTitle = $target;
+			$oldTitle = htmlspecialchars( $_REQUEST['target'] );
+		} else {
+			$oldTitle = htmlspecialchars( $_REQUEST['wpOldTitle'] );
 		}
-		$ot = Title::newFromURL( $wpOldTitle );
+		
+		$encOldTitle = htmlspecialchars( $oldTitle );
+		$encNewTitle = htmlspecialchars( $_REQUEST['wpNewTitle'] );
+		$ot = Title::newFromURL( $oldTitle );
 		$ott = $ot->getPrefixedText();
 
 		$wgOut->addWikiText( wfMsg( "movepagetext" ) );
@@ -60,8 +63,8 @@ class MovePageForm {
 		$mpb = wfMsg( "movepagebtn" );
 		$movetalk = wfMsg( "movetalk" );
 
-		$action = wfLocalUrlE( $wgLang->specialPage( "Movepage" ),
-		  "action=submit" );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Movepage" );
+		$action = $titleObj->getURL( "action=submit", true );
 
 		if ( "" != $err ) {
 			$wgOut->setSubtitle( wfMsg( "formerror" ) );
@@ -75,8 +78,8 @@ class MovePageForm {
 </tr><tr>
 <td align=right>{$newt}:</td>
 <td align=left>
-<input type=text size=40 name=\"wpNewTitle\" value=\"{$wpNewTitle}\">
-<input type=hidden name=\"wpOldTitle\" value=\"{$wpOldTitle}\">
+<input type=text size=40 name=\"wpNewTitle\" value=\"{$encNewTitle}\">
+<input type=hidden name=\"wpOldTitle\" value=\"{$encOldTitle}\">
 </td>
 </tr>" );
 
@@ -100,13 +103,12 @@ class MovePageForm {
 	function doSubmit()
 	{
 		global $wgOut, $wgUser, $wgLang;
-		global $wpNewTitle, $wpOldTitle, $wpMovetalk, $target;
 		global $wgDeferredUpdateList, $wgMessageCache;
 		global  $wgUseSquid, $wgInternalServer;
 		$fname = "MovePageForm::doSubmit";
 
-		$this->ot = Title::newFromText( $wpOldTitle );
-		$this->nt = Title::newFromText( $wpNewTitle );
+		$this->ot = Title::newFromText( $_REQUEST['wpOldTitle'] );
+		$this->nt = Title::newFromText( $_REQUEST['wpNewTitle'] );
 		if( !$this->ot or !$this->nt ) {
 			$this->showForm( wfMsg( "badtitletext" ) );
 			return;
@@ -166,9 +168,9 @@ class MovePageForm {
 			/* this needs to be done after LinksUpdate */
 			$urlArr = Array(				
 				# purge new title
-				$wgInternalServer.wfLocalUrl( $this->nt->getPrefixedURL()),
+				$wgInternalServer.$this->nt->getURL(),
 				# purge old title
-				$wgInternalServer.wfLocalUrl( $this->ot->getPrefixedURL())
+				$wgInternalServer.$this->ot->getURL())
 			);			
 			wfPurgeSquidServers($urlArr);	
 			# purge pages linking to new title
@@ -185,7 +187,7 @@ class MovePageForm {
 		# and target namespaces are identical, (3) the namespaces are not
 		# themselves talk namespaces, and of course (4) it exists.
 
-		if ( ( 1 == $wpMovetalk ) &&
+		if ( ( 1 == $_REQUEST['wpMovetalk'] ) &&
 			 ( ! Namespace::isTalk( $this->ons ) ) &&
 			 ( $this->ons == $this->nns ) ) {
 			
@@ -223,9 +225,9 @@ class MovePageForm {
 					/* this needs to be done after LinksUpdate */
 					$urlArr = Array(				
 						# purge new title
-						$wgInternalServer.wfLocalUrl( $this->nt->getPrefixedURL()),
+						$wgInternalServer.$nt->getURL()),
 						# purge old title
-						$wgInternalServer.wfLocalUrl( $this->ot->getPrefixedURL())
+						$wgInternalServer.$ot->getURL())
 					);			
 					wfPurgeSquidServers($urlArr);	
 					# purge pages linking to new title
@@ -239,7 +241,8 @@ class MovePageForm {
 				}
 			}
 		}
-		$success = wfLocalUrl( $wgLang->specialPage( "Movepage" ),
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Movepage" );
+		$success = $titleObj->getURL( 
 		  "action=success&oldtitle=" . wfUrlencode( $this->ofx ) .
 		  "&newtitle=" . wfUrlencode( $this->nfx ) .
 		  "&talkmoved={$this->talkmoved}" );
@@ -250,23 +253,19 @@ class MovePageForm {
 	function showSuccess()
 	{
 		global $wgOut, $wgUser;
-		global $newtitle, $oldtitle, $talkmoved;
 
 		$wgOut->setPagetitle( wfMsg( "movepage" ) );
 		$wgOut->setSubtitle( wfMsg( "pagemovedsub" ) );
-
-		$fields = array( "oldtitle", "newtitle" );
-		wfCleanFormFields( $fields );
-
-		$text = wfMsg( "pagemovedtext", $oldtitle, $newtitle );
+	
+		$text = wfMsg( "pagemovedtext", $_REQUEST['oldtitle'], $_REQUEST['newtitle'] );
 		$wgOut->addWikiText( $text );
 
-		if ( 1 == $talkmoved ) {
+		if ( 1 == $_REQUEST['talkmoved'] ) {
 			$wgOut->addHTML( "\n<p>" . wfMsg( "talkpagemoved" ) );
-		} elseif( 'invalid' == $talkmoved ) {
+		} elseif( 'invalid' == $_REQUEST['talkmoved'] ) {
 			$wgOut->addHTML( "\n<p><strong>" . wfMsg( "talkexists" ) . "</strong>" );
 		} else {
-			$ot = Title::newFromURL( $oldtitle );
+			$ot = Title::newFromURL( $_REQUEST['oldtitle'] );
 			if ( ! Namespace::isTalk( $ot->getNamespace() ) ) {
 				$wgOut->addHTML( "\n<p>" . wfMsg( "talkpagenotmoved" ) );
 			}
diff --git a/includes/SpecialPreferences.php b/includes/SpecialPreferences.php
index ac9bd19e18..69a7a6c0c2 100644
--- a/includes/SpecialPreferences.php
+++ b/includes/SpecialPreferences.php
@@ -237,7 +237,8 @@ function wfSpecialPreferences()
 	$dateopts = $wgLang->getDateFormats();
 	$togs = $wgLang->getUserToggles();
 
-	$action = wfLocalUrlE( $wgLang->specialPage( "Preferences" ));
+	$titleObj = Title::makeTitle( NS_SPECIAL, "Preferences" );
+	$action = $titleObj->getURL( "", true );
 
 	$qb = wfMsg( "qbsettings" );
 	$cp = wfMsg( "changepassword" );
diff --git a/includes/SpecialUndelete.php b/includes/SpecialUndelete.php
index ac2ff9c310..e53f2d45d8 100644
--- a/includes/SpecialUndelete.php
+++ b/includes/SpecialUndelete.php
@@ -77,7 +77,8 @@ function wfSpecialUndelete( $par )
 	
     $wgOut->addWikiText( wfMsg( "undeletehistory" ) . "\n<hr>\n" . $row->ar_text );
 
-	$action = wfLocalUrlE( $wgLang->specialPage( "Undelete" ), "action=submit" );
+	$titleObj = Title::makeTitle( NS_SPECIAL, "Undelete" );
+	$action = $titleObj->getURL( "action=submit", true );
 	$wgOut->addHTML("<p>
 <form id=\"undelete\" method=\"post\" action=\"{$action}\">
 <input type=hidden name=\"target\" value=\"{$target}\">
diff --git a/includes/SpecialUnlockdb.php b/includes/SpecialUnlockdb.php
index ca8daeda27..33ac7a50e7 100644
--- a/includes/SpecialUnlockdb.php
+++ b/includes/SpecialUnlockdb.php
@@ -31,8 +31,8 @@ class DBUnlockForm {
 		}
 		$lc = wfMsg( "unlockconfirm" );
 		$lb = wfMsg( "unlockbtn" );
-		$action = wfLocalUrlE( $wgLang->specialPage( "Unlockdb" ),
-		  "action=submit" );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Unlockdb" );
+		$action = $titleObj->getURL( "action=submit", true );
 
 		$wgOut->addHTML( "<p>
 <form id=\"unlockdb\" method=\"post\" action=\"{$action}\">
@@ -62,8 +62,8 @@ class DBUnlockForm {
 			$wgOut->fileDeleteError( $wgReadOnlyFile );
 			return;
 		}
-		$success = wfLocalUrl( $wgLang->specialPage( "Unlockdb" ),
-		  "action=success" );
+		$titleObj = Title::makeTitle( NS_SPECIAL, "Unlockdb" );
+		$success = $titleObj->getURL( "action=success" );
 		$wgOut->redirect( $success );
 	}
 
diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php
index 9e2398facc..8fb37645b0 100644
--- a/includes/SpecialUpload.php
+++ b/includes/SpecialUpload.php
@@ -208,8 +208,8 @@ function uploadWarning( $warning )
 	$reupload = wfMsg( "reupload" );
 	$iw = wfMsg( "ignorewarning" );
 	$reup = wfMsg( "reuploaddesc" );
-	$action = wfLocalUrlE( $wgLang->specialPage( "Upload" ),
-	  "action=submit" );
+	$titleObj = Title::makeTitle( NS_SPECIAL, "Upload" );
+	$action = $titleObj->getURL( "action=submit", true );
 
 	if ( $wgUseCopyrightUpload )
 	{
@@ -267,7 +267,8 @@ function mainUploadForm( $msg )
 	$ca = wfMsg( "affirmation", $clink );
 	$iw = wfMsg( "ignorewarning" );
 
-	$action = wfLocalUrl( $wgLang->specialPage( "Upload" ) );
+	$titleObj = Title::makeTitle( NS_SPECIAL, "Upload" );
+	$action = $titleObj->getURL( "", true );
 
 	$source = "
 <td align=right>
diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index 76f9f13c63..5ae70e1361 100644
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -4,9 +4,7 @@ require_once('UserMailer.php');
 
 function wfSpecialUserlogin()
 {
-	global $wpCreateaccount, $wpCreateaccountMail;
-	global $wpLoginattempt, $wpMailmypassword;
-	global $action, $_REQUEST, $wgCommandLineMode;
+	global $wgCommandLineMode;
 	if( !$wgCommandLineMode && !isset( $_COOKIE[ini_get("session.name")] )  ) {
 		User::SetupSession();
 	}
@@ -16,20 +14,20 @@ function wfSpecialUserlogin()
 	wfCleanFormFields( $fields );
 
 	# When switching accounts, it sucks to get automatically logged out
-	global $returnto, $wgLang;
-	if( $returnto == $wgLang->specialPage( "Userlogout" ) ) $returnto = "";
+	global $wgLang;
+	if( $_REQUEST['returnto'] == $wgLang->specialPage( "Userlogout" ) ) $_REQUEST['returnto'] = "";
 
 	$wpCookieCheck = $_REQUEST[ "wpCookieCheck" ];
 
 	if ( isset( $wpCookieCheck ) ) {
 		onCookieRedirectCheck( $wpCookieCheck );
-	} else if ( isset( $wpCreateaccount ) ) {
+	} else if ( isset( $_REQUEST['wpCreateaccount'] ) ) {
 		addNewAccount();
-	} else if ( isset( $wpCreateaccountMail ) ) {
+	} else if ( isset( $_REQUEST['wpCreateaccountMail'] ) ) {
 		addNewAccountMailPassword();
-	} else if ( isset( $wpMailmypassword ) ) {
+	} else if ( isset( $_REQUEST['wpMailmypassword'] ) ) {
 		mailPassword();
-	} else if ( "submit" == $action || isset( $wpLoginattempt ) ) {
+	} else if ( "submit" == $_REQUEST['action'] || array_key_exists('wpLoginattempt', $_REQUEST) ) {
 		processLogin();
 	} else {
 		mainLoginForm( "" );
@@ -39,10 +37,10 @@ function wfSpecialUserlogin()
 
 /* private */ function addNewAccountMailPassword()
 {
-	global $wgOut, $wpEmail, $wpName;
+	global $wgOut;
 	
-	if ("" == $wpEmail) {
-		mainLoginForm( wfMsg( "noemail", $wpName ) );
+	if ("" == $_REQUEST['wpEmail']) {
+		mainLoginForm( wfMsg( "noemail", $_REQUEST['wpName'] ) );
 		return;
 	}
 
@@ -70,8 +68,8 @@ function wfSpecialUserlogin()
 
 /* private */ function addNewAccount()
 {
-	global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
-	global $wpEmail, $wgDeferredUpdateList;
+	global $wgUser, $wgOut;
+	global $wgDeferredUpdateList;
 
 	$u = addNewAccountInternal();
 
@@ -95,23 +93,24 @@ function wfSpecialUserlogin()
 
 /* private */ function addNewAccountInternal()
 {
-	global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
-	global $wpEmail, $wgMaxNameChars;
+	global $wgUser, $wgOut;
+	global $wgMaxNameChars;
 
 	if (!$wgUser->isAllowedToCreateAccount()) {
 		userNotPrivilegedMessage();
 		return;
 	}
 
-	if ( 0 != strcmp( $wpPassword, $wpRetype ) ) {
+	if ( 0 != strcmp( $_REQUEST['wpPassword'], $_REQUEST['wpRetype'] ) ) {
 		mainLoginForm( wfMsg( "badretype" ) );
 		return;
 	}
-	$wpName = trim( $wpName );
-	if ( ( "" == $wpName ) ||
-	  preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $wpName ) ||
-	  (strpos( $wpName, "/" ) !== false) ||
-	  (strlen( $wpName ) > $wgMaxNameChars) ) 
+	
+	$name = trim( $_REQUEST['wpName'] );
+	if ( ( "" == $name ) ||
+	  preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $name ) ||
+	  (strpos( $name, "/" ) !== false) ||
+	  (strlen( $name ) > $wgMaxNameChars) ) 
 	{
 		mainLoginForm( wfMsg( "noname" ) );
 		return;
@@ -120,16 +119,16 @@ function wfSpecialUserlogin()
 		$wgOut->readOnlyPage();
 		return;
 	}
-	$u = User::newFromName( $wpName );
+	$u = User::newFromName( $name );
 	
 	if ( 0 != $u->idForName() ) {
 		mainLoginForm( wfMsg( "userexists" ) );
 		return;
 	}
 	$u->addToDatabase();
-	$u->setPassword( $wpPassword );
-	$u->setEmail( $wpEmail );
-	if ( 1 == $wpRemember ) { $r = 1; }
+	$u->setPassword( $_REQUEST['wpPassword'] );
+	$u->setEmail( $_REQUEST['wpEmail'] );
+	if ( 1 == $_REQUEST['wpRemember'] ) { $r = 1; }
 	else { $r = 0; }
 	$u->setOption( "rememberpassword", $r );
 	
@@ -141,15 +140,14 @@ function wfSpecialUserlogin()
 
 /* private */ function processLogin()
 {
-	global $wgUser, $wpName, $wpPassword, $wpRemember;
+	global $wgUser;
 	global $wgDeferredUpdateList;
-	global $returnto;
 
-	if ( "" == $wpName ) {
+	if ( "" == $_REQUEST['wpName'] ) {
 		mainLoginForm( wfMsg( "noname" ) );
 		return;
 	}
-	$u = User::newFromName( $wpName );
+	$u = User::newFromName( $_REQUEST['wpName'] );
 	$id = $u->idForName();
 	if ( 0 == $id ) {
 		mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
@@ -157,7 +155,7 @@ function wfSpecialUserlogin()
 	}
 	$u->setId( $id );
 	$u->loadFromDatabase();
-	$ep = $u->encryptPassword( $wpPassword );
+	$ep = $u->encryptPassword( $_REQUEST['wpPassword'] );
 	if ( 0 != strcmp( $ep, $u->getPassword() ) ) {
 		if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) {
 			mainLoginForm( wfMsg( "wrongpassword" ) );
@@ -167,9 +165,9 @@ function wfSpecialUserlogin()
 
 	# We've verified now, update the real record
 	#
-	if ( 1 == $wpRemember ) {
+	if ( 1 == $_REQUEST['wpRemember'] ) {
 		$r = 1;
-		$u->setCookiePassword( $wpPassword );
+		$u->setCookiePassword( $_REQUEST['wpPassword'] );
 	} else {
 		$r = 0;
 	}
@@ -190,14 +188,14 @@ function wfSpecialUserlogin()
 
 /* private */ function mailPassword()
 {
-	global $wgUser, $wpName, $wgDeferredUpdateList, $wgOutputEncoding;
+	global $wgUser, $wgDeferredUpdateList, $wgOutputEncoding;
 	global $wgCookiePath, $wgCookieDomain, $wgDBname;
 
-	if ( "" == $wpName ) {
+	if ( "" == $_REQUEST['wpName'] ) {
 		mainLoginForm( wfMsg( "noname" ) );
 		return;
 	}
-	$u = User::newFromName( $wpName );
+	$u = User::newFromName( $_REQUEST['wpName'] );
 	$id = $u->idForName();
 	if ( 0 == $id ) {
 		mainLoginForm( wfMsg( "nosuchuser", $u->getName() ) );
@@ -216,7 +214,7 @@ function wfSpecialUserlogin()
 
 /* private */ function mailPasswordInternal( $u )
 {
-	global $wpName, $wgDeferredUpdateList, $wgOutputEncoding;
+	global $wgDeferredUpdateList, $wgOutputEncoding;
 	global $wgPasswordSender, $wgDBname, $wgIP;
 
 	if ( "" == $u->getEmail() ) {
@@ -271,9 +269,8 @@ function userNotPrivilegedMessage()
 
 /* private */ function mainLoginForm( $err )
 {
-	global $wgUser, $wgOut, $wgLang, $returnto;
-	global $wpName, $wpPassword, $wpRetype, $wpRemember;
-	global $wpEmail, $HTTP_COOKIE_VARS, $wgDBname;
+	global $wgUser, $wgOut, $wgLang;
+	global $HTTP_COOKIE_VARS, $wgDBname;
 
 	$le = wfMsg( "loginerror" );
 	$yn = wfMsg( "yourname" );
@@ -289,8 +286,11 @@ function userNotPrivilegedMessage()
 	$mmp = wfMsg( "mailmypassword" );
 	$endText = wfMsg( "loginend" );
 
+	if ( $endText = "&lt;loginend&gt;" ) {
+		$endText = "";
+	}
 
-	$name = $wpName;
+	$name = $_REQUEST['wpName'];
 	if ( "" == $name ) {
 		if ( 0 != $wgUser->getID() ) {
 			$name = $wgUser->getName();
@@ -298,7 +298,7 @@ function userNotPrivilegedMessage()
 			$name = $HTTP_COOKIE_VARS["{$wgDBname}UserName"];
 		}
 	}
-	$pwd = $wpPassword;
+	$pwd = $_REQUEST['wpPassword'];
 
 	$wgOut->setPageTitle( wfMsg( "userlogin" ) );
 	$wgOut->setRobotpolicy( "noindex,nofollow" );
@@ -317,13 +317,14 @@ color='red'>$err</font>\n" );
 		$checked = "";
 	}
 	$q = "action=submit";
-	if ( "" != $returnto ) { $q .= "&returnto=" . wfUrlencode($returnto); }
-	$action = wfLocalUrlE( $wgLang->specialPage( "Userlogin" ), $q );
+	if ( "" != $_REQUEST['returnto'] ) { $q .= "&returnto=" . wfUrlencode($_REQUEST['returnto']); }
+	$titleObj = Title::makeTitle( NS_SPECIAL, "Userlogin" );
+	$action = $titleObj->getURL( $q, true );
 
-	$wpName = wfEscapeHTML( $wpName );
-	$wpPassword = wfEscapeHTML( $wpPassword );
-	$wpRetype = wfEscapeHTML( $wpRetype );
-	$wpEmail = wfEscapeHTML( $wpEmail );
+	$encName = wfEscapeHTML( $name );
+	$encPassword = wfEscapeHTML( $pwd );
+	$encRetype = wfEscapeHTML( $_REQUEST['wpRetype'] );
+	$encEmail = wfEscapeHTML( $_REQUEST['wpEmail'] );
 
 	if ($wgUser->getID() != 0) {
 		$cambutton = "<input tabindex=6 type=submit name=\"wpCreateaccountMail\" value=\"{$cam}\">";
@@ -334,7 +335,7 @@ color='red'>$err</font>\n" );
 <table border=0><tr>
 <td align=right>$yn:</td>
 <td align=left>
-<input tabindex=1 type=text name=\"wpName\" value=\"{$name}\" size=20>
+<input tabindex=1 type=text name=\"wpName\" value=\"{$encName}\" size=20>
 </td>
 <td align=left>
 <input tabindex=3 type=submit name=\"wpLoginattempt\" value=\"{$li}\">
@@ -343,7 +344,7 @@ color='red'>$err</font>\n" );
 <tr>
 <td align=right>$yp:</td>
 <td align=left>
-<input tabindex=2 type=password name=\"wpPassword\" value=\"{$pwd}\" size=20>
+<input tabindex=2 type=password name=\"wpPassword\" value=\"{$encPassword}\" size=20>
 </td>
 <td align=left>
 <input tabindex=7 type=checkbox name=\"wpRemember\" value=\"1\" id=\"wpRemember\"$checked><label for=\"wpRemember\">$rmp</label>
@@ -351,17 +352,18 @@ color='red'>$err</font>\n" );
 </tr>");
 
 	if ($wgUser->isAllowedToCreateAccount()) {
-
+		$encRetype = htmlspecialchars( $_REQUEST['wpRetype'] );
+		$encEmail = htmlspecialchars( $_REQUEST['wpCreateAccount'] );
 $wgOut->addHTML("<tr><td colspan=3>&nbsp;</td></tr><tr>
 <td align=right>$ypa:</td>
 <td align=left>
-<input tabindex=4 type=password name=\"wpRetype\" value=\"{$wpRetype}\" 
+<input tabindex=4 type=password name=\"wpRetype\" value=\"{$encRetype}\" 
 size=20>
 </td><td>$nuo</td></tr>
 <tr>
 <td align=right>$ye:</td>
 <td align=left>
-<input tabindex=5 type=text name=\"wpEmail\" value=\"{$wpEmail}\" size=20>
+<input tabindex=5 type=text name=\"wpEmail\" value=\"{$encEmail}\" size=20>
 </td><td align=left>
 <input tabindex=6 type=submit name=\"wpCreateaccount\" value=\"{$ca}\">
 $cambutton
@@ -388,8 +390,8 @@ $cambutton
 {
 	global $wgOut, $wgLang;
 
-	$check = wfLocalUrl( wfUrlEncode( $wgLang->specialPage( "Userlogin" ) ),
-			 "wpCookieCheck=$type" );
+	$titleObj = Title::makeTitle( NS_SPECIAL, "Userlogin" );
+	$check = $titleObj->getURL( "wpCookieCheck=$type" );
 
 	return $wgOut->redirect( $check );
 }
diff --git a/includes/SpecialWatchlist.php b/includes/SpecialWatchlist.php
index 77fa45517d..a763e8b477 100644
--- a/includes/SpecialWatchlist.php
+++ b/includes/SpecialWatchlist.php
@@ -14,6 +14,8 @@ function wfSpecialWatchlist()
 	$wgOut->setSubtitle( $sub );
 	$wgOut->setRobotpolicy( "noindex,nofollow" );
 
+	$specialTitle = Title::makeTitle( NS_SPECIAL, "Watchlist" );
+	
 	$uid = $wgUser->getID();
 	if( $uid == 0 ) {
 		$wgOut->addHTML( wfMsg( "nowatchlist" ) );
@@ -91,7 +93,7 @@ function wfSpecialWatchlist()
 			"<p>" . wfMsg( "watcheditlist" ) . "</p>\n" );
 		
 		$wgOut->addHTML( "<form action='" .
-			wfLocalUrl( $wgLang->specialPage( "Watchlist" ), "action=submit" ) .
+			$specialTitle->getURL( "action=submit", true ) .
 			"' method='post'>\n" .
 			"<ul>\n" );
 		$sql = "SELECT wl_namespace,wl_title FROM watchlist WHERE wl_user=$uid";
@@ -130,8 +132,9 @@ function wfSpecialWatchlist()
 		$z = "(wl_namespace=cur_namespace OR wl_namespace+1=cur_namespace)";
 	}
 
+	
 	$wgOut->addHTML( "<i>" . wfMsg( "watchdetails", $nitems, $npages, $y,
-		wfLocalUrl( $wgLang->specialPage("Watchlist"),"magic=yes" ) ) . "</i><br>\n" );
+		$specialTitle->getURL( "magic=yes", true ) ) . "</i><br>\n" );
 	 
 
 	$sql = "SELECT
diff --git a/includes/SpecialWhatlinkshere.php b/includes/SpecialWhatlinkshere.php
index bdb134f4e7..1876d939a5 100644
--- a/includes/SpecialWhatlinkshere.php
+++ b/includes/SpecialWhatlinkshere.php
@@ -8,7 +8,7 @@ function wfSpecialWhatlinkshere($par = NULL)
 	if($par) {
 		$target = $par;
 	} else {
-		$target = wfCleanQueryVar( $_REQUEST['target'] );
+		$target = $_REQUEST['target'] ;
 	}
 	if ( "" == $target ) {
 		$wgOut->errorpage( "notargettitle", "notargettext" );
diff --git a/includes/SquidUpdate.php b/includes/SquidUpdate.php
index deaa55b791..669342d5f7 100644
--- a/includes/SquidUpdate.php
+++ b/includes/SquidUpdate.php
@@ -21,7 +21,7 @@ class SquidUpdate {
                         while ( $BL = wfFetchObject ( $res ) )
                         {
                                 $t = Title::newFromDBkey( $BL->l_from) ; 
-                                $this->urlArr[] = $wgInternalServer.wfLocalUrl( $t->getPrefixedURL() );
+                                $this->urlArr[] = $wgInternalServer.$t->getURL() ;
                         }
                         wfFreeResult ( $res ) ;
 
diff --git a/includes/Title.php b/includes/Title.php
index 330f561ee4..d45d2c47d4 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -3,11 +3,30 @@
 
 /* private static */ $title_interwiki_cache = array();
 
+# Title class
+# 
+# * Represents a title, which may contain an interwiki designation or namespace
+# * Can fetch various kinds of data from the database, albeit inefficiently. 
+#
 class Title {
-	/* private */ var $mTextform, $mUrlform, $mDbkeyform;
-	/* private */ var $mNamespace, $mInterwiki, $mFragment;
-	/* private */ var $mArticleID, $mRestrictions, $mRestrictionsLoaded;
-	/* private */ var $mPrefixedText;
+	# All member variables should be considered private
+	# Please use the accessor functions
+
+	var $mTextform;           # Text form (spaces not underscores) of the main part
+	var $mUrlform;            # URL-encoded form of the main part
+	var $mDbkeyform;          # Main part with underscores
+	var $mNamespace;          # Namespace index, i.e. one of the NS_xxxx constants
+	var $mInterwiki;          # Interwiki prefix (or null string)
+	var $mFragment;           # Title fragment (i.e. the bit after the #)
+	var $mArticleID;          # Article ID, fetched from the link cache on demand
+	var $mRestrictions;       # Array of groups allowed to edit this article
+                              # Only null or "sysop" are supported
+	var $mRestrictionsLoaded; # Boolean for initialisation on demand
+	var $mPrefixedText;       # Text form including namespace/interwiki, initialised on demand
+
+#----------------------------------------------------------------------------
+#   Construction
+#----------------------------------------------------------------------------
 
 	/* private */ function Title()
 	{
@@ -19,9 +38,8 @@ class Title {
 		$this->mRestrictions = array();
 	}
 
-	# Static factory methods
-	#
-	function newFromDBkey( $key )
+	# From a prefixed DB key
+	/* static */ function newFromDBkey( $key )
 	{
 		$t = new Title();
 		$t->mDbkeyform = $key;
@@ -31,7 +49,8 @@ class Title {
 			return NULL;
 	}
 	
-	function newFromText( $text )
+	# From text, such as what you would find in a link
+	/* static */ function newFromText( $text )
 	{	
 		static $trans;
 		$fname = "Title::newFromText";
@@ -51,7 +70,9 @@ class Title {
 		
 		$text = wfMungeToUtf8( $text );
 		
-		$text = urldecode( $text );
+		
+		# What was this for? TS 2004-03-03
+		# $text = urldecode( $text );
 
 		$t = new Title();
 		$t->mDbkeyform = str_replace( " ", "_", $text );
@@ -63,23 +84,26 @@ class Title {
 		}
 	}
 
-	function newFromURL( $url )
+	# From a URL-encoded title
+	/* static */ function newFromURL( $url )
 	{
 		global $wgLang, $wgServer;
-		
 		$t = new Title();
 		$s = urldecode( $url ); # This is technically wrong, as anything
 								# we've gotten is already decoded by PHP.
 								# Kept for backwards compatibility with
 								# buggy URLs we had for a while...
+		$s = $url;
 		
 		# For links that came from outside, check for alternate/legacy
 		# character encoding.
 		wfDebug( "Refer: {$_SERVER['HTTP_REFERER']}\n" );
 		wfDebug( "Servr: $wgServer\n" );
 		if( empty( $_SERVER["HTTP_REFERER"] ) ||
-			strncmp($wgServer, $_SERVER["HTTP_REFERER"], strlen( $wgServer ) ) )
+			strncmp($wgServer, $_SERVER["HTTP_REFERER"], strlen( $wgServer ) ) ) 
+		{
 			$s = $wgLang->checkTitleEncoding( $s );
+		}
 		
 		$t->mDbkeyform = str_replace( " ", "_", $s );
 		if( $t->secureAndSplit() ) {
@@ -89,9 +113,10 @@ class Title {
 		}
 	}
 	
-	# Create a title from a cur id
-	# This is inefficiently implemented
-	function newFromID( $id ) 
+	# From a cur_id
+	# This is inefficiently implemented, the cur row is requested but not 
+	# used for anything else
+	/* static */ function newFromID( $id ) 
 	{
 		$fname = "Title::newFromID";
 		$row = wfGetArray( "cur", array( "cur_namespace", "cur_title" ), 
@@ -103,8 +128,30 @@ class Title {
 		}
 		return $title;
 	}
+	
+	# From a namespace index and a DB key
+	/* static */ function makeTitle( $ns, $title )
+	{
+		$t = new Title();
+		$t->mDbkeyform = Title::makeName( $ns, $title );
+		if( $t->secureAndSplit() ) {
+			return $t;
+		} else {
+			return NULL;
+		}
+	}
 
-	function nameOf( $id )
+	function newMainPage()
+	{
+		return Title::newFromText( wfMsg( "mainpage" ) );
+	}
+	
+#----------------------------------------------------------------------------
+#	Static functions
+#----------------------------------------------------------------------------
+
+	# Get the prefixed DB key associated with an ID
+	/* static */ function nameOf( $id )
 	{
 		$sql = "SELECT cur_namespace,cur_title FROM cur WHERE " .
 		  "cur_id={$id}";
@@ -116,20 +163,56 @@ class Title {
 		return $n;
 	}
 
-
+	# Get a regex character class describing the legal characters in a link
 	/* static */ function legalChars()
 	{
-		global $wgInputEncoding;
-		if( $wgInputEncoding == "utf-8" ) {
-			return "-,.()' &;%!?_0-9A-Za-z\\/:\\x80-\\xFF";
-		} else {
-			# ISO 8859-* don't allow 0x80-0x9F
-			#return "-,.()' &;%!?_0-9A-Za-z\\/:\\xA0-\\xFF";
-			# But that breaks interlanguage links at the moment. Temporary:
-			return "-,.()' &;%!?_0-9A-Za-z\\/:\\x80-\\xFF";
+		# Missing characters:
+		#  * []|# Needed for link syntax
+		#  * % and + are corrupted by Apache when they appear in the path
+		# 
+		# Theoretically 0x80-0x9F of ISO 8859-1 should be disallowed, but
+		# this breaks interlanguage links
+		
+		$set = " !\"$&'()*,\\-.\\/0-9:;<=>?@A-Z\\\\^_`a-z{}~\\x80-\\xFF";
+		return $set;
+	}
+	
+	# Returns a stripped-down a title string ready for the search index
+	# Takes a namespace index and a text-form main part
+	/* static */ function indexTitle( $ns, $title )
+	{
+		global $wgDBminWordLen, $wgLang;
+
+		$lc = SearchEngine::legalSearchChars() . "&#;";
+		$t = $wgLang->stripForSearch( $title );
+		$t = preg_replace( "/[^{$lc}]+/", " ", $t );
+		$t = strtolower( $t );
+
+		# Handle 's, s'
+		$t = preg_replace( "/([{$lc}]+)'s( |$)/", "\\1 \\1's ", $t );
+		$t = preg_replace( "/([{$lc}]+)s'( |$)/", "\\1s ", $t );
+
+		$t = preg_replace( "/\\s+/", " ", $t );
+
+		if ( $ns == Namespace::getImage() ) {
+			$t = preg_replace( "/ (png|gif|jpg|jpeg|ogg)$/", "", $t );
 		}
+		return trim( $t );
 	}
+	
+	# Make a prefixed DB key from a DB key and a namespace index
+	/* static */ function makeName( $ns, $title )
+	{
+		global $wgLang;
 
+		$n = $wgLang->getNsText( $ns );
+		if ( "" == $n ) { return $title; }
+		else { return "{$n}:{$title}"; }
+	}
+	
+	# Arguably static
+	# Returns the URL associated with an interwiki prefix
+	# The URL contains $1, which is replaced by the title
 	function getInterwikiLink( $key )
 	{	
 		global $wgMemc, $wgDBname, $title_interwiki_cache;
@@ -157,61 +240,29 @@ class Title {
 		$title_interwiki_cache[$k] = $s;
 		return $s->iw_url;
 	}
+	
+#----------------------------------------------------------------------------
+#	Other stuff
+#----------------------------------------------------------------------------
+
+	# Simple accessors
+	# See the definitions at the top of this file
 
 	function getText() { return $this->mTextform; }
-	function getURL() { return $this->mUrlform; }
+	function getPartialURL() { return $this->mUrlform; }
 	function getDBkey() { return $this->mDbkeyform; }
 	function getNamespace() { return $this->mNamespace; }
 	function setNamespace( $n ) { $this->mNamespace = $n; }
 	function getInterwiki() { return $this->mInterwiki; }
 	function getFragment() { return $this->mFragment; }
 
-	/* static */ function indexTitle( $ns, $title )
-	{
-		global $wgDBminWordLen, $wgLang;
-
-		$lc = SearchEngine::legalSearchChars() . "&#;";
-		$t = $wgLang->stripForSearch( $title );
-		$t = preg_replace( "/[^{$lc}]+/", " ", $t );
-		$t = strtolower( $t );
-
-		# Handle 's, s'
-		$t = preg_replace( "/([{$lc}]+)'s( |$)/", "\\1 \\1's ", $t );
-		$t = preg_replace( "/([{$lc}]+)s'( |$)/", "\\1s ", $t );
-
-		$t = preg_replace( "/\\s+/", " ", $t );
-
-		if ( $ns == Namespace::getImage() ) {
-			$t = preg_replace( "/ (png|gif|jpg|jpeg|ogg)$/", "", $t );
-		}
-		return trim( $t );
-	}
-
+	# Get title for search index
 	function getIndexTitle()
 	{
 		return Title::indexTitle( $this->mNamespace, $this->mTextform );
 	}
 
-	/* static */ function makeName( $ns, $title )
-	{
-		global $wgLang;
-
-		$n = $wgLang->getNsText( $ns );
-		if ( "" == $n ) { return $title; }
-		else { return "{$n}:{$title}"; }
-	}
-	
-	/* static */ function makeTitle( $ns, $title )
-	{
-		$t = new Title();
-		$t->mDbkeyform = Title::makeName( $ns, $title );
-		if( $t->secureAndSplit() ) {
-			return $t;
-		} else {
-			return NULL;
-		}
-	}
-
+	# Get prefixed title with underscores
 	function getPrefixedDBkey()
 	{
 		$s = $this->prefix( $this->mDbkeyform );
@@ -219,9 +270,10 @@ class Title {
 		return $s;
 	}
 
+	# Get prefixed title with spaces
+	# This is the form usually used for display
 	function getPrefixedText()
 	{
-	   # TEST THIS @@@
 		if ( empty( $this->mPrefixedText ) ) {
 			$s = $this->prefix( $this->mTextform );
 			$s = str_replace( "_", " ", $s );
@@ -230,23 +282,27 @@ class Title {
 		return $this->mPrefixedText;
 	}
 
+	# Get a URL-encoded title (not an actual URL) including interwiki
 	function getPrefixedURL()
 	{
 		$s = $this->prefix( $this->mDbkeyform );
 		$s = str_replace( " ", "_", $s );
 
-		$s = urlencode ( $s ) ;
+		$s = wfUrlencode ( $s ) ;
+		
 		# Cleaning up URL to make it look nice -- is this safe?
 		$s = preg_replace( "/%3[Aa]/", ":", $s );
 		$s = preg_replace( "/%2[Ff]/", "/", $s );
 		$s = str_replace( "%28", "(", $s );
 		$s = str_replace( "%29", ")", $s );
+
 		return $s;
 	}
 
+	# Get a real URL referring to this title, with interwiki link and fragment
 	function getFullURL()
 	{
-		global $wgLang, $wgArticlePath;
+		global $wgLang, $wgArticlePath, $wgServer, $wgScript;
 
 		if ( "" == $this->mInterwiki ) {
 			$p = $wgArticlePath;
@@ -262,24 +318,67 @@ class Title {
 		return $u;
 	}
 
+	# Get a URL with an optional query string, no fragment
+	# * If $query=="", it will use $wgArticlePath
+	# * Returns a full for an interwiki link, loses any query string
+	# * Optionally adds the server and escapes for HTML
+	# * Setting $query to "-" makes an old-style URL with nothing in the
+	#   query except a title
+	function getURL( $query = "", $escape = false, $full = false )
+	{
+		global $wgLang, $wgArticlePath, $wgScript, $wgServer;
+		
+		if ( $this->isExternal() ) {
+			return $this->getFullURL();
+		}
+
+		$dbkey = wfUrlencode( $this->getPrefixedDBkey() );
+		if ( $query == "" ) {
+			$url = str_replace( "$1", $dbkey, $wgArticlePath );
+		} else {
+			if ( $query == "-" ) {
+				$query = "";
+			}
+			if ( $wgScript != "" ) {
+				$url = "{$wgScript}?title={$dbkey}&{$query}";
+			} else {
+				# Top level wiki
+				$url = "/{$dbkey}&{$query}";
+			}
+		}
+		
+		if ( $full ) {
+			$url = $wgServer . $url;
+		}
+
+		if ( $escape ) {
+			$url = wfEscapeHTML( $url );
+		}
+		return $url;
+	}
+
+	# Get the edit URL, or a null string if it is an interwiki link
 	function getEditURL()
 	{
 		global $wgServer, $wgScript;
 
 		if ( "" != $this->mInterwiki ) { return ""; }
-		$s = wfLocalUrl( $this->getPrefixedURL(), "action=edit" );
+		$s = $this->getURL( "action=edit" );
 
 		return $s;
 	}
 	
+	# Get HTML-escaped displayable text
 	# For the title field in <a> tags
 	function getEscapedText()
 	{
 		return wfEscapeHTML( $this->getPrefixedText() );
 	}
 	
+	# Is the title interwiki?
 	function isExternal() { return ( "" != $this->mInterwiki ); }
 
+	# Does the title correspond to a protected article?
 	function isProtected()
 	{
 		if ( -1 == $this->mNamespace ) { return true; }
@@ -288,6 +387,10 @@ class Title {
 		return false;
 	}
 
+	# Is the page a log page, i.e. one where the history is messed up by 
+	# LogPage.php? This used to be used for suppressing diff links in recent 
+	# changes, but now that's done by setting a flag in the recentchanges 
+	# table. Hence, this probably is no longer used.
 	function isLog()
 	{
 		if ( $this->mNamespace != Namespace::getWikipedia() ) {
@@ -300,6 +403,7 @@ class Title {
 		return false;
 	}
 
+	# Is $wgUser is watching this page?
 	function userIsWatching()
 	{
 		global $wgUser;
@@ -310,6 +414,7 @@ class Title {
 		return $wgUser->isWatched( $this );
 	}
 
+	# Can $wgUser edit this page?
 	function userCanEdit()
 	{
 		global $wgUser;
@@ -327,6 +432,7 @@ class Title {
 		return true;
 	}
 
+	# Accessor/initialisation for mRestrictions
 	function getRestrictions()
 	{
 		$id = $this->getArticleID();
@@ -340,6 +446,7 @@ class Title {
 		return $this->mRestrictions;
 	}
 	
+	# Is there a version of this page in the deletion archive?
 	function isDeleted() {
 		$ns = $this->getNamespace();
 		$t = wfStrencode( $this->getDBkey() );
@@ -351,6 +458,8 @@ class Title {
 		return 0;
 	}
 
+	# Get the article ID from the link cache
+	# Used very heavily, e.g. in Parser::replaceInternalLinks()
 	function getArticleID()
 	{
 		global $wgLinkCache;
@@ -360,6 +469,9 @@ class Title {
 		return $this->mArticleID;
 	}
 
+	# This clears some fields in this object, and clears any associated keys in the
+	# "bad links" section of $wgLinkCache. This is called from Article::insertNewArticle()
+	# to allow loading of the new cur_id. It's also called from Article::doDeleteArticle()
 	function resetArticleID( $newid )
 	{
 		global $wgLinkCache;
@@ -371,6 +483,8 @@ class Title {
 		$this->mRestrictions = array();
 	}
 	
+	# Updates cur_touched
+	# Called from LinksUpdate.php
 	function invalidateCache() {
 		$now = wfTimestampNow();
 		$ns = $this->getNamespace();
@@ -379,6 +493,7 @@ class Title {
 		return wfQuery( $sql, DB_WRITE, "Title::invalidateCache" );
 	}
 
+	# Prefixes some arbitrary text with the namespace or interwiki prefix of this object
 	/* private */ function prefix( $name )
 	{
 		global $wgLang;
@@ -393,6 +508,8 @@ class Title {
 		return $p . $name;
 	}
 
+	# Secure and split - main initialisation function for this object
+	# 
 	# Assumes that mDbkeyform has been set, and is urldecoded
     # and uses undersocres, but not otherwise munged.  This function
     # removes illegal characters, splits off the winterwiki and
@@ -436,19 +553,25 @@ class Title {
 		$this->mDbkeyform = $t;
 		$done = false;
 
+		# :Image: namespace
 		if ( 0 == strncasecmp( $imgpre, $t, strlen( $imgpre ) ) ) {
 			$t = substr( $t, 1 );
 		}
+
+		# Redundant initial colon
 		if ( ":" == $t{0} ) {
 			$r = substr( $t, 1 );
 		} else {
+			# Namespace or interwiki prefix
 	 		if ( preg_match( "/^((?:i|x|[a-z]{2,3})(?:-[a-z0-9]+)?|[A-Za-z0-9_\\x80-\\xff]+):_*(.*)$/", $t, $m ) ) {
 				#$p = strtolower( $m[1] );
 				$p = $m[1];
 				if ( $ns = $wgLang->getNsIndex( strtolower( $p ) )) {
+					# Ordinary namespace
 					$t = $m[2];
 					$this->mNamespace = $ns;
 				} elseif ( $this->getInterwikiLink( $p ) ) {
+					# Interwiki link
 					$t = $m[2];
 					$this->mInterwiki = $p;
 
@@ -461,6 +584,8 @@ class Title {
 			}
 			$r = $t;
 		}
+
+		# Redundant interwiki prefix to the local wiki
 		if ( 0 == strcmp( $this->mInterwiki, $wgLocalInterwiki ) ) {
 			$this->mInterwiki = "";
 		}
@@ -486,19 +611,25 @@ class Title {
 			return false;
 		}
 
+		# Initial capital letter
 		if( $this->mInterwiki == "") $t = $wgLang->ucfirst( $r );
+		
+		# Fill fields
 		$this->mDbkeyform = $t;
 		$this->mUrlform = wfUrlencode( $t );
+		
 		$this->mTextform = str_replace( "_", " ", $t );
 		
 		wfProfileOut( $fname );
 		return true;
 	}
 	
+	# Get a title object associated with the talk page of this article
 	function getTalkPage() {
 		return Title::makeTitle( Namespace::getTalk( $this->getNamespace() ), $this->getDBkey() );
 	}
 	
+	# Get a title object associated with the subject page of this talk page
 	function getSubjectPage() {
 		return Title::makeTitle( Namespace::getSubject( $this->getNamespace() ), $this->getDBkey() );
 	}
diff --git a/index.php b/index.php
index 57875af5a2..838d748fd1 100644
--- a/index.php
+++ b/index.php
@@ -25,8 +25,11 @@ OutputPage::setEncodings(); # Not really used yet
 
 # Query string fields
 #
-global $action, $title, $search, $go, $target, $printable;
-global $returnto, $diff, $oldid, $curid;
+#global $action, $title, $search, $go, $target, $printable;
+#global $returnto, $diff, $oldid, $curid;
+
+$action = $_REQUEST['action'];
+$title = $_REQUEST['title'];
 
 # Placeholders in case of DB error
 $wgTitle = Title::newFromText( wfMsg( "badtitle" ) );
@@ -34,13 +37,13 @@ $wgArticle = new Article($wgTitle);
 
 $action = strtolower( trim( $action ) );
 if ( "" == $action ) { $action = "view"; }
-if ( "yes" == $printable ) { $wgOut->setPrintable(); }
+if ( "yes" == $_REQUEST['printable'] ) { $wgOut->setPrintable(); }
 
 if ( "" == $title && "delete" != $action ) {
 	$wgTitle = Title::newFromText( wfMsg( "mainpage" ) );
-} elseif ( $curid ) {
+} elseif ( $_REQUEST['curid'] ) {
 	# URLs like this are generated by RC, because rc_title isn't always accurate
-	$wgTitle = Title::newFromID( $curid );
+	$wgTitle = Title::newFromID( $_REQUEST['curid'] );
 } else {
 	$wgTitle = Title::newFromURL( $title );
 }
@@ -56,11 +59,11 @@ if ( !$wgUser->getID() && is_array( $wgWhitelistRead ) && $wgTitle) {
 	}
 }
 
-if ( "" != $search ) {
+if ( "" != $_REQUEST['search'] ) {
 	if( isset($_REQUEST['fulltext']) ) {
-		wfSearch( $search );
+		wfSearch( $_REQUEST['search'] );
 	} else {
-		wfGo( $search );
+		wfGo( $_REQUEST['search'] );
 	}
 } else if( !$wgTitle or $wgTitle->getInterwiki() != "" or $wgTitle->getDBkey() == "" ) {
 	$wgTitle = Title::newFromText( wfMsg( "badtitle" ) );
-- 
2.20.1