Index: wp-content/themes/twentyeleven/404.php
===================================================================
--- wp-content/themes/twentyeleven/404.php	(revision 29396)
+++ wp-content/themes/twentyeleven/404.php	(working copy)
@@ -34,7 +34,7 @@
 					<?php
 					/* translators: %1$s: smilie */
 					$archive_content = '<p>' . sprintf( __( 'Try looking in the monthly archives. %1$s', 'twentyeleven' ), convert_smilies( ':)' ) ) . '</p>';
-					the_widget( 'WP_Widget_Archives', array('count' => 0 , 'dropdown' => 1 ), array( 'after_title' => '</h2>'.$archive_content ) );
+					the_widget( 'WP_Widget_Archives', array( 'count' => 0, 'dropdown' => 1 ), array( 'after_title' => '</h2>' . $archive_content ) );
 					?>
 
 					<?php the_widget( 'WP_Widget_Tag_Cloud' ); ?>
Index: wp-content/themes/twentyeleven/author.php
===================================================================
--- wp-content/themes/twentyeleven/author.php	(revision 29396)
+++ wp-content/themes/twentyeleven/author.php	(working copy)
@@ -26,7 +26,7 @@
 				?>
 
 				<header class="page-header">
-					<h1 class="page-title author"><?php printf( __( 'Author Archives: %s', 'twentyeleven' ), '<span class="vcard"><a class="url fn n" href="' . esc_url( get_author_posts_url( get_the_author_meta( "ID" ) ) ) . '" title="' . esc_attr( get_the_author() ) . '" rel="me">' . get_the_author() . '</a></span>' ); ?></h1>
+					<h1 class="page-title author"><?php printf( __( 'Author Archives: %s', 'twentyeleven' ), '<span class="vcard"><a class="url fn n" href="' . esc_url( get_author_posts_url( get_the_author_meta( 'ID' ) ) ) . '" title="' . esc_attr( get_the_author() ) . '" rel="me">' . get_the_author() . '</a></span>' ); ?></h1>
 				</header>
 
 				<?php
Index: wp-content/themes/twentyeleven/content-image.php
===================================================================
--- wp-content/themes/twentyeleven/content-image.php	(revision 29396)
+++ wp-content/themes/twentyeleven/content-image.php	(working copy)
@@ -20,7 +20,7 @@
 
 			<?php if ( comments_open() && ! post_password_required() ) : ?>
 			<div class="comments-link">
-				<?php comments_popup_link( '<span class="leave-reply">' . __( "Reply", 'twentyeleven' ) . '</span>', _x( '1', 'comments number', 'twentyeleven' ), _x( '%', 'comments number', 'twentyeleven' ) ); ?>
+				<?php comments_popup_link( '<span class="leave-reply">' . __( 'Reply', 'twentyeleven' ) . '</span>', _x( '1', 'comments number', 'twentyeleven' ), _x( '%', 'comments number', 'twentyeleven' ) ); ?>
 			</div>
 			<?php endif; ?>
 		</header><!-- .entry-header -->
Index: wp-content/themes/twentyeleven/functions.php
===================================================================
--- wp-content/themes/twentyeleven/functions.php	(revision 29396)
+++ wp-content/themes/twentyeleven/functions.php	(working copy)
@@ -332,13 +332,12 @@
 		<?php
 		$color = get_header_textcolor();
 		$image = get_header_image();
+		$style = 'display: none;';
 		if ( $color && $color != 'blank' )
-			$style = ' style="color:#' . $color . '"';
-		else
-			$style = ' style="display:none"';
+			$style = 'color: #' . $color . ';';
 		?>
-		<h1 class="displaying-header-text"><a id="name"<?php echo $style; ?> onclick="return false;" href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php bloginfo( 'name' ); ?></a></h1>
-		<div id="desc" class="displaying-header-text"<?php echo $style; ?>><?php bloginfo( 'description' ); ?></div>
+		<h1 class="displaying-header-text"><a id="name" style="<?php echo esc_attr( $style ); ?>" onclick="return false;" href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php bloginfo( 'name' ); ?></a></h1>
+		<div id="desc" class="displaying-header-text" style="<?php echo esc_attr( $style ); ?>"><?php bloginfo( 'description' ); ?></div>
 		<?php if ( $image ) : ?>
 			<img src="<?php echo esc_url( $image ); ?>" alt="" />
 		<?php endif; ?>
@@ -443,7 +442,7 @@
 		'name' => __( 'Main Sidebar', 'twentyeleven' ),
 		'id' => 'sidebar-1',
 		'before_widget' => '<aside id="%1$s" class="widget %2$s">',
-		'after_widget' => "</aside>",
+		'after_widget' => '</aside>',
 		'before_title' => '<h3 class="widget-title">',
 		'after_title' => '</h3>',
 	) );
@@ -453,7 +452,7 @@
 		'id' => 'sidebar-2',
 		'description' => __( 'The sidebar for the optional Showcase Template', 'twentyeleven' ),
 		'before_widget' => '<aside id="%1$s" class="widget %2$s">',
-		'after_widget' => "</aside>",
+		'after_widget' => '</aside>',
 		'before_title' => '<h3 class="widget-title">',
 		'after_title' => '</h3>',
 	) );
@@ -463,7 +462,7 @@
 		'id' => 'sidebar-3',
 		'description' => __( 'An optional widget area for your site footer', 'twentyeleven' ),
 		'before_widget' => '<aside id="%1$s" class="widget %2$s">',
-		'after_widget' => "</aside>",
+		'after_widget' => '</aside>',
 		'before_title' => '<h3 class="widget-title">',
 		'after_title' => '</h3>',
 	) );
@@ -473,7 +472,7 @@
 		'id' => 'sidebar-4',
 		'description' => __( 'An optional widget area for your site footer', 'twentyeleven' ),
 		'before_widget' => '<aside id="%1$s" class="widget %2$s">',
-		'after_widget' => "</aside>",
+		'after_widget' => '</aside>',
 		'before_title' => '<h3 class="widget-title">',
 		'after_title' => '</h3>',
 	) );
@@ -483,7 +482,7 @@
 		'id' => 'sidebar-5',
 		'description' => __( 'An optional widget area for your site footer', 'twentyeleven' ),
 		'before_widget' => '<aside id="%1$s" class="widget %2$s">',
-		'after_widget' => "</aside>",
+		'after_widget' => '</aside>',
 		'before_title' => '<h3 class="widget-title">',
 		'after_title' => '</h3>',
 	) );
@@ -578,7 +577,7 @@
 	}
 
 	if ( $class )
-		echo 'class="' . $class . '"';
+		echo 'class="' . esc_attr( $class ) . '"';
 }
 
 if ( ! function_exists( 'twentyeleven_comment' ) ) :
@@ -714,7 +713,7 @@
 	if ( function_exists( 'get_post_galleries' ) ) {
 		$galleries = get_post_galleries( get_the_ID(), false );
 		if ( isset( $galleries[0]['ids'] ) )
-		 	$images = explode( ',', $galleries[0]['ids'] );
+			$images = explode( ',', $galleries[0]['ids'] );
 	} else {
 		$pattern = get_shortcode_regex();
 		preg_match( "/$pattern/s", get_the_content(), $match );
Index: wp-content/themes/twentyeleven/header.php
===================================================================
--- wp-content/themes/twentyeleven/header.php	(revision 29396)
+++ wp-content/themes/twentyeleven/header.php	(working copy)
@@ -36,11 +36,11 @@
 	// Add the blog description for the home/front page.
 	$site_description = get_bloginfo( 'description', 'display' );
 	if ( $site_description && ( is_home() || is_front_page() ) )
-		echo " | $site_description";
+		echo esc_html( " | $site_description" );
 
 	// Add a page number if necessary:
 	if ( ( $paged >= 2 || $page >= 2 ) && ! is_404() )
-		echo ' | ' . sprintf( __( 'Page %s', 'twentyeleven' ), max( $paged, $page ) );
+		echo esc_html( ' | ' . sprintf( __( 'Page %s', 'twentyeleven' ), max( $paged, $page ) ) );
 
 	?></title>
 <link rel="profile" href="http://gmpg.org/xfn/11" />
@@ -111,7 +111,7 @@
 							$header_image_height = HEADER_IMAGE_HEIGHT;
 						}
 						?>
-					<img src="<?php header_image(); ?>" width="<?php echo $header_image_width; ?>" height="<?php echo $header_image_height; ?>" alt="" />
+					<img src="<?php esc_url( header_image() ); ?>" width="<?php echo esc_attr( $header_image_width ); ?>" height="<?php echo esc_attr( $header_image_height ); ?>" alt="" />
 				<?php endif; // end check for featured image or standard header ?>
 			</a>
 			<?php endif; // end check for removed header image ?>
Index: wp-content/themes/twentyeleven/image.php
===================================================================
--- wp-content/themes/twentyeleven/image.php	(revision 29396)
+++ wp-content/themes/twentyeleven/image.php	(working copy)
@@ -66,7 +66,7 @@
 			$next_attachment_url = get_attachment_link( $attachments[ $k ]->ID );
 		else
 			// or get the URL of the first image attachment
-			$next_attachment_url = get_attachment_link( $attachments[ 0 ]->ID );
+			$next_attachment_url = get_attachment_link( $attachments[0]->ID );
 	} else {
 		// or, if there's only 1 image, get the URL of the image
 		$next_attachment_url = wp_get_attachment_url();
Index: wp-content/themes/twentyeleven/inc/theme-options.php
===================================================================
--- wp-content/themes/twentyeleven/inc/theme-options.php	(revision 29396)
+++ wp-content/themes/twentyeleven/inc/theme-options.php	(working copy)
@@ -218,7 +218,7 @@
 	);
 
 	if ( is_rtl() )
- 		$default_theme_options['theme_layout'] = 'sidebar-content';
+		$default_theme_options['theme_layout'] = 'sidebar-content';
 
 	/**
 	 * Filter the Twenty Eleven default options.
@@ -277,7 +277,7 @@
 		<input type="hidden" id="default-color-<?php echo esc_attr( $scheme['value'] ); ?>" value="<?php echo esc_attr( $scheme['default_link_color'] ); ?>" />
 		<span>
 			<img src="<?php echo esc_url( $scheme['thumbnail'] ); ?>" width="136" height="122" alt="" />
-			<?php echo $scheme['label']; ?>
+			<?php echo esc_html( $scheme['label'] ); ?>
 		</span>
 	</label>
 	</div>
@@ -316,7 +316,7 @@
 			<input type="radio" name="twentyeleven_theme_options[theme_layout]" value="<?php echo esc_attr( $layout['value'] ); ?>" <?php checked( $options['theme_layout'], $layout['value'] ); ?> />
 			<span>
 				<img src="<?php echo esc_url( $layout['thumbnail'] ); ?>" width="136" height="122" alt="" />
-				<?php echo $layout['label']; ?>
+				<?php echo esc_html( $layout['label'] ); ?>
 			</span>
 		</label>
 		</div>
@@ -562,7 +562,7 @@
 	$layouts = twentyeleven_layouts();
 	$choices = array();
 	foreach ( $layouts as $layout ) {
-		$choices[$layout['value']] = $layout['label'];
+		$choices[ $layout['value'] ] = $layout['label'];
 	}
 
 	$wp_customize->add_control( 'twentyeleven_theme_options[theme_layout]', array(
Index: wp-content/themes/twentyeleven/inc/widgets.php
===================================================================
--- wp-content/themes/twentyeleven/inc/widgets.php	(revision 29396)
+++ wp-content/themes/twentyeleven/inc/widgets.php	(working copy)
@@ -22,9 +22,9 @@
 		$this->WP_Widget( 'widget_twentyeleven_ephemera', __( 'Twenty Eleven Ephemera', 'twentyeleven' ), $widget_ops );
 		$this->alt_option_name = 'widget_twentyeleven_ephemera';
 
-		add_action( 'save_post', array(&$this, 'flush_widget_cache' ) );
-		add_action( 'deleted_post', array(&$this, 'flush_widget_cache' ) );
-		add_action( 'switch_theme', array(&$this, 'flush_widget_cache' ) );
+		add_action( 'save_post', array( &$this, 'flush_widget_cache' ) );
+		add_action( 'deleted_post', array( &$this, 'flush_widget_cache' ) );
+		add_action( 'switch_theme', array( &$this, 'flush_widget_cache' ) );
 	}
 
 	/**
@@ -38,40 +38,39 @@
 	function widget( $args, $instance ) {
 		$cache = wp_cache_get( 'widget_twentyeleven_ephemera', 'widget' );
 
-		if ( !is_array( $cache ) )
+		if ( ! is_array( $cache ) )
 			$cache = array();
 
 		if ( ! isset( $args['widget_id'] ) )
 			$args['widget_id'] = null;
 
-		if ( isset( $cache[$args['widget_id']] ) ) {
-			echo $cache[$args['widget_id']];
+		if ( isset( $cache[ $args['widget_id'] ] ) ) {
+			echo $cache[ $args['widget_id'] ];
 			return;
 		}
 
 		ob_start();
-		extract( $args, EXTR_SKIP );
 
 		/** This filter is documented in wp-includes/default-widgets.php */
-		$title = apply_filters( 'widget_title', empty( $instance['title'] ) ? __( 'Ephemera', 'twentyeleven' ) : $instance['title'], $instance, $this->id_base);
+		$args['title'] = apply_filters( 'widget_title', empty( $instance['title'] ) ? __( 'Ephemera', 'twentyeleven' ) : $instance['title'], $instance, $this->id_base );
 
 		if ( ! isset( $instance['number'] ) )
 			$instance['number'] = '10';
 
-		if ( ! $number = absint( $instance['number'] ) )
- 			$number = 10;
+		if ( ! $args['number'] = absint( $instance['number'] ) )
+			$args['number'] = 10;
 
 		$ephemera_args = array(
-			'order' => 'DESC',
-			'posts_per_page' => $number,
-			'no_found_rows' => true,
-			'post_status' => 'publish',
-			'post__not_in' => get_option( 'sticky_posts' ),
-			'tax_query' => array(
+			'order'          => 'DESC',
+			'posts_per_page' => $args['number'],
+			'no_found_rows'  => true,
+			'post_status'    => 'publish',
+			'post__not_in'   => get_option( 'sticky_posts' ),
+			'tax_query'      => array(
 				array(
 					'taxonomy' => 'post_format',
-					'terms' => array( 'post-format-aside', 'post-format-link', 'post-format-status', 'post-format-quote' ),
-					'field' => 'slug',
+					'terms'    => array( 'post-format-aside', 'post-format-link', 'post-format-status', 'post-format-quote' ),
+					'field'    => 'slug',
 					'operator' => 'IN',
 				),
 			),
@@ -79,10 +78,10 @@
 		$ephemera = new WP_Query( $ephemera_args );
 
 		if ( $ephemera->have_posts() ) :
-			echo $before_widget;
-			echo $before_title;
-			echo $title; // Can set this with a widget option, or omit altogether
-			echo $after_title;
+			echo $args['before_widget'];
+			echo $args['before_title'];
+			echo $args['title'];
+			echo $args['after_title'];
 			?>
 			<ol>
 			<?php while ( $ephemera->have_posts() ) : $ephemera->the_post(); ?>
@@ -111,7 +110,7 @@
 			</ol>
 			<?php
 
-			echo $after_widget;
+			echo $args['after_widget'];
 
 			// Reset the post globals as this query will have stomped on it
 			wp_reset_postdata();
@@ -119,7 +118,7 @@
 		// end check for ephemeral posts
 		endif;
 
-		$cache[$args['widget_id']] = ob_get_flush();
+		$cache[ $args['widget_id'] ] = ob_get_flush();
 		wp_cache_set( 'widget_twentyeleven_ephemera', $cache, 'widget' );
 	}
 
Index: wp-content/themes/twentyeleven/showcase.php
===================================================================
--- wp-content/themes/twentyeleven/showcase.php	(revision 29396)
+++ wp-content/themes/twentyeleven/showcase.php	(working copy)
@@ -105,7 +105,7 @@
 					}
 					?>
 
-					<section class="featured-post <?php echo $feature_class; ?>" id="featured-post-<?php echo $counter_slider; ?>">
+					<section class="featured-post <?php echo esc_attr( $feature_class ); ?>" id="featured-post-<?php echo esc_attr( $counter_slider ); ?>">
 
 						<?php
 							/*
@@ -135,20 +135,20 @@
 					<?php
 
 						// Reset the counter so that we end up with matching elements
-				    	$counter_slider = 0;
+						$counter_slider = 0;
 
 						// Begin from zero
-				    	rewind_posts();
+						rewind_posts();
 
 						// Let's roll again.
-				    	while ( $featured->have_posts() ) : $featured->the_post();
-				    		$counter_slider++;
+						while ( $featured->have_posts() ) : $featured->the_post();
+							$counter_slider++;
 							if ( 1 == $counter_slider )
-								$class = 'class="active"';
+								$class = ' class="active"';
 							else
 								$class = '';
-				    	?>
-						<li><a href="#featured-post-<?php echo $counter_slider; ?>" title="<?php echo esc_attr( sprintf( __( 'Featuring: %s', 'twentyeleven' ), the_title_attribute( 'echo=0' ) ) ); ?>" <?php echo $class; ?>></a></li>
+						?>
+						<li><a href="#featured-post-<?php echo esc_attr( $counter_slider ); ?>" title="<?php echo esc_attr( sprintf( __( 'Featuring: %s', 'twentyeleven' ), the_title_attribute( 'echo=0' ) ) ); ?>"<?php echo $class; ?>></a></li>
 					<?php endwhile;	?>
 					</ul>
 				</nav>