Index: wp-app.php
===================================================================
--- wp-app.php	(revision 5740)
+++ wp-app.php	(working copy)
@@ -427,6 +427,7 @@
 		$post_date_gmt = current_time('mysql', 1);
 
 		$post_data = compact('blog_ID', 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt');
+		$this->escape($post_data);
 
 		log_app('Inserting Post. Data:', print_r($post_data,true));
 
@@ -469,7 +470,6 @@
 		global $entry;
 		$entry = $GLOBALS['entry'];
 		$this->set_current_entry($postID);
-		$this->escape($GLOBALS['entry']);
 
 		if(!current_user_can('edit_post', $entry['ID']))
 			$this->auth_required(__('Sorry, you do not have the right to edit this post.'));
@@ -488,6 +488,7 @@
 		}
 
 		$postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt');
+		$this->escape($postdata);
 
 		$result = wp_update_post($postdata);
 
@@ -580,6 +581,7 @@
 			'post_mime_type' => $type,
 			'guid' => $url
 			);
+		$this->escape($attachment);
 
 		// Save the data
 		$postID = wp_insert_attachment($attachment, $file, $post);
@@ -610,8 +612,7 @@
 		// check for not found
 		global $entry;
 		$this->set_current_entry($postID);
-		$this->escape($entry);
-
+		
 		if(!current_user_can('edit_post', $entry['ID']))
 			$this->auth_required(__('Sorry, you do not have the right to edit this post.'));
 
@@ -623,6 +624,7 @@
 		$post_content = $parsed->content;
 
 		$postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt');
+		$this->escape($postdata);
 
 		$result = wp_update_post($postdata);