Index: wp-includes/default-widgets.php
===================================================================
--- wp-includes/default-widgets.php	(revision 11421)
+++ wp-includes/default-widgets.php	(working copy)
@@ -555,14 +555,14 @@
 		else if ( $number > 15 )
 			$number = 15;
 
-		$r = new WP_Query(array('showposts' => $number, 'nopaging' => 0, 'post_status' => 'publish', 'caller_get_posts' => 1));
+		$r = new WP_Query(array('showposts' => $number, 'what_to_show' => 'posts', 'nopaging' => 0, 'post_status' => 'publish', 'caller_get_posts' => 1));
 		if ($r->have_posts()) :
 ?>
 		<?php echo $before_widget; ?>
 		<?php if ( $title ) echo $before_title . $title . $after_title; ?>
 		<ul>
 		<?php  while ($r->have_posts()) : $r->the_post(); ?>
-		<li><a href="<?php the_permalink() ?>" title="<?php echo esc_attr(get_the_title() ? get_the_title() : get_the_ID()); ?>"><?php if ( get_the_title() ) the_title(); else the_ID(); ?> </a></li>
+		<li><a href="<?php the_permalink() ?>"><?php if ( get_the_title() ) the_title(); else the_ID(); ?> </a></li>
 		<?php endwhile; ?>
 		</ul>
 		<?php echo $after_widget; ?>
@@ -659,7 +659,7 @@
 			<?php if ( $title ) echo $before_title . $title . $after_title; ?>
 			<ul id="recentcomments"><?php
 			if ( $comments ) : foreach ( (array) $comments as $comment) :
-			echo  '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . esc_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
+			echo  '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . clean_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
 			endforeach; endif;?></ul>
 		<?php echo $after_widget; ?>
 <?php
@@ -730,7 +730,7 @@
 			$desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
 			if ( empty($title) )
 				$title = htmlentities(strip_tags($rss->get_title()));
-			$link = esc_url(strip_tags($rss->get_permalink()));
+			$link = clean_url(strip_tags($rss->get_permalink()));
 			while ( stristr($link, 'http') != $link )
 				$link = substr($link, 1);
 		}
@@ -739,7 +739,7 @@
 			$title = empty($desc) ? __('Unknown Feed') : $desc;
 
 		$title = apply_filters('widget_title', $title );
-		$url = esc_url(strip_tags($url));
+		$url = clean_url(strip_tags($url));
 		$icon = includes_url('images/rss.png');
 		if ( $title )
 			$title = "<a class='rsswidget' href='$url' title='" . esc_attr(__('Syndicate this content')) ."'><img style='background:orange;color:white;border:none;' width='14' height='14' src='$icon' alt='RSS' /></a> <a class='rsswidget' href='$link' title='$desc'>$title</a>";
@@ -813,14 +813,14 @@
 		$link = $item->get_link();
 		while ( stristr($link, 'http') != $link )
 			$link = substr($link, 1);
-		$link = esc_url(strip_tags($link));
+		$link = clean_url(strip_tags($link));
 		$title = esc_attr(strip_tags($item->get_title()));
 		if ( empty($title) )
 			$title = __('Untitled');
 
 		$desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
 		$desc = wp_html_excerpt( $desc, 360 ) . ' [&hellip;]';
-		$desc = esc_html( $desc );
+		$desc = wp_specialchars( $desc );
 
 		if ( $show_summary ) {
 			$summary = "<div class='rssSummary'>$desc</div>";
@@ -844,7 +844,7 @@
 		if ( $show_author ) {
 			$author = $item->get_author();
 			$author = $author->get_name();
-			$author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>';
+			$author = ' <cite>' . wp_specialchars( strip_tags( $author ) ) . '</cite>';
 		}
 
 		if ( $link == '' ) {
@@ -879,7 +879,7 @@
 
 	$number = esc_attr( $number );
 	$title  = esc_attr( $title );
-	$url    = esc_url( $url );
+	$url    = clean_url( $url );
 	$items  = (int) $items;
 	if ( $items < 1 || 20 < $items )
 		$items  = 10;
@@ -958,7 +958,7 @@
 	$items = (int) $widget_rss['items'];
 	if ( $items < 1 || 20 < $items )
 		$items = 10;
-	$url           = esc_url_raw(strip_tags( $widget_rss['url'] ));
+	$url           = sanitize_url(strip_tags( $widget_rss['url'] ));
 	$title         = trim(strip_tags( $widget_rss['title'] ));
 	$show_summary  = (int) $widget_rss['show_summary'];
 	$show_author   = (int) $widget_rss['show_author'];
@@ -971,7 +971,7 @@
 		if ( is_wp_error($rss) ) {
 			$error = $rss->get_error_message();
 		} else {
-			$link = esc_url(strip_tags($rss->get_permalink()));
+			$link = clean_url(strip_tags($rss->get_permalink()));
 			while ( stristr($link, 'http') != $link )
 				$link = substr($link, 1);
 		}
@@ -995,27 +995,67 @@
 	function widget( $args, $instance ) {
 		extract($args);
 		$title = apply_filters('widget_title', empty($instance['title']) ? __('Tags') : $instance['title']);
+		
+		$largest = isset($instance['largest']) ? $instance['largest'] : 22;
+		$smallest = isset($instance['smallest']) ? $instance['smallest'] : 6;
+		$unit = isset($instance['unit']) ? $instance['unit'] : 'px';
+		$number = isset($instance['number']) ? $instance['number'] : 45;
+		$format = isset($instance['format']) ? $instance['format'] : 'flat';
+		$orderby = isset($instance['orderby']) ? $instance['orderby'] : 'name';
+		$order = isset($instance['order']) ? $instance['order'] : 'ASC';
 
 		echo $before_widget;
 		if ( $title )
 			echo $before_title . $title . $after_title;
 		echo '<div>';
-		wp_tag_cloud(apply_filters('widget_tag_cloud_args', array()));
+		wp_tag_cloud(apply_filters('widget_tag_cloud_args', array('largest' => $largest, 'number' => $number, 'format' => $format, 'orderby' => $orderby, 'order' => $order )));
 		echo "</div>\n";
 		echo $after_widget;
 	}
 
 	function update( $new_instance, $old_instance ) {
 		$instance['title'] = strip_tags(stripslashes($new_instance['title']));
+		$instance['largest'] = $new_instance['largest'];
+		$instance['smallest'] = $new_instance['smallest'];
+		$instance['format'] = strip_tags(stripslashes($new_instance['format']));
+		$instance['orderby'] = strip_tags(stripslashes($new_instance['orderby']));
+		$instance['order'] = strip_tags(stripslashes($new_instance['order']));
 		return $instance;
 	}
 
 	function form( $instance ) {
 ?>
 	<p><label for="<?php echo $this->get_field_id('title'); ?>">
-	<?php _e('Title:') ?>
+	<?php _e('Title:'); ?>
 	<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo esc_attr( $instance['title'] ); ?>" />
 	</label></p>
+	<p><label for="<?php echo $this->get_field_id('largest'); ?>">
+	<?php _e('Maximum Font Size:'); ?>
+	<input type="text" class="widefat" id="<?php echo $this->get_field_id('largest'); ?>" name="<?php echo $this->get_field_name('largest'); ?>" value="<?php echo esc_attr($instance['largest']); ?>" size="4" />
+	</label></p>
+	<p><label for="<?php echo $this->get_field_id('number'); ?>">
+	<?php _e('Number to show:'); ?>
+	<input type="text" class="widefat" id="<?php echo $this->get_field_id('number'); ?>" name="<?php echo $this->get_field_name('number'); ?>" value="<?php echo esc_attr($instance['number']); ?>" size="4" />
+	</label></p>
+	<p><label for="<?php echo $this->get_field_id('format'); ?>">
+	<?php _e('Display Format:'); ?>
+	<select class="widefat" size="1" id="<?php echo $this->get_field_id('format'); ?>" name="<?php echo $this->get_field_name('format'); ?>">
+		<option value="flat" <?php selected($format, 'flat') ?>><?php _e('Flat'); ?></option>
+		<option value="list" <?php selected($format, 'list') ?>><?php _e('List'); ?></option>
+	</select></label></p>
+	<p><label for="<?php echo $this->get_field_id('orderby'); ?>">
+	<?php _e('Order By:'); ?>
+	<select class="widefat" size="1" id="<?php echo $this->get_field_id('orderby'); ?>" name="<?php echo $this->get_field_name('orderby'); ?>">
+		<option value="name" <?php selected($orderby, 'name') ?>><?php _e('Name'); ?></option>
+		<option value="count" <?php selected($orderby, 'count') ?>><?php _e('Count'); ?></option>
+	</select></label></p>
+	<p><label for="<?php echo $this->get_field_id('order'); ?>">
+	<?php _e('Order:'); ?>
+	<select class="widefat" size="1" id="<?php echo $this->get_field_id('order'); ?>" name="<?php echo $this->get_field_name('order'); ?>">
+		<option value="ASC" <?php selected($order, 'ASC' )?>><?php _e('Ascending'); ?></option>
+		<option value="DESC" <?php selected($order, 'DESC') ?>><?php _e('Descending'); ?></option>
+	</select></label></p>
+	
 <?php
 	}
 }