Nice find, guys. That there is a bug. fix_attachment_links() sends unescaped data to wp_update_post(), which doesn't escape any of its inputs. It would do to run $post->post_content through $wpdb->escape() before the last line of fix_attachment_links(). Andy