Index: wp-includes/link-template.php
===================================================================
--- wp-includes/link-template.php	(revision 10815)
+++ wp-includes/link-template.php	(working copy)
@@ -940,11 +940,11 @@
 	$title = apply_filters('the_title', $title, $post);
 
 	$link = $previous ? "<link rel='prev' title='" : "<link rel='next' title='";
-	$link .= $title;
+	$link .= attribute_escape( $title );
 	$link .= "' href='" . get_permalink($post) . "' />\n";
 
-        $adjacent = $previous ? 'previous' : 'next';
-        return apply_filters( "{$adjacent}_post_rel_link", $link );
+	$adjacent = $previous ? 'previous' : 'next';
+	return apply_filters( "{$adjacent}_post_rel_link", $link );
 }
 
 /**
@@ -1001,36 +1001,34 @@
  * @return object
  */
 function get_boundary_post($in_same_cat = false, $excluded_categories = '', $start = true) {
-        global $post, $wpdb;
+	global $post, $wpdb;
 
-        if( empty($post) || !is_single() || is_attachment() )
-                return null;
+	if ( empty($post) || !is_single() || is_attachment() )
+		return null;
 
 	$cat_array = array();
 	$excluded_categories = array();
-        if ( !empty($in_same_cat) || !empty($excluded_categories) ) {
-                if ( !empty($in_same_cat) ) {
-                        $cat_array = wp_get_object_terms($post->ID, 'category', 'fields=ids');
-                }
+	if ( !empty($in_same_cat) || !empty($excluded_categories) ) {
+		if ( !empty($in_same_cat) ) {
+			$cat_array = wp_get_object_terms($post->ID, 'category', 'fields=ids');
+		}
 
-                if ( !empty($excluded_categories) ) {
-                        $excluded_categories = array_map('intval', explode(',', $excluded_categories));
+		if ( !empty($excluded_categories) ) {
+			$excluded_categories = array_map('intval', explode(',', $excluded_categories));
 
-                        if ( !empty($cat_array) ) {
-                                $excluded_categories = array_diff($excluded_categories, $cat_array);
-                        }
+			if ( !empty($cat_array) )
+				$excluded_categories = array_diff($excluded_categories, $cat_array);
 
-                        $inverse_cats = array();
-                        foreach ( $excluded_categories as $excluded_category) {
-                                $inverse_cats[] = $excluded_category * -1;
-                        }
-                        $excluded_categories = $inverse_cats;
-                }
-        }
+			$inverse_cats = array();
+			foreach ( $excluded_categories as $excluded_category)
+				$inverse_cats[] = $excluded_category * -1;
+			$excluded_categories = $inverse_cats;
+		}
+	}
 
 	$categories = array_merge($cat_array, $excluded_categories);
 
-        $order = $start ? 'ASC' : 'DESC';
+	$order = $start ? 'ASC' : 'DESC';
 
 	return get_posts("numberposts=1&order=$order&orderby=ID&category=$categories");
 }
@@ -1049,28 +1047,28 @@
  * @return string
  */
 function get_boundary_post_rel_link($title = '%title', $in_same_cat = false, $excluded_categories = '', $start = true) {
-        $posts = get_boundary_post($in_same_cat,$excluded_categories,$start);
+	$posts = get_boundary_post($in_same_cat,$excluded_categories,$start);
 	// Even though we limited get_posts to return only 1 item it still returns an array of objects.  
 	$post = $posts[0];	
 
-        if ( empty($post) )
-                return;
+	if ( empty($post) )
+		return;
 
-        if ( empty($post->post_title) )
-                $post->post_title = $start ? __('First Post') : __('Last Post');
+	if ( empty($post->post_title) )
+		$post->post_title = $start ? __('First Post') : __('Last Post');
 
-        $date = mysql2date(get_option('date_format'), $post->post_date);
+	$date = mysql2date(get_option('date_format'), $post->post_date);
 
-        $title = str_replace('%title', $post->post_title, $title);
-        $title = str_replace('%date', $date, $title);
-        $title = apply_filters('the_title', $title, $post);
+	$title = str_replace('%title', $post->post_title, $title);
+	$title = str_replace('%date', $date, $title);
+	$title = apply_filters('the_title', $title, $post);
 
-        $link = $start ? "<link rel='start' title='" : "<link rel='end' title='";
-        $link .= $title;
-        $link .= "' href='" . get_permalink($post) . "' />\n";
+	$link = $start ? "<link rel='start' title='" : "<link rel='end' title='";
+	$link .= attribute_escape( $title );
+	$link .= "' href='" . get_permalink($post) . "' />\n";
 
-        $boundary = $start ? 'start' : 'end';
-        return apply_filters( "{$boundary}_post_rel_link", $link );
+	$boundary = $start ? 'start' : 'end';
+	return apply_filters( "{$boundary}_post_rel_link", $link );
 }
 
 /**
@@ -1094,7 +1092,7 @@
  * @return string
  */
 function get_index_rel_link() {
-	$link = "<link rel='index' title='" . get_bloginfo('name') . "' href='" . get_bloginfo('siteurl') . "' />\n";
+	$link = "<link rel='index' title='" . attribute_escape( get_bloginfo('name') ) . "' href='" . get_bloginfo('siteurl') . "' />\n";
 	return apply_filters( "index_rel_link", $link );
 }
 
@@ -1122,17 +1120,17 @@
 	if ( empty($post) )
 		return;
 
-        $date = mysql2date(get_option('date_format'), $post->post_date);
+	$date = mysql2date(get_option('date_format'), $post->post_date);
 
-        $title = str_replace('%title', $post->post_title, $title);
-        $title = str_replace('%date', $date, $title);
-        $title = apply_filters('the_title', $title, $post);
+	$title = str_replace('%title', $post->post_title, $title);
+	$title = str_replace('%date', $date, $title);
+	$title = apply_filters('the_title', $title, $post);
 
-        $link = "<link rel='up' title='";
-        $link .= $title;
-        $link .= "' href='" . get_permalink($post) . "' />\n";
+	$link = "<link rel='up' title='";
+	$link .= attribute_escape( $title );
+	$link .= "' href='" . get_permalink($post) . "' />\n";
 
-        return apply_filters( "parent_post_rel_link", $link );
+	return apply_filters( "parent_post_rel_link", $link );
 }
 
 /**