Index: wp-includes/formatting.php
===================================================================
--- wp-includes/formatting.php	(revision 20489)
+++ wp-includes/formatting.php	(working copy)
@@ -821,7 +821,7 @@
 	$username = remove_accents( $username );
 	// Kill octets
 	$username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
-	$username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
+	$username = preg_replace( '/&#?\w+;/', '', $username ); // Kill entities
 
 	// If strict, reduce to ASCII for max portability.
 	if ( $strict )
@@ -905,16 +905,16 @@
 	// Restore octets.
 	$title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
 
-	if (seems_utf8($title)) {
-		if (function_exists('mb_strtolower')) {
-			$title = mb_strtolower($title, 'UTF-8');
-		}
-		$title = utf8_uri_encode($title, 200);
+	if ( seems_utf8( $title ) ) {
+		if ( function_exists( 'mb_strtolower' ) )
+			$title = mb_strtolower( $title, 'UTF-8' );
+
+		$title = utf8_uri_encode( $title, 200 );
 	}
 
-	$title = strtolower($title);
-	$title = preg_replace('/&.+?;/', '', $title); // kill entities
-	$title = str_replace('.', '-', $title);
+	$title = strtolower( $title );
+	$title = preg_replace( '/&#?\w+;/', '', $title ); // kill entities
+	$title = str_replace( '.', '-', $title );
 
 	if ( 'save' == $context ) {
 		// nbsp, ndash and mdash