--- ./files/patch-lib__MT.pm	1970-01-01 09:00:00.000000000 +0900
+++ ./files/patch-lib__MT.pm	2015-02-13 11:22:45.000000000 +0900
@@ -0,0 +1,31 @@ 
+--- lib/MT.pm.orig	2014-12-11 01:28:20.000000000 +0900
++++ lib/MT.pm	2015-02-13 11:22:27.000000000 +0900
+@@ -39,8 +39,8 @@
+         )
+         = (
+         'Movable Type',   'MT',
+-        '5.2.11',              '5.2.11-ru',
+-        '11', 'http://movable-type.ru/'
++        '5.2.12',              '5.2.12-ru',
++        '12', 'http://movable-type.ru/'
+         );
+ 
+   # To allow MT to run straight from svn, if no build process (pre-processing)
+@@ -56,7 +56,7 @@
+     }
+ 
+     if ( $RELEASE_NUMBER eq '__RELEASE' . '_NUMBER__' ) {
+-        $RELEASE_NUMBER = 11;
++        $RELEASE_NUMBER = 12;
+     }
+ 
+     $DebugMode = 0;
+@@ -124,7 +124,7 @@
+ }
+ 
+ sub build_id {
+-    my $build_id = '5.2.11-ru';
++    my $build_id = '5.2.12-ru';
+     $build_id = '' if $build_id eq '__BUILD_' . 'ID__';
+     return $build_id;
+ }
--- ./files/patch-lib__MT__App__Upgrader.pm	1970-01-01 09:00:00.000000000 +0900
+++ ./files/patch-lib__MT__App__Upgrader.pm	2015-02-13 11:12:16.000000000 +0900
@@ -0,0 +1,13 @@ 
+--- lib/MT/App/Upgrader.pm.orig	2014-12-11 01:26:51.000000000 +0900
++++ lib/MT/App/Upgrader.pm	2015-02-13 11:11:10.000000000 +0900
+@@ -671,6 +671,10 @@
+         $data = pack 'H*', $data;
+         require MT::Serialize;
+         my $ser    = MT::Serialize->new('MT');
++        my $ser_ver = $ser->serializer_version($data);
++        if ( !$ser_ver || $ser_ver != $MT::Serialize::SERIALIZER_VERSION ) {
++            die $app->translate('Invalid parameter.');
++        }
+         my $thawed = $ser->unserialize($data);
+         if ($thawed) {
+             my $saved_cfg = $$thawed;
--- ./files/patch-lib__MT__App__Wizard.pm	1970-01-01 09:00:00.000000000 +0900
+++ ./files/patch-lib__MT__App__Wizard.pm	2015-02-13 11:13:46.000000000 +0900
@@ -0,0 +1,13 @@ 
+--- lib/MT/App/Wizard.pm.orig	2014-12-11 01:26:51.000000000 +0900
++++ lib/MT/App/Wizard.pm	2015-02-13 11:13:16.000000000 +0900
+@@ -1252,6 +1252,10 @@
+         $data = pack 'H*', $data;
+         require MT::Serialize;
+         my $ser    = MT::Serialize->new('MT');
++        my $ser_ver = $ser->serializer_version($data);
++        if ( !$ser_ver || $ser_ver != $MT::Serialize::SERIALIZER_VERSION ) {
++            die $app->translate('Invalid parameter.');
++        }
+         my $thawed = $ser->unserialize($data);
+         if ($thawed) {
+             my $saved_cfg = $$thawed;
--- ./files/patch-lib__MT__BackupRestore__BackupFileHandler.pm	1970-01-01 09:00:00.000000000 +0900
+++ ./files/patch-lib__MT__BackupRestore__BackupFileHandler.pm	2015-02-13 11:15:16.000000000 +0900
@@ -0,0 +1,34 @@ 
+--- lib/MT/BackupRestore/BackupFileHandler.pm.orig	2014-12-11 01:26:51.000000000 +0900
++++ lib/MT/BackupRestore/BackupFileHandler.pm	2015-02-13 11:14:50.000000000 +0900
+@@ -409,6 +409,15 @@
+                 if ( 'blob' eq $defs->{$column_name}->{type} ) {
+                     $text = MIME::Base64::decode_base64($text);
+                     if ( substr( $text, 0, 4 ) eq 'SERG' ) {
++                        my $ser_ver
++                            = MT::Serialize->serializer_version($text);
++                        if ( $ser_ver == 3 ) {
++                            my $conf_ver = lc MT->config->Serializer;
++                            if ( ( $conf_ver ne 'storable' ) && ( $conf_ver ne 'mts' ) ) {
++                                $self->{critical} = 1;
++                                die MT->translate('Invalid serializer version was specified.');
++                            }
++                        }
+                         $text = MT::Serialize->unserialize($text);
+                         $obj->$column_name($$text);
+                     }
+@@ -424,6 +433,15 @@
+                 if ( my $type = $metacolumns->{$column_name} ) {
+                     if ( 'vblob' eq $type ) {
+                         $text = MIME::Base64::decode_base64($text);
++                        my $ser_ver
++                            = MT::Serialize->serializer_version($text);
++                        if ( $ser_ver == 3 ) {
++                            my $conf_ver = lc MT->config->Serializer;
++                            if ( ( $conf_ver ne 'storable' ) && ( $conf_ver ne 'mts' ) ) {
++                                $self->{critical} = 1;
++                                die MT->translate('Invalid serializer version was specified.');
++                            }
++                        }
+                         $text = MT::Serialize->unserialize($text);
+                         $obj->$column_name($$text);
+                     }
--- ./files/patch-lib__MT__Serialize.pm	1970-01-01 09:00:00.000000000 +0900
+++ ./files/patch-lib__MT__Serialize.pm	2015-02-13 11:21:36.000000000 +0900
@@ -0,0 +1,92 @@ 
+--- lib/MT/XMLRPCServer.pm.orig	2014-12-11 01:26:51.000000000 +0900
++++ lib/MT/XMLRPCServer.pm	2015-02-13 11:21:09.000000000 +0900
+@@ -495,7 +495,18 @@
+     }
+ 
+     _validate_params( [ $blog_id, $user, $pass, $publish ] ) or return;
+-    _validate_params( [ values %$item ] ) or return;
++    my $values;
++    foreach my $k ( keys %$item ) {
++        if ( 'categories' eq $k || 'mt_tb_ping_urls' eq $k ) {
++
++            # XMLRPC supports categories array and mt_tb_ping_urls array
++            _validate_params( \@{ $item->{$k} } ) or return;
++        }
++        else {
++            push @$values, $item->{$k};
++        }
++    }
++    _validate_params( \@$values ) or return;
+ 
+     $class->_new_entry(
+         blog_id => $blog_id,
+@@ -511,7 +522,18 @@
+     my ( $blog_id, $user, $pass, $item, $publish ) = @_;
+ 
+     _validate_params( [ $blog_id, $user, $pass, $publish ] ) or return;
+-    _validate_params( [ values %$item ] ) or return;
++    my $values;
++    foreach my $k ( keys %$item ) {
++        if ( 'mt_tb_ping_urls' eq $k ) {
++
++            # XMLRPC supports mt_tb_ping_urls array
++            _validate_params( \@{ $item->{$k} } ) or return;
++        }
++        else {
++            push @$values, $item->{$k};
++        }
++    }
++    _validate_params( \@$values ) or return;
+ 
+     $class->_new_entry(
+         blog_id => $blog_id,
+@@ -663,7 +685,18 @@
+     }
+ 
+     _validate_params( [ $entry_id, $user, $pass, $publish ] ) or return;
+-    _validate_params( [ values %$item ] ) or return;
++    my $values;
++    foreach my $k ( keys %$item ) {
++        if ( 'categories' eq $k || 'mt_tb_ping_urls' eq $k ) {
++
++            # XMLRPC supports categories array and mt_tb_ping_urls array
++            _validate_params( \@{ $item->{$k} } ) or return;
++        }
++        else {
++            push @$values, $item->{$k};
++        }
++    }
++    _validate_params( \@$values ) or return;
+ 
+     $class->_edit_entry(
+         entry_id => $entry_id,
+@@ -680,7 +713,18 @@
+ 
+     _validate_params( [ $blog_id, $entry_id, $user, $pass, $publish ] )
+         or return;
+-    _validate_params( [ values %$item ] ) or return;
++    my $values;
++    foreach my $k ( keys %$item ) {
++        if ( 'mt_tb_ping_urls' eq $k ) {
++
++            # XMLRPC supports mt_tb_ping_urls array
++            _validate_params( \@{ $item->{$k} } ) or return;
++        }
++        else {
++            push @$values, $item->{$k};
++        }
++    }
++    _validate_params( \@$values ) or return;
+ 
+     $class->_edit_entry(
+         blog_id  => $blog_id,
+@@ -1493,8 +1537,7 @@
+     }
+ 
+     my $local_file = File::Spec->catfile( $blog->site_path, $file->{name} );
+-    my $ext
+-        = ( File::Basename::fileparse( $local_file, qr/[A-Za-z0-9]+$/ ) )[2];
++    my $ext = ( File::Basename::fileparse( $local_file, qr/[A-Za-z0-9]+$/ ) )[2];
+     require MT::Asset::Image;
+     if ( MT::Asset::Image->can_handle($ext) ) {
+         require MT::Image;
--- ./files/patch-mt-check.cgi	1970-01-01 09:00:00.000000000 +0900
+++ ./files/patch-mt-check.cgi	2015-02-13 11:23:41.000000000 +0900
@@ -0,0 +1,14 @@ 
+--- mt-check.cgi.orig	2014-12-11 01:28:20.000000000 +0900
++++ mt-check.cgi	2015-02-13 11:23:25.000000000 +0900
+@@ -97,9 +97,9 @@
+ my $view    = $cgi->param("view");
+ my $version = $cgi->param("version");
+ my $sess_id = $cgi->param('session_id');
+-$version ||= '5.2.11-ru';
++$version ||= '5.2.12-ru';
+ if ( $version eq '__PRODUCT_VERSION' . '_ID__' ) {
+-    $version = '5.2.11';
++    $version = '5.2.12';
+ }
+ 
+ my ( $mt, $LH );
--- ./files/patch-mt-static__css__main.css	1970-01-01 09:00:00.000000000 +0900
+++ ./files/patch-mt-static__css__main.css	2015-02-13 11:24:44.000000000 +0900
@@ -0,0 +1,8 @@ 
+--- mt-static/css/main.css.orig	2014-12-11 01:28:23.000000000 +0900
++++ mt-static/css/main.css	2015-02-13 11:24:07.000000000 +0900
+@@ -1,4 +1,4 @@
+-/* Movable Type (r) Open Source (C) 2001-2014 Six Apart, Ltd.
++/* Movable Type (r) Open Source (C) 2001-2015 Six Apart, Ltd.
+  * This file is combined from multiple sources.  Consult the source files for their
+  * respective licenses and copyrights.
+  */html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;}body{margin:0;}h1,
--- ./files/patch-mt-static__css__simple.css	1970-01-01 09:00:00.000000000 +0900
+++ ./files/patch-mt-static__css__simple.css	2015-02-13 11:25:21.000000000 +0900
@@ -0,0 +1,8 @@ 
+--- mt-static/css/simple.css.orig	2014-12-11 01:28:24.000000000 +0900
++++ mt-static/css/simple.css	2015-02-13 11:25:05.000000000 +0900
+@@ -1,4 +1,4 @@
+-/* Movable Type (r) Open Source (C) 2001-2014 Six Apart, Ltd.
++/* Movable Type (r) Open Source (C) 2001-2015 Six Apart, Ltd.
+  * This file is combined from multiple sources.  Consult the source files for their
+  * respective licenses and copyrights.
+  */html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;}body{margin:0;}h1,
--- ./files/patch-mt-static__js__editor.js	1970-01-01 09:00:00.000000000 +0900
+++ ./files/patch-mt-static__js__editor.js	2015-02-13 11:25:58.000000000 +0900
@@ -0,0 +1,8 @@ 
+--- mt-static/js/editor.js.orig	2014-12-11 01:28:22.000000000 +0900
++++ mt-static/js/editor.js	2015-02-13 11:25:40.000000000 +0900
+@@ -1,4 +1,4 @@
+-/* Movable Type (r) Open Source (C) 2001-2014 Six Apart, Ltd.
++/* Movable Type (r) Open Source (C) 2001-2015 Six Apart, Ltd.
+  * This file is combined from multiple sources.  Consult the source files for their
+  * respective licenses and copyrights.
+  */;(function($){MT.EditorManager=function(){this.init.apply(this,arguments);};$.extend(MT.EditorManager,{editors:{},editorsForFormat:{},map:{},defaultWrapTag:'div',defaultWrapClass:'mt-editor-manager-wrap',register:function(id,editor){var thisConstructor=this;this.editors[id]=editor;$.each(editor.formatsForCurrentContext(),function(){if(!thisConstructor.editorsForFormat[this]){thisConstructor.editorsForFormat[this]=[];}
--- ./files/patch-mt-static_js_mt_core_compact.js	1970-01-01 09:00:00.000000000 +0900
+++ ./files/patch-mt-static_js_mt_core_compact.js	2015-02-13 11:26:34.000000000 +0900
@@ -0,0 +1,8 @@ 
+--- mt-static/js/mt_core_compact.js.orig	2014-12-11 01:28:22.000000000 +0900
++++ mt-static/js/mt_core_compact.js	2015-02-13 11:26:17.000000000 +0900
+@@ -1,4 +1,4 @@
+-/* Movable Type (r) Open Source (C) 2001-2014 Six Apart, Ltd.
++/* Movable Type (r) Open Source (C) 2001-2015 Six Apart, Ltd.
+  * This file is combined from multiple sources.  Consult the source files for their
+  * respective licenses and copyrights.
+  */defined=function(x){return x!==undefined;};exists=function(x){return(x===undefined||x===null)?false:true;};truth=function(x){return(x&&x!="0")?true:false;};finite=function(x){return isFinite(x)?x:0;};finiteInt=function(x,b){return finite(parseInt(x,b));};finiteFloat=function(x){return finite(parseFloat(x));};max=function(){var a=arguments;var n=a[0];for(var i=1;i<a.length;i++)
--- ./files/patch-php_mt.php	1970-01-01 09:00:00.000000000 +0900
+++ ./files/patch-php_mt.php	2015-02-13 11:27:17.000000000 +0900
@@ -0,0 +1,24 @@ 
+--- php/mt.php.orig	2014-12-11 01:28:20.000000000 +0900
++++ php/mt.php	2015-02-13 11:27:05.000000000 +0900
+@@ -11,7 +11,7 @@
+ require_once('lib/class.exception.php');
+ 
+ define('VERSION', '5.2');
+-define('PRODUCT_VERSION', '5.2.11');
++define('PRODUCT_VERSION', '5.2.12');
+ 
+ $PRODUCT_NAME = 'Movable Type';
+ if($PRODUCT_NAME == '__PRODUCT' . '_NAME__')
+@@ -20,10 +20,10 @@
+ 
+ $RELEASE_NUMBER = '11';
+ if ( $RELEASE_NUMBER == '__RELEASE_' . 'NUMBER__' )
+-    $RELEASE_NUMBER = 11;
++    $RELEASE_NUMBER = 12;
+ define('RELEASE_NUMBER', $RELEASE_NUMBER);
+ 
+-$PRODUCT_VERSION_ID = '5.2.11-ru';
++$PRODUCT_VERSION_ID = '5.2.12-ru';
+ if ( $PRODUCT_VERSION_ID == '__PRODUCT_' . 'VERSION_ID__' )
+     $PRODUCT_VERSION_ID = PRODUCT_VERSION;
+ $VERSION_STRING;