diff -r f507feede89a -r 09a1c134465b web/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
--- a/web/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php	Wed Dec 19 12:35:13 2012 -0800
+++ b/web/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php	Wed Dec 19 17:46:52 2012 -0800
@@ -50,7 +50,9 @@
 		return $osug;
 	}
 
-	function &_getMatches($lang, $str) {
+	protected function &_getMatches($lang, $str) {
+		$lang = preg_replace('/[^a-z\-]/i', '', $lang);
+		$str = preg_replace('/[\x00-\x1F\x7F]/', '', $str);
 		$server = "www.google.com";
 		$port = 443;
 		$path = "/tbproxy/spell?lang=" . $lang . "&hl=en";
@@ -105,7 +107,7 @@
 		return $matches;
 	}
 
-	function _unhtmlentities($string) {
+	protected function _unhtmlentities($string) {
 		$string = preg_replace('~&#x([0-9a-f]+);~ei', 'chr(hexdec("\\1"))', $string);
 		$string = preg_replace('~&#([0-9]+);~e', 'chr(\\1)', $string);